Bug#1007938: marked as done (buster-pu: package cups/2.2.10-6+deb10u5)

Debian Bug Tracking System Sat, 26 Mar 2022 05:17:39 -0700

Your message dated Sat, 26 Mar 2022 12:02:22 +0000
with message-id 
<540de30a27d37c3ff416b94b1adf7ff2a2cab257.ca...@adam-barratt.org.uk>
and subject line Closing requests for updates in 10.12
has caused the Debian Bug report #1007938,
regarding buster-pu: package cups/2.2.10-6+deb10u5
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1007938: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007938
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian....@packages.debian.org
Usertags: pu

The attached debdiff for cups fixes CVE-2020-10001 in Buster. This CVE hasbeen marked as no-dsa by the security team.

The same patch has been uploaded to Stretch already and nobody complainedyet.


  Thorsten

diff -Nru cups-2.2.10/debian/changelog cups-2.2.10/debian/changelog
--- cups-2.2.10/debian/changelog        2020-11-28 12:09:48.000000000 +0100
+++ cups-2.2.10/debian/changelog        2022-02-23 22:03:02.000000000 +0100
@@ -1,3 +1,12 @@
+cups (2.2.10-6+deb10u5) buster; urgency=medium
+
+  * Non-maintainer upload by the LTS Team.
+  * CVE-2020-10001.patch
+    An input validation issue might allow a malicious application
+    to read restricted memory.
+
+ -- Thorsten Alteholz <deb...@alteholz.de>  Wed, 23 Feb 2022 22:03:02 +0100
+
 cups (2.2.10-6+deb10u4) buster; urgency=medium
 
   * Backport upstream fix:
diff -Nru cups-2.2.10/debian/.git-dpm cups-2.2.10/debian/.git-dpm
--- cups-2.2.10/debian/.git-dpm 2020-11-28 12:09:48.000000000 +0100
+++ cups-2.2.10/debian/.git-dpm 2022-02-23 22:03:02.000000000 +0100
@@ -1,6 +1,6 @@
 # see git-dpm(1) from git-dpm package
-e512765460ec633ad43872436b243021f252a69a
-e512765460ec633ad43872436b243021f252a69a
+cd650ee595b7905afba01cfe9c4479823f22704d
+cd650ee595b7905afba01cfe9c4479823f22704d
 25b2338346ef3abbb93ea88476887cba7b2b86f8
 25b2338346ef3abbb93ea88476887cba7b2b86f8
 cups_2.2.10.orig.tar.gz
diff -Nru cups-2.2.10/debian/patches/0053-CVE-2020-10001.patch 
cups-2.2.10/debian/patches/0053-CVE-2020-10001.patch
--- cups-2.2.10/debian/patches/0053-CVE-2020-10001.patch        1970-01-01 
01:00:00.000000000 +0100
+++ cups-2.2.10/debian/patches/0053-CVE-2020-10001.patch        2022-02-23 
22:03:02.000000000 +0100
@@ -0,0 +1,49 @@
+From cd650ee595b7905afba01cfe9c4479823f22704d Mon Sep 17 00:00:00 2001
+From: Thorsten Alteholz <deb...@alteholz.de>
+Date: Sat, 26 Feb 2022 02:20:21 +0100
+Subject: CVE-2020-10001
+
+---
+ cups/ipp.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/cups/ipp.c b/cups/ipp.c
+index 4ebb1da9c..ead8856c5 100644
+--- a/cups/ipp.c
++++ b/cups/ipp.c
+@@ -2870,7 +2870,8 @@ ippReadIO(void       *src,               /* I - Data 
source */
+   unsigned char               *buffer,        /* Data buffer */
+                       string[IPP_MAX_TEXT],
+                                       /* Small string buffer */
+-                      *bufptr;        /* Pointer into buffer */
++                      *bufptr,        /* Pointer into buffer */
++                      *bufend;        /* End of buffer */
+   ipp_attribute_t     *attr;          /* Current attribute */
+   ipp_tag_t           tag;            /* Current tag */
+   ipp_tag_t           value_tag;      /* Current value tag */
+@@ -3440,6 +3441,7 @@ ippReadIO(void       *src,               /* I - Data 
source */
+               }
+ 
+                 bufptr = buffer;
++                bufend = buffer + n;
+ 
+              /*
+               * text-with-language and name-with-language are composite
+@@ -3453,7 +3455,7 @@ ippReadIO(void       *src,               /* I - Data 
source */
+ 
+               n = (bufptr[0] << 8) | bufptr[1];
+ 
+-              if ((bufptr + 2 + n) >= (buffer + IPP_BUF_SIZE) || n >= 
(int)sizeof(string))
++              if ((bufptr + 2 + n + 2) > bufend || n >= (int)sizeof(string))
+               {
+                 _cupsSetError(IPP_STATUS_ERROR_INTERNAL,
+                               _("IPP language length overflows value."), 1);
+@@ -3480,7 +3482,7 @@ ippReadIO(void       *src,               /* I - Data 
source */
+                 bufptr += 2 + n;
+               n = (bufptr[0] << 8) | bufptr[1];
+ 
+-              if ((bufptr + 2 + n) >= (buffer + IPP_BUF_SIZE))
++              if ((bufptr + 2 + n) > bufend)
+               {
+                 _cupsSetError(IPP_STATUS_ERROR_INTERNAL,
+                               _("IPP string length overflows value."), 1);
diff -Nru cups-2.2.10/debian/patches/series cups-2.2.10/debian/patches/series
--- cups-2.2.10/debian/patches/series   2020-11-28 12:09:48.000000000 +0100
+++ cups-2.2.10/debian/patches/series   2022-02-23 22:03:02.000000000 +0100
@@ -50,3 +50,4 @@
 0050-CVE-2020-3898-heap-buffer-overflow-in-libcups-s-ppdF.patch
 0051-CVE-2019-8842-The-ippReadIO-function-may-under-read-.patch
 0052-backend-scheduler-ipp.c-Fix-printer-alert-invalid-fr.patch
+0053-CVE-2020-10001.patch

--- End Message ---

--- Begin Message ---

Package: release.debian.org
Version: 10.12

Hi,

The updates referenced in these requests were included in oldstable as
part of today's 10.12 point release.

Regards,

Adam

--- End Message ---

Bug#1007938: marked as done (buster-pu: package cups/2.2.10-6+deb10u5)

Reply via email to