Hi Laszlo, On Wed, May 28, 2025 at 07:27:03AM +0200, László Böszörményi (GCS) wrote: > On Tue, May 27, 2025 at 9:39 PM Salvatore Bonaccorso <car...@debian.org> > wrote: > > CVE-2025-5222[0]: > > | Stack buffer overflow in the SRBRoot::addTag function > The bad thing is, I chose not to sleep in the evening. The good thing > is I have found a fix [1]. The bad thing is this is a fix for another > serious issue [2] which still is not public. But cut this bad-good > thing. I've confirmed this fix the mentioned CVE, being a slightly > similar issue. The CVE mentions the tag (which is a const char *) and > the mentioned fix might handle its usage a level deeper in the subtag > variable. The latter is no longer a fixed size, but a helper class > called CharString which seems to handle such misuse the bug invokes. > In my tests the stack is no longer corrupted. > It's up to the Security Team if they know more about the other bug or > not. For the moment I tend to say the fix of that one fixes this one > as well. May I wait for something? Trixie release is coming soon.
Sorry for not replying earlier got catched by other issues. Thanks for your investigative work and this soulds plausible. Let's track this as the fixing commit for CVE-2025-5222. No idea about the second issue and which is referenced by this commit. Do you have upsteam contact to which you could reach out to find out more on the second issue? Otherwise I would say to focus on CVE-2025-5222 and get a fix for this in trixie. Thanks a lot for working on this issue. Regards, Salvatore
