Package: release.debian.org Severity: serious User: release.debian....@packages.debian.org Usertags: pu security
Hi, Please pre-approve an upload to stable-security to update bogofilter for http://security-tracker.debian.org/tracker/CVE-2012-5468 Here's the diff against the package in squeeze (which, other than targeting stable-security, is the same as the one in unblock request #695139, for wheezy). Thanks, sez ps. I've verified that 1.2.2-2+squeeze1 is less than the wheezy release 1.2.2+dfsg1-1 diff --git a/debian/changelog b/debian/changelog index eb7c512..6b93ab8 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +bogofilter (1.2.2-2+squeeze1) stable-security; urgency=high + + * Cherry-pick fix and test for CVE-2012-5468 (aka bogofilter-SA-2012-01) + from upstream release 1.2.3. Setting urgency to high. closes: #695139. + + -- Serafeim Zanikolas <s...@debian.org> Tue, 04 Dec 2012 20:08:50 +0100 + bogofilter (1.2.2-2) unstable; urgency=high * Add debian/bogofilter-{bdb,sqlite,tokyocabinet}.preinst to remove diff --git a/debian/patches/sa-2012-01-fix.diff b/debian/patches/sa-2012-01-fix.diff new file mode 100644 index 0000000..3214560 --- /dev/null +++ b/debian/patches/sa-2012-01-fix.diff @@ -0,0 +1,70 @@ +# Description: apply fix and test for CVE-2012-5468 (aka bogofilter-SA-2012-01) +# Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695139 +# Author: Matthias Andree +# Last-Update: 2012-12-03 +--- a/src/iconvert.c ++++ b/src/iconvert.c +@@ -76,7 +76,7 @@ + outbuf = (char *)dst->t.u.text + dst->t.leng; + outbytesleft = dst->size - dst->read - dst->t.leng; + +- if (outbytesleft == 0) ++ if (outbytesleft <= 0) + break; + + /* +@@ -141,6 +141,10 @@ + switch (err) { + case EILSEQ: /* invalid multibyte sequence */ + case EINVAL: /* incomplete multibyte sequence */ ++ if(outbytesleft <= 0) { ++ done = true; ++ break; ++ } + /* copy 1 byte (or substitute a '?') */ + if (!replace_nonascii_characters) + *outbuf = *inbuf; +--- a/src/tests/Makefile.am ++++ b/src/tests/Makefile.am +@@ -45,6 +45,7 @@ + t.multiple.tokens.head t.multiple.tokens.body t.multiple.tokens.min.mul \ + $(ENCODING_TESTS) \ + t.rfc2047_broken t.rfc2047_folded \ ++ t.crash-invalid-base64 \ + t.message_addr t.message_id t.queue_id + + WORDLIST_TESTS = t.dump.load t.nonascii.replace t.maint t.robx t.regtest t.upgrade.subnet.prefix t.multiple.wordlists t.probe t.bf_compact +--- /dev/null ++++ b/src/tests/t.crash-invalid-base64 +@@ -0,0 +1,21 @@ ++#! /bin/sh ++ ++. ${srcdir:=.}/t.frame ++ ++# make sure that we do not crash on excessively long tokens ++# Test program by Julius Plenz, TU Berlin. ++perl -e ' ++print <<EOF ++Content-Type: multipart/mixed;boundary="----=_20121014031204_57463" ++ ++------=_20121014031204_57463 ++Content-Type: text/plain; charset="utf-8" ++ ++------=_20121014031204_57463 ++Content-Transfer-Encoding: base64 ++ ++EOF ++; ++print(("vfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvf\n")x600); ++print "------=_20121014031204_57463--";' \ ++| $VAL $BOGOFILTER -p -e -C > /dev/null +--- a/src/tests/Makefile.in ++++ b/src/tests/Makefile.in +@@ -269,6 +269,7 @@ + t.multiple.tokens.head t.multiple.tokens.body t.multiple.tokens.min.mul \ + $(ENCODING_TESTS) \ + t.rfc2047_broken t.rfc2047_folded \ ++ t.crash-invalid-base64 \ + t.message_addr t.message_id t.queue_id + + WORDLIST_TESTS = t.dump.load t.nonascii.replace t.maint t.robx t.regtest t.upgrade.subnet.prefix t.multiple.wordlists t.probe t.bf_compact diff --git a/debian/patches/series b/debian/patches/series index 623fd92..cbc11bd 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1 +1,2 @@ +sa-2012-01-fix.diff use-tar-instead-of-pax.diff -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 3.2.0-2-686-pae (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
