Your message dated Fri, 08 Feb 2008 14:02:10 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#461236: fixed in boost 1.34.1-5
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: boost
Version: 1.34.1-2.2
Severity: critical
Tags: patch, security
User: [EMAIL PROTECTED]
Usertags: origin-ubuntu hardy ubuntu-patch
boost as included in Debian is vulnerable to CVE-2008-0171 and CVE-2008-0172.
Attached is a debdiff which addresses this issue (changelog entry in debdiff
shows upstream patch sources as well).
Jamie
--
Email: [EMAIL PROTECTED]
IRC: jdstrand
diff -u boost-1.34.1/debian/changelog boost-1.34.1/debian/changelog
--- boost-1.34.1/debian/changelog
+++ boost-1.34.1/debian/changelog
@@ -1,3 +1,16 @@
+boost (1.34.1-2.3) unstable; urgency=low
+
+ * debian/patches/05_regex_fixes.patch: fix for
+ basic_regex_parser() in boost/regex/v4/basic_regex_parser.hpp to return
+ error on invalid repetition of next state
+ * References
+ CVE-2008-0171
+ CVE-2008-0172
+ http://svn.boost.org/trac/boost/changeset/42674
+ http://svn.boost.org/trac/boost/changeset/42745
+
+ -- Jamie Strandboge <[EMAIL PROTECTED]> Tue, 15 Jan 2008 18:22:26 +0000
+
boost (1.34.1-2.2) unstable; urgency=low
* Non-maintainer upload.
only in patch2:
unchanged:
--- boost-1.34.1.orig/boost/regex/v4/basic_regex_parser.hpp
+++ boost-1.34.1/boost/regex/v4/basic_regex_parser.hpp
@@ -777,6 +777,7 @@
case syntax_element_restart_continue:
case syntax_element_jump:
case syntax_element_startmark:
+ case syntax_element_backstep:
// can't legally repeat any of the above:
fail(regex_constants::error_badrepeat, m_position - m_base);
return false;
@@ -1862,6 +1863,7 @@
if(markid == -4)
{
re_syntax_base* b = this->getaddress(expected_alt_point);
+ // Make sure we have exactly one alternative following this state:
if(b->type != syntax_element_alt)
{
re_alt* alt =
static_cast<re_alt*>(this->insert_state(expected_alt_point, syntax_element_alt,
sizeof(re_alt)));
@@ -1872,6 +1874,15 @@
fail(regex_constants::error_bad_pattern, m_position - m_base);
return false;
}
+ // check for invalid repetition of next state:
+ b = this->getaddress(expected_alt_point);
+ b = this->getaddress(static_cast<re_alt*>(b)->next.i, b);
+ if((b->type != syntax_element_assert_backref)
+ && (b->type != syntax_element_startmark))
+ {
+ fail(regex_constants::error_badrepeat, m_position - m_base);
+ return false;
+ }
}
//
// append closing parenthesis state:
only in patch2:
unchanged:
--- boost-1.34.1.orig/libs/regex/test/regress/test_perl_ex.cpp
+++ boost-1.34.1/libs/regex/test/regress/test_perl_ex.cpp
@@ -121,6 +121,17 @@
TEST_INVALID_REGEX("(?:(a)|b)(?(?:", perl);
TEST_INVALID_REGEX("(?:(a)|b)(?(?<", perl);
TEST_INVALID_REGEX("(?:(a)|b)(?(?<a", perl);
+
+ TEST_INVALID_REGEX("(?(?!#?)+)", perl);
+ TEST_INVALID_REGEX("(?(?=:-){0})", perl);
+ TEST_INVALID_REGEX("(?(123){1})", perl);
+ TEST_INVALID_REGEX("(?(?<=A)*)", perl);
+ TEST_INVALID_REGEX("(?(?<=A)+)", perl);
+
+ TEST_INVALID_REGEX("(?<!*|^)", perl);
+ TEST_INVALID_REGEX("(?<!*|A)", perl);
+ TEST_INVALID_REGEX("(?<=?|A)", perl);
+ TEST_INVALID_REGEX("(?<=*|\\B)", perl);
