Your message dated Mon, 11 Jul 2022 20:47:41 +0000
with message-id <e1ob0jh-000hxx...@fasolo.debian.org>
and subject line Bug#1014157: fixed in gnupg2 2.2.12-1+deb10u2
has caused the Debian Bug report #1014157,
regarding gnupg: vulnerable to status injection
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1014157: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014157
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: gnupg
Version: 2.2.25-2
Control: tag -1 + security patch
Control: forward -1 https://dev.gnupg.org/T6027
Control: affects -1 libgpgme11
Control: found 2.2.27-2+deb11u1
over in https://www.openwall.com/lists/oss-security/2022/06/30/1 Demi
Marie Obenour reports a failed buffer overflow that has the result that
anyone using gpgme (and probably other tooling) cannot trust the results
of signature validation.
I've confirmed that the reported bug is present both in bullseye
(2.2.27-2+deb11u1) and unstable :(
The attached patch (pulled from upstream git) fixes the matter that was
present in 2.2.25-2. I'm in the process of testing it on bullseye.
--dkg
From: Werner Koch <w...@gnupg.org>
Date: Tue, 14 Jun 2022 11:33:27 +0200
Subject: g10: Fix garbled status messages in NOTATION_DATA
* g10/cpr.c (write_status_text_and_buffer): Fix off-by-one
--
Depending on the escaping and line wrapping the computed remaining
buffer length could be wrong. Fixed by always using a break to
terminate the escape detection loop. Might have happened for all
status lines which may wrap.
GnuPG-bug-id: T6027
(cherry picked from commit 34c649b3601383cd11dbc76221747ec16fd68e1b)
---
g10/cpr.c | 13 ++++---------
1 file changed, 4 insertions(+), 9 deletions(-)
diff --git a/g10/cpr.c b/g10/cpr.c
index d502e8b..bc4b715 100644
--- a/g10/cpr.c
+++ b/g10/cpr.c
@@ -328,20 +328,15 @@ write_status_text_and_buffer (int no, const char *string,
}
first = 0;
}
- for (esc=0, s=buffer, n=len; n && !esc; s++, n--)
+ for (esc=0, s=buffer, n=len; n; s++, n--)
{
if (*s == '%' || *(const byte*)s <= lower_limit
|| *(const byte*)s == 127 )
esc = 1;
if (wrap && ++count > wrap)
- {
- dowrap=1;
- break;
- }
- }
- if (esc)
- {
- s--; n++;
+ dowrap=1;
+ if (esc || dowrap)
+ break;
}
if (s != buffer)
es_fwrite (buffer, s-buffer, 1, statusfp);
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: gnupg2
Source-Version: 2.2.12-1+deb10u2
Done: Daniel Kahn Gillmor <d...@fifthhorseman.net>
We believe that the bug you reported is fixed in the latest version of
gnupg2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1014...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Daniel Kahn Gillmor <d...@fifthhorseman.net> (supplier of updated gnupg2
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 01 Jul 2022 12:06:43 -0400
Source: gnupg2
Architecture: source
Version: 2.2.12-1+deb10u2
Distribution: buster-security
Urgency: high
Maintainer: Debian GnuPG Maintainers <pkg-gnupg-ma...@lists.alioth.debian.org>
Changed-By: Daniel Kahn Gillmor <d...@fifthhorseman.net>
Closes: 1014157
Changes:
gnupg2 (2.2.12-1+deb10u2) buster-security; urgency=high
.
[ Roger Shimizu ]
* d/control: Update Build-Depends: libgpg-error-dev (>= 1.35)
.
[ Daniel Kahn Gillmor ]
* fix broken status line (Closes: #1014157)
Checksums-Sha1:
f1267951c26eaf17cdef39a24acb2961a8a98960 3258 gnupg2_2.2.12-1+deb10u2.dsc
2aeccc35ea8034306ff7a1072b84abbaa79619c3 6682303 gnupg2_2.2.12.orig.tar.bz2
fe3576314c725e76dca3aaa23287004e2e3e3a4a 3204 gnupg2_2.2.12.orig.tar.bz2.asc
e8a080f0fa4a4d54608d5cd6e0a1a5b1aa843b99 123852
gnupg2_2.2.12-1+deb10u2.debian.tar.xz
96358b1c03e12c0d1113d9639ef065dc2dc3c9d4 10446
gnupg2_2.2.12-1+deb10u2_source.buildinfo
Checksums-Sha256:
63c9e0edbfd5772bc19eb722278445818f77e6506191def7a88748ffbd5226eb 3258
gnupg2_2.2.12-1+deb10u2.dsc
db030f8b4c98640e91300d36d516f1f4f8fe09514a94ea9fc7411ee1a34082cb 6682303
gnupg2_2.2.12.orig.tar.bz2
97c8dc25c4c2fe9a39b2ffd81b65b6f3dc4ad359c9a81ca4bb9b4bdeb6167c60 3204
gnupg2_2.2.12.orig.tar.bz2.asc
e4959380382661227462a88c5f56b2b3b1fbb36717e32f1be6fc3187e6234c22 123852
gnupg2_2.2.12-1+deb10u2.debian.tar.xz
8c854aac98e0b72c41591f5521a56dd0f48a0497c5a4b5018a9eff66d02f2b93 10446
gnupg2_2.2.12-1+deb10u2_source.buildinfo
Files:
5585917b8d5905559eb08a83fe5caa49 3258 utils optional
gnupg2_2.2.12-1+deb10u2.dsc
421b17028878b253c5acfef056bc6141 6682303 utils optional
gnupg2_2.2.12.orig.tar.bz2
c13841dcfb13d0bd6b7328c88e061372 3204 utils optional
gnupg2_2.2.12.orig.tar.bz2.asc
07eeb82644d3821bd23ef2d0f2d1625f 123852 utils optional
gnupg2_2.2.12-1+deb10u2.debian.tar.xz
0b64ca591c13e9a1f3191db640083e23 10446 utils optional
gnupg2_2.2.12-1+deb10u2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQQttUkcnfDcj0MoY88+nXFzcd5WXAUCYr8frQAKCRA+nXFzcd5W
XFVOAP9bzGS1gOHD/j3BvrMNWqVgJqadjBhtBmTUVz1TuU7nQQD9El7huHO60/p3
VA3xK2j31tL+fGNzfkC3Qk26Id2uAgE=
=PIjt
-----END PGP SIGNATURE-----
--- End Message ---
