Your message dated Sat, 11 Jan 2025 11:03:09 +0000 with message-id <e1twzgn-009jz3...@coccia.debian.org> and subject line Close 1092025 has caused the Debian Bug report #1092025, regarding bookworm-pu: package libebml/1.4.4-1+deb12u1 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1092025: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1092025 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: release.debian.org Severity: normal Tags: bookworm X-Debbugs-Cc: libe...@packages.debian.org Control: affects -1 + src:libebml User: release.debian....@packages.debian.org Usertags: pu Fixes a minor security issues, tested with mkvtoolnix. Cheers, Moritz diff -Nru libebml-1.4.4/debian/changelog libebml-1.4.4/debian/changelog --- libebml-1.4.4/debian/changelog 2022-10-09 16:22:47.000000000 +0200 +++ libebml-1.4.4/debian/changelog 2025-01-03 17:00:30.000000000 +0100 @@ -1,3 +1,9 @@ +libebml (1.4.4-1+deb12u1) bookworm; urgency=medium + + * CVE-2023-52339 (Integer overflow in MemIOCallback::read) + + -- Moritz Mühlenhoff <j...@debian.org> Fri, 03 Jan 2025 17:00:30 +0100 + libebml (1.4.4-1) unstable; urgency=medium * Team upload diff -Nru libebml-1.4.4/debian/patches/CVE-2023-52339.patch libebml-1.4.4/debian/patches/CVE-2023-52339.patch --- libebml-1.4.4/debian/patches/CVE-2023-52339.patch 1970-01-01 01:00:00.000000000 +0100 +++ libebml-1.4.4/debian/patches/CVE-2023-52339.patch 2025-01-03 16:59:37.000000000 +0100 @@ -0,0 +1,29 @@ +From 4c0d757d6de529e8dda6bb6ca08369d5f9bffdb3 Mon Sep 17 00:00:00 2001 +From: Steve Lhomme <slho...@matroska.org> +Date: Wed, 1 Nov 2023 09:02:36 +0100 +Subject: [PATCH] MemIOCallback: fix buffer overflow when reading too much data + +If the addition of 2 positive values is smaller than one of the values then we +have an overflowing addition. + +In this case that means we are trying to read more data that is actually in +our buffer. So we can use the same mechanism as reading too much data. + +(cherry picked from commit 4d577f5c3e267b2988d56dafebc82dedb4c45506) +Signed-off-by: Steve Lhomme <slho...@matroska.org> +--- + src/MemIOCallback.cpp | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- libebml-1.4.4.orig/src/MemIOCallback.cpp ++++ libebml-1.4.4/src/MemIOCallback.cpp +@@ -68,7 +68,8 @@ uint32 MemIOCallback::read(void *Buffer, + if (Buffer == nullptr || Size < 1) + return 0; + //If the size is larger than than the amount left in the buffer +- if (Size + dataBufferPos > dataBufferTotalSize) { ++ if (Size + dataBufferPos < Size || // overflow, reading too much ++ Size + dataBufferPos > dataBufferTotalSize) { + //We will only return the remaining data + memcpy(Buffer, dataBuffer + dataBufferPos, dataBufferTotalSize - dataBufferPos); + uint64 oldDataPos = dataBufferPos; diff -Nru libebml-1.4.4/debian/patches/series libebml-1.4.4/debian/patches/series --- libebml-1.4.4/debian/patches/series 1970-01-01 01:00:00.000000000 +0100 +++ libebml-1.4.4/debian/patches/series 2025-01-03 16:59:17.000000000 +0100 @@ -0,0 +1 @@ +CVE-2023-52339.patch
--- End Message ---
--- Begin Message ---Version: 12.9 This update has been released as part of 12.9. Thank you for your contribution.
--- End Message ---
