Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian....@packages.debian.org
Usertags: pu
X-Debbugs-Cc: glewl...@packages.debian.org
Control: affects -1 + src:glewlwyd
(Please provide enough information to help the release team
to judge the request efficiently. E.g. by filling in the
sections below.)
[ Reason ]
Fix possible buffer overflow in webauthn attestation (CVE-2023-49208)
[ Risks ]
If a crafted webauthn assertion is executed, could
result in denial of service or the execution of arbitrary code
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
The change checks the length of a parameter before copying it into a
fixed size array.
diff -Nru glewlwyd-2.7.5/debian/changelog glewlwyd-2.7.5/debian/changelog
--- glewlwyd-2.7.5/debian/changelog 2023-05-04 07:21:27.000000000 -0400
+++ glewlwyd-2.7.5/debian/changelog 2023-11-23 17:12:13.000000000 -0500
@@ -1,3 +1,9 @@
+glewlwyd (2.7.5-3+deb12u1) bookworm; urgency=medium
+
+ * d/patches: Fix CVE-2023-49208
+
+ -- Nicolas Mora <babelou...@debian.org> Thu, 23 Nov 2023 17:12:13 -0500
+
glewlwyd (2.7.5-3) unstable; urgency=medium
* Install config.json as config-2.7.json (Closes: #1035503)
diff -Nru glewlwyd-2.7.5/debian/patches/CVE-2023-49208.patch glewlwyd-2.7.5/debian/patches/CVE-2023-49208.patch
--- glewlwyd-2.7.5/debian/patches/CVE-2023-49208.patch 1969-12-31 19:00:00.000000000 -0500
+++ glewlwyd-2.7.5/debian/patches/CVE-2023-49208.patch 2023-11-23 17:12:13.000000000 -0500
@@ -0,0 +1,21 @@
+Description: Fix CVE-2023-49208 for bookworm
+Author: Nicolas Mora <babelou...@debian.org>
+Forwarded: not-needed
+--- a/src/scheme/webauthn.c
++++ b/src/scheme/webauthn.c
+@@ -2260,13 +2260,13 @@
+ for (i=0; i<cbor_map_size(cbor_cose); i++) {
+ cbor_key = cbor_map_handle(cbor_cose)[i].key;
+ cbor_value = cbor_map_handle(cbor_cose)[i].value;
+- if (cbor_isa_negint(cbor_key) && cbor_get_int(cbor_key) == 1 && cbor_isa_bytestring(cbor_value)) {
++ if (cbor_isa_negint(cbor_key) && cbor_get_int(cbor_key) == 1 && cbor_isa_bytestring(cbor_value) && cbor_bytestring_length(cbor_value) <= 256) {
+ has_x = 1;
+ memcpy(cert_x, cbor_bytestring_handle(cbor_value), cbor_bytestring_length(cbor_value));
+ cert_x_len = cbor_bytestring_length(cbor_value);
+ g_x.data = cert_x;
+ g_x.size = (unsigned int)cbor_bytestring_length(cbor_value);
+- } else if (cbor_isa_negint(cbor_key) && cbor_get_int(cbor_key) == 2 && cbor_isa_bytestring(cbor_value)) {
++ } else if (cbor_isa_negint(cbor_key) && cbor_get_int(cbor_key) == 2 && cbor_isa_bytestring(cbor_value) && cbor_bytestring_length(cbor_value) <= 256) {
+ has_y = 1;
+ memcpy(cert_y, cbor_bytestring_handle(cbor_value), cbor_bytestring_length(cbor_value));
+ cert_y_len = cbor_bytestring_length(cbor_value);
diff -Nru glewlwyd-2.7.5/debian/patches/series glewlwyd-2.7.5/debian/patches/series
--- glewlwyd-2.7.5/debian/patches/series 2023-01-18 19:01:39.000000000 -0500
+++ glewlwyd-2.7.5/debian/patches/series 2023-11-23 17:12:13.000000000 -0500
@@ -1,2 +1,3 @@
+CVE-2023-49208.patch
webpack.patch
