Bug#305072: marked as done (CAN-2005-0706: Bufferoverflow in CDDB
response parsing)
Debian Bug Tracking System
owner@bugs.debian.org
Mon, 06 Jun 2005 17:18:11 -0700
Your message dated Mon, 06 Jun 2005 20:02:13 -0400
with message-id <E1DfRXp-00036F-00@newraff.debian.org>
and subject line Bug#305072: fixed in gnome-vfs2 2.10.1-4
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 17 Apr 2005 19:19:45 +0000
>From jmm@inutil.org Sun Apr 17 12:19:43 2005
Return-path: <jmm@inutil.org>
Received: from inutil.org (vserver151.vserver151.serverflex.de) [193.22.164.111]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DNFIx-0004XX-00; Sun, 17 Apr 2005 12:19:40 -0700
Received: from p54894fa0.dip.t-dialin.net ([84.137.79.160] helo=localhost.localdomain)
by vserver151.vserver151.serverflex.de with esmtpsa (TLS-1.0:RSA_AES_256_CBC_SHA:32)
(Exim 4.50)
id 1DNFIv-0003tt-2P
for submit@bugs.debian.org; Sun, 17 Apr 2005 21:19:37 +0200
Received: from jmm by localhost.localdomain with local (Exim 4.50)
id 1DNFIr-00020j-5I; Sun, 17 Apr 2005 21:19:33 +0200
Content-Type: multipart/mixed; boundary="===============0264665847=="
MIME-Version: 1.0
From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CAN-2005-0706: Bufferoverflow in CDDB response parsing
X-Mailer: reportbug 3.9
Date: Sun, 17 Apr 2005 21:19:32 +0200
X-Debbugs-Cc: security@debian.org
Message-Id: <E1DNFIr-00020j-5I@localhost.localdomain>
X-SA-Exim-Connect-IP: 84.137.79.160
X-SA-Exim-Mail-From: jmm@inutil.org
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond expanded to false
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
This is a multi-part MIME message sent by reportbug.
--===============0264665847==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Package: gnome-vfs2
Severity: grave
Tags: security patch
Justification: user security hole
[ Dear security team; this seems to affect stable as well ]
CAN-2005-0706 describes a buffer overflow in grip CDDB response parsing that
can potentially be exploited to execute arbitrary code.
gnome-vfs2 contains the vulnerable code as well. Attached you can find
a patch like it has been patched for grip.
Cheers,
Moritz
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
--===============0264665847==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="CAN-2005-0706-gnome-vfs2.patch"
diff -Naur gnome-vfs2-2.8.4.orig/modules/cdda-cddb.c gnome-vfs2-2.8.4/modules/cdda-cddb.c
--- gnome-vfs2-2.8.4.orig/modules/cdda-cddb.c 2004-07-25 17:40:35.000000000 +0200
+++ gnome-vfs2-2.8.4/modules/cdda-cddb.c 2005-04-17 21:11:26.000000000 +0200
@@ -440,7 +440,7 @@
query->query_match=MATCH_INEXACT;
query->query_matches=0;
- while(!CDDBReadLine(socket,inbuffer,256)) {
+ while(query->query_matches < MAX_INEXACT_MATCHES && !CDDBReadLine(socket,inbuffer,256)) {
query->query_list[query->query_matches].list_genre=
CDDBGenreValue(ChopWhite(strtok(inbuffer," ")));
--===============0264665847==--
---------------------------------------
Received: (at 305072-close) by bugs.debian.org; 7 Jun 2005 00:09:11 +0000
>From katie@ftp-master.debian.org Mon Jun 06 17:09:11 2005
Return-path: <katie@ftp-master.debian.org>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DfReZ-0005Fs-00; Mon, 06 Jun 2005 17:09:11 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1DfRXp-00036F-00; Mon, 06 Jun 2005 20:02:13 -0400
From: Sjoerd Simons <sjoerd@debian.org>
To: 305072-close@bugs.debian.org
X-Katie: $Revision: 1.56 $
Subject: Bug#305072: fixed in gnome-vfs2 2.10.1-4
Message-Id: <E1DfRXp-00036F-00@newraff.debian.org>
Sender: Archive Administrator <katie@ftp-master.debian.org>
Date: Mon, 06 Jun 2005 20:02:13 -0400
Delivered-To: 305072-close@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
X-CrossAssassin-Score: 5
Source: gnome-vfs2
Source-Version: 2.10.1-4
We believe that the bug you reported is fixed in the latest version of
gnome-vfs2, which is due to be installed in the Debian FTP archive:
gnome-vfs2_2.10.1-4.diff.gz
to pool/main/g/gnome-vfs2/gnome-vfs2_2.10.1-4.diff.gz
gnome-vfs2_2.10.1-4.dsc
to pool/main/g/gnome-vfs2/gnome-vfs2_2.10.1-4.dsc
libgnomevfs2-0-dbg_2.10.1-4_powerpc.deb
to pool/main/g/gnome-vfs2/libgnomevfs2-0-dbg_2.10.1-4_powerpc.deb
libgnomevfs2-0_2.10.1-4_powerpc.deb
to pool/main/g/gnome-vfs2/libgnomevfs2-0_2.10.1-4_powerpc.deb
libgnomevfs2-common_2.10.1-4_powerpc.deb
to pool/main/g/gnome-vfs2/libgnomevfs2-common_2.10.1-4_powerpc.deb
libgnomevfs2-dev_2.10.1-4_powerpc.deb
to pool/main/g/gnome-vfs2/libgnomevfs2-dev_2.10.1-4_powerpc.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 305072@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sjoerd Simons <sjoerd@debian.org> (supplier of updated gnome-vfs2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 7 Jun 2005 01:02:31 +0200
Source: gnome-vfs2
Binary: libgnomevfs2-dev libgnomevfs2-0-dbg libgnomevfs2-0 libgnomevfs2-common
Architecture: source powerpc
Version: 2.10.1-4
Distribution: unstable
Urgency: low
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Changed-By: Sjoerd Simons <sjoerd@debian.org>
Description:
libgnomevfs2-0 - The GNOME virtual file-system library (runtime files)
libgnomevfs2-0-dbg - The GNOME virtual file-system library (runtime files)
libgnomevfs2-common - The GNOME virtual file-system library (common files)
libgnomevfs2-dev - The GNOME virtual file-system library (development files)
Closes: 220457 264117 298923 301258 305072 305609
Changes:
gnome-vfs2 (2.10.1-4) unstable; urgency=low
.
