Re: security issue in libcompress-raw-bzip2-perl (CVE-2009-1884)

Fri, 28 Aug 2009 05:59:36 -0700 

On Fri, 28 Aug 2009 07:37:30 +0200, Florian Weimer wrote:

> * Florian Weimer:
> > * gregor herrmann:
> >>> * Bas Zoetekouw:
> >>> > Could you please advice whether it's ok to upload an NMU with the above
> >>> > patch to stable-security?
> >>> Sure.  Please send the debdiff for review first.
> >>
> >> Thanks, debdiff attached.
> >>
> >> Please tell me if it's ok or if I should change anything.
> >
> > Please rebuild the patch without using quilt.  We don't change build
> > systems in security updates.  Thanks.
> 
> Oh, and considering that CVE-2009-1391 will be fixed through
> stable-proposed-updates, we should fix this bug through s-p-u, too.
> So please send your final patch to debian-release@ instead of
> security@ (and you need to change the suite to
> {old,}stable-proposed-updates, not build with -sa, and eventually
> upload to ftp-master instead of security-master).

Ok, here we go.

Dear release team, attached is the debdiff for a possible upload to
s-p-u for libcompress-raw-bzip2-perl that fixes CVE-2009-1884 /
#542777.

(I've also built the package on a amd64 lenny system and ran the test
proposed by Niko in #542777.) 

Please advise on how to proceed.


Cheers,
gregor
-- 
 .''`.   http://info.comodo.priv.at/ -- GPG Key IDs: 0x00F3CFE4, 0x8649AA06
 : :' :  Debian GNU/Linux user, admin, & developer - http://www.debian.org/
 `. `'   Member of VIBE!AT, SPI Inc., fellow of FSFE | http://got.to/quote/
   `-    NP: Fleetwood Mac: You Make Loving Fun

diff -u libcompress-raw-bzip2-perl-2.011/debian/changelog 
libcompress-raw-bzip2-perl-2.011/debian/changelog
--- libcompress-raw-bzip2-perl-2.011/debian/changelog
+++ libcompress-raw-bzip2-perl-2.011/debian/changelog
@@ -1,3 +1,11 @@
+libcompress-raw-bzip2-perl (2.011-2lenny1) stable-proposed-updates; 
urgency=high
+
+  * Non-maintainer upload on maintainer's request.
+  * [SECURITY] CVE-2009-1884: fix off-by-one error in the bzinflate function
+    in Bzip2.xs. Closes: #542777
+
+ -- gregor herrmann <gre...@debian.org>  Thu, 27 Aug 2009 23:54:27 +0200
+
 libcompress-raw-bzip2-perl (2.011-2) unstable; urgency=low
 
   * Fix the binary-arch target. 
only in patch2:
unchanged:
--- libcompress-raw-bzip2-perl-2.011.orig/Bzip2.xs
+++ libcompress-raw-bzip2-perl-2.011/Bzip2.xs
@@ -753,7 +753,7 @@
 
         if (s->stream.avail_out == 0) {
            /* out of space in the output buffer so make it bigger */
-            Sv_Grow(output, SvLEN(output) + bufinc) ;
+            Sv_Grow(output, SvLEN(output) + bufinc +1) ;
             cur_length += increment ;
             s->stream.next_out = (char*) SvPVbyte_nolen(output) + cur_length ;
             increment = bufinc ;

Attachment: signature.asc
Description: Digital signature

Reply via email to