Bug#853469: marked as done (unblock: libarchive/3.2.1-6)

Tue, 31 Jan 2017 12:39:48 -0800 

Your message dated Tue, 31 Jan 2017 20:34:00 +0000
with message-id <e4354b6b-750e-4b76-a05c-4bd2a461c...@thykier.net>
and subject line Re: Bug#853469: unblock: libarchive/3.2.1-6
has caused the Debian Bug report #853469,
regarding unblock: libarchive/3.2.1-6
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
853469: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853469
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock

Please unblock package libarchive

Fixes CVE-2017-5601 by cherry-picking a single upstream commit.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853278

unblock libarchive/3.2.1-6

-- System Information:
Debian Release: 9.0
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

diff --git a/debian/changelog b/debian/changelog
index e1386ce6..289df2d0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+libarchive (3.2.1-6) unstable; urgency=medium
+
+  * Add 
debian/patches/Fail-with-negative-lha-compsize-in-lha_read_file_header_1.patch
+    - Cherry-pick upstream commit 98dcbbf0bf4854bf987557
+      "Fail with negative lha->compsize in lha_read_file_header_1()"
+      Secunia SA74169, CVE-2017-5601 (Closes: #853278)
+
+ -- Andreas Henriksson <andr...@fatal.se>  Tue, 31 Jan 2017 10:25:56 +0100
+
 libarchive (3.2.1-5) unstable; urgency=medium
 
   * Cherry-pick upstream commits 7f17c791, eec077f5, e37b620f
diff --git 
a/debian/patches/Fail-with-negative-lha-compsize-in-lha_read_file_header_1.patch
 
b/debian/patches/Fail-with-negative-lha-compsize-in-lha_read_file_header_1.patch
new file mode 100644
index 00000000..3b35e267
--- /dev/null
+++ 
b/debian/patches/Fail-with-negative-lha-compsize-in-lha_read_file_header_1.patch
@@ -0,0 +1,23 @@
+From: Martin Matuska <mar...@matuska.org>
+Date: Thu, 19 Jan 2017 22:00:18 +0100
+Subject: Fail with negative lha->compsize in lha_read_file_header_1() Fixes a
+ heap buffer overflow reported in Secunia SA74169
+
+---
+ libarchive/archive_read_support_format_lha.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/libarchive/archive_read_support_format_lha.c 
b/libarchive/archive_read_support_format_lha.c
+index c359d83e..1a5617fa 100644
+--- a/libarchive/archive_read_support_format_lha.c
++++ b/libarchive/archive_read_support_format_lha.c
+@@ -924,6 +924,9 @@ lha_read_file_header_1(struct archive_read *a, struct lha 
*lha)
+       /* Get a real compressed file size. */
+       lha->compsize -= extdsize - 2;
+ 
++      if (lha->compsize < 0)
++              goto invalid;   /* Invalid compressed file size */
++
+       if (sum_calculated != headersum) {
+               archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
+                   "LHa header sum error");
diff --git a/debian/patches/series b/debian/patches/series
index 24a6b0a7..68f4950f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -11,3 +11,4 @@ Correct-the-usage-of-PATH_MAX-as-reported-in-Issue-744.patch
 Issue-761-Heap-overflow-reading-corrupted-7Zip-files.patch
 Issue-747-and-others-Avoid-OOB-read-when-parsing-multiple.patch
 Issue-767-Buffer-overflow-printing-a-filename.patch
+Fail-with-negative-lha-compsize-in-lha_read_file_header_1.patch

--- End Message ---
--- Begin Message --- 
Andreas Henriksson:
> Package: release.debian.org
> Severity: normal
> User: release.debian....@packages.debian.org
> Usertags: unblock
> 
> Please unblock package libarchive
> 
> Fixes CVE-2017-5601 by cherry-picking a single upstream commit.
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853278
> 
> unblock libarchive/3.2.1-6
> 
> [...]

Unblocked and aged, thanks.

~Niels

--- End Message ---

Reply via email to