Your message dated Sat, 29 Jun 2024 10:46:15 +0000 with message-id <e1snvax-002byl...@coccia.debian.org> and subject line Released with 12.6 has caused the Debian Bug report #1056936, regarding bookworm-pu: package glewlwyd/2.7.5-3 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1056936: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056936 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: release.debian.org Severity: normal Tags: bookworm User: release.debian....@packages.debian.org Usertags: pu X-Debbugs-Cc: glewl...@packages.debian.org Control: affects -1 + src:glewlwyd (Please provide enough information to help the release team to judge the request efficiently. E.g. by filling in the sections below.) [ Reason ] Fix possible buffer overflow in webauthn attestation (CVE-2023-49208) [ Risks ] If a crafted webauthn assertion is executed, could result in denial of service or the execution of arbitrary code [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] The change checks the length of a parameter before copying it into a fixed size array.diff -Nru glewlwyd-2.7.5/debian/changelog glewlwyd-2.7.5/debian/changelog --- glewlwyd-2.7.5/debian/changelog 2023-05-04 07:21:27.000000000 -0400 +++ glewlwyd-2.7.5/debian/changelog 2023-11-23 17:12:13.000000000 -0500 @@ -1,3 +1,9 @@ +glewlwyd (2.7.5-3+deb12u1) bookworm; urgency=medium + + * d/patches: Fix CVE-2023-49208 + + -- Nicolas Mora <babelou...@debian.org> Thu, 23 Nov 2023 17:12:13 -0500 + glewlwyd (2.7.5-3) unstable; urgency=medium * Install config.json as config-2.7.json (Closes: #1035503) diff -Nru glewlwyd-2.7.5/debian/patches/CVE-2023-49208.patch glewlwyd-2.7.5/debian/patches/CVE-2023-49208.patch --- glewlwyd-2.7.5/debian/patches/CVE-2023-49208.patch 1969-12-31 19:00:00.000000000 -0500 +++ glewlwyd-2.7.5/debian/patches/CVE-2023-49208.patch 2023-11-23 17:12:13.000000000 -0500 @@ -0,0 +1,21 @@ +Description: Fix CVE-2023-49208 for bookworm +Author: Nicolas Mora <babelou...@debian.org> +Forwarded: not-needed +--- a/src/scheme/webauthn.c ++++ b/src/scheme/webauthn.c +@@ -2260,13 +2260,13 @@ + for (i=0; i<cbor_map_size(cbor_cose); i++) { + cbor_key = cbor_map_handle(cbor_cose)[i].key; + cbor_value = cbor_map_handle(cbor_cose)[i].value; +- if (cbor_isa_negint(cbor_key) && cbor_get_int(cbor_key) == 1 && cbor_isa_bytestring(cbor_value)) { ++ if (cbor_isa_negint(cbor_key) && cbor_get_int(cbor_key) == 1 && cbor_isa_bytestring(cbor_value) && cbor_bytestring_length(cbor_value) <= 256) { + has_x = 1; + memcpy(cert_x, cbor_bytestring_handle(cbor_value), cbor_bytestring_length(cbor_value)); + cert_x_len = cbor_bytestring_length(cbor_value); + g_x.data = cert_x; + g_x.size = (unsigned int)cbor_bytestring_length(cbor_value); +- } else if (cbor_isa_negint(cbor_key) && cbor_get_int(cbor_key) == 2 && cbor_isa_bytestring(cbor_value)) { ++ } else if (cbor_isa_negint(cbor_key) && cbor_get_int(cbor_key) == 2 && cbor_isa_bytestring(cbor_value) && cbor_bytestring_length(cbor_value) <= 256) { + has_y = 1; + memcpy(cert_y, cbor_bytestring_handle(cbor_value), cbor_bytestring_length(cbor_value)); + cert_y_len = cbor_bytestring_length(cbor_value); diff -Nru glewlwyd-2.7.5/debian/patches/series glewlwyd-2.7.5/debian/patches/series --- glewlwyd-2.7.5/debian/patches/series 2023-01-18 19:01:39.000000000 -0500 +++ glewlwyd-2.7.5/debian/patches/series 2023-11-23 17:12:13.000000000 -0500 @@ -1,2 +1,3 @@ +CVE-2023-49208.patch webpack.patch
--- End Message ---
--- Begin Message ---Version: 12.6 The upload requested in this bug has been released as part of 12.6.
--- End Message ---
