Bug#802650: miniupnpc: CVE-2015-6031: Buffer overflow vulnerability in XML parser functionality

Sun, 25 Oct 2015 05:51:32 -0700 

Hi Thomas,

Attached is debdiff for a proposed NMU to unstable as well (not yet
uploaded to delayed queue). Do you plan to do the upload? Otherwise I
can do the NMU.

Regards,
Salvatore

diff -Nru miniupnpc-1.9.20140610/debian/changelog 
miniupnpc-1.9.20140610/debian/changelog
--- miniupnpc-1.9.20140610/debian/changelog     2014-07-13 16:43:51.000000000 
+0200
+++ miniupnpc-1.9.20140610/debian/changelog     2015-10-25 13:41:58.000000000 
+0100
@@ -1,3 +1,12 @@
+miniupnpc (1.9.20140610-2.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Add CVE-2015-6031.patch patch.
+    CVE-2015-6031: Buffer overflow vulnerability in XML parser
+    functionality. (Closes: #802650)
+
+ -- Salvatore Bonaccorso <car...@debian.org>  Sun, 25 Oct 2015 13:41:21 +0100
+
 miniupnpc (1.9.20140610-2) unstable; urgency=medium
 
   * Uploading to unstable.
diff -Nru miniupnpc-1.9.20140610/debian/patches/CVE-2015-6031.patch 
miniupnpc-1.9.20140610/debian/patches/CVE-2015-6031.patch
--- miniupnpc-1.9.20140610/debian/patches/CVE-2015-6031.patch   1970-01-01 
01:00:00.000000000 +0100
+++ miniupnpc-1.9.20140610/debian/patches/CVE-2015-6031.patch   2015-10-25 
13:41:58.000000000 +0100
@@ -0,0 +1,21 @@
+Description: igd_desc_parse.c: fix buffer overflow (CVE-2015-6031)
+Origin: upstream, 
https://github.com/miniupnp/miniupnp/commit/79cca974a4c2ab1199786732a67ff6d898051b78
+Bug-Debian: https://bugs.debian.org/802650
+Forwarded: no
+Author: Thomas Bernard <miniu...@free.fr>
+Last-Update: 2015-10-25
+Applied-Upstream: 1.9.20150917
+---
+--- a/igd_desc_parse.c
++++ b/igd_desc_parse.c
+@@ -15,7 +15,9 @@
+ void IGDstartelt(void * d, const char * name, int l)
+ {
+       struct IGDdatas * datas = (struct IGDdatas *)d;
+-      memcpy( datas->cureltname, name, l);
++      if(l >= MINIUPNPC_URL_MAXSIZE)
++              l = MINIUPNPC_URL_MAXSIZE-1;
++      memcpy(datas->cureltname, name, l);
+       datas->cureltname[l] = '\0';
+       datas->level++;
+       if( (l==7) && !memcmp(name, "service", l) ) {
diff -Nru miniupnpc-1.9.20140610/debian/patches/series 
miniupnpc-1.9.20140610/debian/patches/series
--- miniupnpc-1.9.20140610/debian/patches/series        2014-07-13 
16:43:51.000000000 +0200
+++ miniupnpc-1.9.20140610/debian/patches/series        2015-10-25 
13:41:58.000000000 +0100
@@ -1 +1,2 @@
 correct-typo-in-manpage.patch
+CVE-2015-6031.patch

Reply via email to