Hello Salvatore, Am Mittwoch, den 10.02.2021, 06:30 +0100 schrieb Salvatore Bonaccorso: [...] > Question back on this. > > Is it confirmed that it fixes both CVE-2019-5086 (TALOS-2019-0878, > https://github.com/j-jorge/xcftools/issues/12) and CVE-2019-5087 > (TALOS-2019-0879, https://github.com/j-jorge/xcftools/issues/13) which > were slight different issues? > > Unfortunately upstream itself is at best dormant. > > There was lot of discussion back then basically just around > CVE-2019-5086 but not covering CVE-2019-5087 involving Brian May and a > patch from Anton. > > Hugo, Brian, Anton does the final patch you were aiming and posted > address both issues, did any of you got some feedback from Talos > because of TALOS-2019-0878 and TALOS-2019-0879?
I was in contact with Anton Gladky and this was basically his patch. The patch is unfortunately incomplete for 32 bit architectures which I saw too late. I believe I know how to fix it and I intend to discuss the new patch with Anton. In my opinion upstream is dead and our Debian maintainer is unresponsive and/or MIA too, so we have to take the initiative. I haven't contacted TALOS and we haven't received any feedback from them. The idea behind the patch was to prevent the overflow with a check for a upper limit for INT. Now, because of the 32 bit problem, I think we should double-check this with a guard to protect against negative values for height and width because negative values are illogical for these dimensions. Currently I believe this fixes both CVE and Anton had created a test case for it but I check with him again. Regards, Markus
signature.asc
Description: This is a digitally signed message part