}
void test_options()
only in patch2:
unchanged:
--- boost-1.34.1.orig/debian/patches/05_regex_fixes.patch
+++ boost-1.34.1/debian/patches/05_regex_fixes.patch
@@ -0,0 +1,56 @@
+diff -Naur ../unpatched/boost-1.34.1/boost/regex/v4/basic_regex_parser.hpp
boost-1.34.1/boost/regex/v4/basic_regex_parser.hpp
+--- ../unpatched/boost-1.34.1/boost/regex/v4/basic_regex_parser.hpp
2006-12-20 17:19:05.000000000 +0000
++++ boost-1.34.1/boost/regex/v4/basic_regex_parser.hpp 2008-01-15
18:20:54.000000000 +0000
+@@ -777,6 +777,7 @@
+ case syntax_element_restart_continue:
+ case syntax_element_jump:
+ case syntax_element_startmark:
++ case syntax_element_backstep:
+ // can't legally repeat any of the above:
+ fail(regex_constants::error_badrepeat, m_position - m_base);
+ return false;
+@@ -1862,6 +1863,7 @@
+ if(markid == -4)
+ {
+ re_syntax_base* b = this->getaddress(expected_alt_point);
++ // Make sure we have exactly one alternative following this state:
+ if(b->type != syntax_element_alt)
+ {
+ re_alt* alt =
static_cast<re_alt*>(this->insert_state(expected_alt_point, syntax_element_alt,
sizeof(re_alt)));
+@@ -1872,6 +1874,15 @@
+ fail(regex_constants::error_bad_pattern, m_position - m_base);
+ return false;
+ }
++ // check for invalid repetition of next state:
++ b = this->getaddress(expected_alt_point);
++ b = this->getaddress(static_cast<re_alt*>(b)->next.i, b);
++ if((b->type != syntax_element_assert_backref)
++ && (b->type != syntax_element_startmark))
++ {
++ fail(regex_constants::error_badrepeat, m_position - m_base);
++ return false;
++ }
+ }
+ //
+ // append closing parenthesis state:
+diff -Naur ../unpatched/boost-1.34.1/libs/regex/test/regress/test_perl_ex.cpp
boost-1.34.1/libs/regex/test/regress/test_perl_ex.cpp
+--- ../unpatched/boost-1.34.1/libs/regex/test/regress/test_perl_ex.cpp
2005-09-14 12:20:08.000000000 +0000
++++ boost-1.34.1/libs/regex/test/regress/test_perl_ex.cpp 2008-01-15
18:20:54.000000000 +0000
+@@ -121,6 +121,17 @@
+ TEST_INVALID_REGEX("(?:(a)|b)(?(?:", perl);
+ TEST_INVALID_REGEX("(?:(a)|b)(?(?<", perl);
+ TEST_INVALID_REGEX("(?:(a)|b)(?(?<a", perl);
++
++ TEST_INVALID_REGEX("(?(?!#?)+)", perl);
++ TEST_INVALID_REGEX("(?(?=:-){0})", perl);
++ TEST_INVALID_REGEX("(?(123){1})", perl);
++ TEST_INVALID_REGEX("(?(?<=A)*)", perl);
++ TEST_INVALID_REGEX("(?(?<=A)+)", perl);
++
++ TEST_INVALID_REGEX("(?<!*|^)", perl);
++ TEST_INVALID_REGEX("(?<!*|A)", perl);
++ TEST_INVALID_REGEX("(?<=?|A)", perl);
++ TEST_INVALID_REGEX("(?<=*|\\B)", perl);
+ }
+
+ void test_options()
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: boost
Source-Version: 1.34.1-5
We believe that the bug you reported is fixed in the latest version of
boost, which is due to be installed in the Debian FTP archive:
bcp_1.34.1-5_i386.deb
to pool/main/b/boost/bcp_1.34.1-5_i386.deb
boost_1.34.1-5.diff.gz
to pool/main/b/boost/boost_1.34.1-5.diff.gz
boost_1.34.1-5.dsc
to pool/main/b/boost/boost_1.34.1-5.dsc
libboost-date-time-dev_1.34.1-5_i386.deb
to pool/main/b/boost/libboost-date-time-dev_1.34.1-5_i386.deb
libboost-date-time1.34.1_1.34.1-5_i386.deb