* Sjoerd Simons:
- Upload to unstable
- debian/patches/16_preserve_timestamps.patch
+ Added. Restore preservation of atime, mtime and permissions broken by
the setgid patch. (Patch from gnome CVS)
* Josselin Mouette:
- defaults.list:
+ Make evince the default for PDF files.
+ Add new mime types supported in GNOME 2.10.
.
gnome-vfs2 (2.10.1-3) experimental; urgency=low
.
* debian/patches/15_cddb_bufferoverflow.patch
- check the number of returned matches agains the maximum size to avoid
overflowing the buffer. (CAN-2005-0706, Closes: #305072)
* Allow building on the hurd. Thanks to Michael Banck for providing patches
(Closes: #301258)
- Disable samba and don't enable ipv6 and the hal backend on the hurd.
- debian/patches/18_cdrom_fallback.patch
+ Fallback to giving no info about cdrom status if the operating system
doesn't support it.
- debian/patches/19_hurd_path_max.patch
+ Handle the missing of PATH_MAX definition on the hurd
.
gnome-vfs2 (2.10.1-2) experimental; urgency=low
.
* [debian/defaults.list] Sort by .desktop file, then by MIME type.
Default to OpenOffice.org itself for application/vnd.sun.xml.calc.template
and application/vnd.sun.xml.calc rather than gnumeric. (See #307090)
* [debian/control.in] Corrected section for libgnomevfs2-common to "libs".
(Closes: #305609)
.
gnome-vfs2 (2.10.1-1) experimental; urgency=low
.
* New upstream release.
.
gnome-vfs2 (2.10.0-1) experimental; urgency=low
.
* New upstream release
- Fixes "invalid parameters" error when copying to a floppy
(Closes: #220457)
* debian/paches//03_usr_share_gnome_applications.patch
- Updated for new upstream
* Vfolders aren't used anymore, removed patches related to them:
- debian/patches/01_exclude-sound-properties.patch
- debian/patches/15_no_kde_in_menu.patch
* Removed patches for things fixed upstream:
- debian/patches/04_mime_info_search_parent_types.patch
- debian/patches/10_fix_eject.patch
- debian/patches/14_libhttp_64.patch
- debian/patches/16_honor_dir_setgid.patch
- debian/patches/17_gnome_vfs_daemon_deadlock.patch
* Build the tar and cdda methods
* Enable hal support (Closes: #298923)
* Updated watch file
* debian/patches/01_fstab_edit_crash.patch
- Added, fix crash of gnome-vfs-daemon when editing /etc/fstab (from the
ubuntu package)
* debian/patches/14_null_volume_crash.patch
- Added, gnome_vfs_hal_mounts_modify_drive(): Check that the hal volume is
not NULL before calling hal functions on it. (from the ubuntu package)
* Added a version with debugging symbols (Closes: #264117)
Files:
bea31e1656ee63a07807d8b78177f92f 2009 libs optional gnome-vfs2_2.10.1-4.dsc
fb1524a4667f5df17755f4fd183d9e3a 42102 libs optional gnome-vfs2_2.10.1-4.diff.gz
cf487eee7ccab0d4c69008fcdf7da0ed 1079786 libs optional libgnomevfs2-common_2.10.1-4_powerpc.deb
a325ba5273cd05f4aba5251364263152 405152 libs optional libgnomevfs2-0_2.10.1-4_powerpc.deb
55b78a0d32c6d2a54b05375517cbf84b 2913360 libs optional libgnomevfs2-0-dbg_2.10.1-4_powerpc.deb
4083cdacb02f1421f5a672738a2c9ff8 511548 libdevel optional libgnomevfs2-dev_2.10.1-4_powerpc.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFCpN/agTd+SodosdIRAv+vAJ473Cv2It2ILLpAPOKf6hhLivtLAQCePi+H
TK95Vo3f1zTR0vermRrp4AI=
=e8Vt
-----END PGP SIGNATURE-----