Control: tags 775776 + pending Dear maintainer,
I've prepared an NMU for polarssl (versioned as 1.3.9-2.1) and uploaded it to DELAYED/5. Please feel free to tell me if I should delay it longer. Regards, Salvatore
diff -Nru polarssl-1.3.9/debian/changelog polarssl-1.3.9/debian/changelog --- polarssl-1.3.9/debian/changelog 2014-11-07 10:31:12.000000000 +0100 +++ polarssl-1.3.9/debian/changelog 2015-01-22 17:53:27.000000000 +0100 @@ -1,3 +1,12 @@ +polarssl (1.3.9-2.1) unstable; urgency=high + + * Non-maintainer upload. + * Add CVE-2015-1182.patch patch. + CVE-2015-1182: Denial of service and possible remote code execution + using crafted certificates. (Closes: #775776) + + -- Salvatore Bonaccorso <car...@debian.org> Wed, 21 Jan 2015 22:09:05 +0100 + polarssl (1.3.9-2) unstable; urgency=medium * Disabled POLARSSL_SSL_PROTO_SSL3 at compile time to prevent potential diff -Nru polarssl-1.3.9/debian/patches/CVE-2015-1182.patch polarssl-1.3.9/debian/patches/CVE-2015-1182.patch --- polarssl-1.3.9/debian/patches/CVE-2015-1182.patch 1970-01-01 01:00:00.000000000 +0100 +++ polarssl-1.3.9/debian/patches/CVE-2015-1182.patch 2015-01-22 17:53:27.000000000 +0100 @@ -0,0 +1,33 @@ +Description: Remote attack using crafted certificates + During the parsing of a ASN.1 sequence, a pointer in the linked list of + asn1_sequence is not initialized by asn1_get_sequence_of(). In case an + error occurs during parsing of the list, a situation is created where + the uninitialized pointer is passed to polarssl_free(). + . + This sequence can be triggered when a PolarSSL entity is parsing a + certificate. So practically this means clients when receiving a + certificate from the server or servers in case they are actively asking + for a client certificate. + . + Depending on the attackers knowledge of the system under attack, this + results at the lowest into a denial of service, and at the most a + possible remote code execution. + . + CVE-2015-1182 +Origin: upstream, https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04 +Bug-Debian: https://bugs.debian.org/775776 +Forwarded: not-needed +Author: Salvatore Bonaccorso <car...@debian.org> +Last-Update: 2015-01-21 + +--- a/library/asn1parse.c ++++ b/library/asn1parse.c +@@ -278,6 +278,8 @@ int asn1_get_sequence_of( unsigned char + if( cur->next == NULL ) + return( POLARSSL_ERR_ASN1_MALLOC_FAILED ); + ++ memset( cur->next, 0, sizeof( asn1_sequence ) ); ++ + cur = cur->next; + } + } diff -Nru polarssl-1.3.9/debian/patches/series polarssl-1.3.9/debian/patches/series --- polarssl-1.3.9/debian/patches/series 2014-08-31 14:20:13.000000000 +0200 +++ polarssl-1.3.9/debian/patches/series 2015-01-22 17:53:27.000000000 +0100 @@ -1,2 +1,3 @@ 01-config.patch 02-makefile-destdir-fix.patch +CVE-2015-1182.patch