to pool/main/b/boost/libboost-date-time1.34.1_1.34.1-5_i386.deb
libboost-dbg_1.34.1-5_i386.deb
to pool/main/b/boost/libboost-dbg_1.34.1-5_i386.deb
libboost-dev_1.34.1-5_i386.deb
to pool/main/b/boost/libboost-dev_1.34.1-5_i386.deb
libboost-doc_1.34.1-5_all.deb
to pool/main/b/boost/libboost-doc_1.34.1-5_all.deb
libboost-filesystem-dev_1.34.1-5_i386.deb
to pool/main/b/boost/libboost-filesystem-dev_1.34.1-5_i386.deb
libboost-filesystem1.34.1_1.34.1-5_i386.deb
to pool/main/b/boost/libboost-filesystem1.34.1_1.34.1-5_i386.deb
libboost-graph-dev_1.34.1-5_i386.deb
to pool/main/b/boost/libboost-graph-dev_1.34.1-5_i386.deb
libboost-graph1.34.1_1.34.1-5_i386.deb
to pool/main/b/boost/libboost-graph1.34.1_1.34.1-5_i386.deb
libboost-iostreams-dev_1.34.1-5_i386.deb
to pool/main/b/boost/libboost-iostreams-dev_1.34.1-5_i386.deb
libboost-iostreams1.34.1_1.34.1-5_i386.deb
to pool/main/b/boost/libboost-iostreams1.34.1_1.34.1-5_i386.deb
libboost-program-options-dev_1.34.1-5_i386.deb
to pool/main/b/boost/libboost-program-options-dev_1.34.1-5_i386.deb
libboost-program-options1.34.1_1.34.1-5_i386.deb
to pool/main/b/boost/libboost-program-options1.34.1_1.34.1-5_i386.deb
libboost-python-dev_1.34.1-5_i386.deb
to pool/main/b/boost/libboost-python-dev_1.34.1-5_i386.deb
libboost-python1.34.1_1.34.1-5_i386.deb
to pool/main/b/boost/libboost-python1.34.1_1.34.1-5_i386.deb
libboost-regex-dev_1.34.1-5_i386.deb
to pool/main/b/boost/libboost-regex-dev_1.34.1-5_i386.deb
libboost-regex1.34.1_1.34.1-5_i386.deb
to pool/main/b/boost/libboost-regex1.34.1_1.34.1-5_i386.deb
libboost-serialization-dev_1.34.1-5_i386.deb
to pool/main/b/boost/libboost-serialization-dev_1.34.1-5_i386.deb
libboost-serialization1.34.1_1.34.1-5_i386.deb
to pool/main/b/boost/libboost-serialization1.34.1_1.34.1-5_i386.deb
libboost-signals-dev_1.34.1-5_i386.deb
to pool/main/b/boost/libboost-signals-dev_1.34.1-5_i386.deb
libboost-signals1.34.1_1.34.1-5_i386.deb
to pool/main/b/boost/libboost-signals1.34.1_1.34.1-5_i386.deb
libboost-test-dev_1.34.1-5_i386.deb
to pool/main/b/boost/libboost-test-dev_1.34.1-5_i386.deb
libboost-test1.34.1_1.34.1-5_i386.deb
to pool/main/b/boost/libboost-test1.34.1_1.34.1-5_i386.deb
libboost-thread-dev_1.34.1-5_i386.deb
to pool/main/b/boost/libboost-thread-dev_1.34.1-5_i386.deb
libboost-thread1.34.1_1.34.1-5_i386.deb
to pool/main/b/boost/libboost-thread1.34.1_1.34.1-5_i386.deb
libboost-wave-dev_1.34.1-5_i386.deb
to pool/main/b/boost/libboost-wave-dev_1.34.1-5_i386.deb
libboost-wave1.34.1_1.34.1-5_i386.deb
to pool/main/b/boost/libboost-wave1.34.1_1.34.1-5_i386.deb
pyste_1.34.1-5_all.deb
to pool/main/b/boost/pyste_1.34.1-5_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steve M. Robbins <[EMAIL PROTECTED]> (supplier of updated boost package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 07 Feb 2008 23:16:01 -0600
Source: boost
Binary: bcp libboost-dbg libboost-dev libboost-doc libboost-date-time1.34.1
libboost-date-time-dev libboost-filesystem1.34.1 libboost-filesystem-dev
libboost-graph1.34.1 libboost-graph-dev libboost-iostreams1.34.1
libboost-iostreams-dev libboost-program-options1.34.1
libboost-program-options-dev libboost-python1.34.1 libboost-python-dev
libboost-regex1.34.1 libboost-regex-dev libboost-serialization1.34.1
libboost-serialization-dev libboost-signals1.34.1 libboost-signals-dev
libboost-test1.34.1 libboost-test-dev libboost-thread1.34.1 libboost-thread-dev
libboost-wave1.34.1 libboost-wave-dev pyste
Architecture: source all i386
Version: 1.34.1-5
Distribution: unstable
Urgency: medium
Maintainer: Debian Boost Team <[EMAIL PROTECTED]>
Changed-By: Steve M. Robbins <[EMAIL PROTECTED]>
Description:
bcp - tool for extracting subsets of Boost C++ Libraries
libboost-date-time-dev - set of date-time libraries based on generic
programming concepts
libboost-date-time1.34.1 - set of date-time libraries based on generic
programming concepts
libboost-dbg - Boost C++ Libraries with debug symbols
libboost-dev - Boost C++ Libraries development files
libboost-doc - Boost.org libraries documentation
libboost-filesystem-dev - filesystem operations (portable paths, iteration
over directories
libboost-filesystem1.34.1 - filesystem operations (portable paths, iteration
over directories
libboost-graph-dev - generic graph components and algorithms in C++
libboost-graph1.34.1 - generic graph components and algorithms in C++
libboost-iostreams-dev - Boost.Iostreams Library development files
libboost-iostreams1.34.1 - Boost.Iostreams Library
libboost-program-options-dev - program options library for C++
libboost-program-options1.34.1 - program options library for C++
libboost-python-dev - Boost.Python Library development files
libboost-python1.34.1 - Boost.Python Library
libboost-regex-dev - regular expression library for C++
libboost-regex1.34.1 - regular expression library for C++
libboost-serialization-dev - serialization library for C++
libboost-serialization1.34.1 - serialization library for C++
libboost-signals-dev - managed signals and slots library for C++
libboost-signals1.34.1 - managed signals and slots library for C++
libboost-test-dev - components for writing and executing test suites
libboost-test1.34.1 - components for writing and executing test suites
libboost-thread-dev - portable C++ multi-threading
libboost-thread1.34.1 - portable C++ multi-threading
libboost-wave-dev - C99/C++ preprocessor library
libboost-wave1.34.1 - C99/C++ preprocessor library
pyste - Boost.Python code generator
Closes: 458743 461236
Changes:
boost (1.34.1-5) unstable; urgency=medium
.
[ Domenico Andreoli ]
* Re-synchronized with friends from Ubuntu (thanks Jamie Strandboge).
- got fixes for CVE-2008-0171 and CVE-2008-0172. Closes: #461236.
* debian/patches/05_regex_fixes.patch: fix for
basic_regex_parser() in boost/regex/v4/basic_regex_parser.hpp to return
error on invalid repetition of next state
* References
CVE-2008-0171
CVE-2008-0172
http://svn.boost.org/trac/boost/changeset/42674
http://svn.boost.org/trac/boost/changeset/42745
.
[ Steve Robbins ]
* boost/function/function_base.hpp:
* boost/function/function_template.hpp: Replace with SVN head version to
fix boost http://svn.boost.org/trac/boost/ticket/1260.
Closes: #458743.
Files:
b8f2af0f84732230bd823420dc752d53 1497 libs optional boost_1.34.1-5.dsc
7533de2b4266347ec39c87b50a7017f6 59781 libs optional boost_1.34.1-5.diff.gz
bf46d657a7d17a57cf0798096f5ac3ba 9268290 doc optional
libboost-doc_1.34.1-5_all.deb
e980503944fb5f88b91fc9d27cf2decd 50164 python optional pyste_1.34.1-5_all.deb
d9a0f6ff5ae60e43d9e0838b5c9d8291 182080 libdevel optional bcp_1.34.1-5_i386.deb
42bae02b935fb133832685d2a2c24ddf 45495268 libdevel extra
libboost-dbg_1.34.1-5_i386.deb
579fa4a6aadfda5452814a43684ec633 1933114 libdevel optional
libboost-dev_1.34.1-5_i386.deb
6c68cd07b210e4b09391c0a8ee89cc22 57308 libs optional
libboost-date-time1.34.1_1.34.1-5_i386.deb
51dddaf5eb0a7615a114eaa5c1266d76 182862 libdevel optional
libboost-date-time-dev_1.34.1-5_i386.deb
806f07f67617718803df115421a83bfe 54904 libs optional
libboost-filesystem1.34.1_1.34.1-5_i386.deb
850c7a95ab07a3c4806d15dffeebb576 79564 libdevel optional
libboost-filesystem-dev_1.34.1-5_i386.deb
3c87e2d63cd10019dbb36b20d4107391 241356 libs optional
libboost-graph1.34.1_1.34.1-5_i386.deb
a0222cb36f464dc634635b365258f8e2 493982 libdevel optional
libboost-graph-dev_1.34.1-5_i386.deb
0f74dbd0b35cd87e40c292b88dfe78fd 44718 libs optional
libboost-iostreams1.34.1_1.34.1-5_i386.deb
7013f651740a36aafcd53dc84892cb80 129164 libdevel optional
libboost-iostreams-dev_1.34.1-5_i386.deb
ef6180ae5b9a0428affa76569961fbf7 186276 libs optional
libboost-program-options1.34.1_1.34.1-5_i386.deb
416baa368d36ed3a8e0cd51f3a2aa75b 267680 libdevel optional
libboost-program-options-dev_1.34.1-5_i386.deb
e7e8ac9b3943f09749e996dd574a5a2b 193436 python optional
libboost-python1.34.1_1.34.1-5_i386.deb
ede6616a0c4b7a606ce5b24952c5ec4d 357844 libdevel optional
libboost-python-dev_1.34.1-5_i386.deb
a0a3a4d890c28c09017d2afd51733bf9 542936 libs optional
libboost-regex1.34.1_1.34.1-5_i386.deb
8372d5eeeccb0ad823d8bd94b9ffff29 1040608 libdevel optional
libboost-regex-dev_1.34.1-5_i386.deb
7fece8c5781a0b8c0fb6a537965b1f55 393874 libs optional
libboost-serialization1.34.1_1.34.1-5_i386.deb
d47ef3388ac4330ddf60b5b05ca4b9b0 596744 libdevel optional
libboost-serialization-dev_1.34.1-5_i386.deb
fce2188b1207a573d849fed8051d7f18 70532 libs optional
libboost-signals1.34.1_1.34.1-5_i386.deb
f261b19b2c33d774a123ac66cc7fee35 89352 libdevel optional
libboost-signals-dev_1.34.1-5_i386.deb
914e08340546dae227ef94ac475fc374 225232 libs optional
libboost-test1.34.1_1.34.1-5_i386.deb
c2d7afd8714cbea50c78f1870d6ce3cb 442738 libdevel optional
libboost-test-dev_1.34.1-5_i386.deb
c486057ef5c12388cab076c484cb42bc 36884 libs optional
libboost-thread1.34.1_1.34.1-5_i386.deb
6c8664a16568a6656d965a7c8083fbfe 45966 libdevel optional
libboost-thread-dev_1.34.1-5_i386.deb
87b967991bb8c9ce2b3a726b9a030e48 445046 libs optional
libboost-wave1.34.1_1.34.1-5_i386.deb
9d54b50a755b84d214ebfdd178f3a355 812390 libdevel optional
libboost-wave-dev_1.34.1-5_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHrFZ90i2bPSHbMcURAqudAJ96YRxW6o3g61IARRVZiefftCR6KACeL5na
z5xJSl5KDFkWXNPrh24Wq7k=
=6AS+
-----END PGP SIGNATURE-----
--- End Message ---
