Bug#807698: srtp: diff for NMU version 1.4.5~20130609~dfsg-1.2

Sun, 03 Apr 2016 00:22:00 -0700 

Control: tags 807698 + pending

Dear maintainer,

I've prepared an NMU for srtp (versioned as 1.4.5~20130609~dfsg-1.2) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer. It is just what Markus has already prepared as
well done for unstable.

Regards,
Salvatore

diff -Nru srtp-1.4.5~20130609~dfsg/debian/changelog srtp-1.4.5~20130609~dfsg/debian/changelog
--- srtp-1.4.5~20130609~dfsg/debian/changelog	2014-10-13 22:28:31.000000000 +0200
+++ srtp-1.4.5~20130609~dfsg/debian/changelog	2016-04-03 09:07:07.000000000 +0200
@@ -1,3 +1,13 @@
+srtp (1.4.5~20130609~dfsg-1.2) unstable; urgency=high
+
+  [ Markus Koschany ]
+  * Non-maintainer upload.
+  * Add CVE-2015-6360.patch.
+    Prevent potential DoS attack due to lack of bounds checking on RTP header
+    CSRC count and extension header length. (Closes: #807698)
+
+ -- Salvatore Bonaccorso <car...@debian.org>  Sat, 02 Apr 2016 19:43:20 +0200
+
 srtp (1.4.5~20130609~dfsg-1.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru srtp-1.4.5~20130609~dfsg/debian/patches/CVE-2015-6360.patch srtp-1.4.5~20130609~dfsg/debian/patches/CVE-2015-6360.patch
--- srtp-1.4.5~20130609~dfsg/debian/patches/CVE-2015-6360.patch	1970-01-01 01:00:00.000000000 +0100
+++ srtp-1.4.5~20130609~dfsg/debian/patches/CVE-2015-6360.patch	2016-04-03 09:07:07.000000000 +0200
@@ -0,0 +1,27 @@
+From: Markus Koschany <a...@debian.org>
+Date: Thu, 31 Mar 2016 21:09:43 +0200
+Subject: CVE-2015-6360
+
+Prevent potential DoS attack due to lack of bounds checking on RTP header
+CSRC count and extension header length. Only the srtp_unprotect function is
+affected. AEAD mode does not exist.
+
+Debian-Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807698
+Origin: https://github.com/cisco/libsrtp/commit/704a31774db0dd941094fd2b47c21638b8dc3de2
+---
+ srtp/srtp.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/srtp/srtp.c b/srtp/srtp.c
+index 7fd19e6..ef7ac62 100644
+--- a/srtp/srtp.c
++++ b/srtp/srtp.c
+@@ -1084,6 +1084,8 @@ srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) {
+       srtp_hdr_xtnd_t *xtn_hdr = (srtp_hdr_xtnd_t *)enc_start;
+       enc_start += (ntohs(xtn_hdr->length) + 1);
+     }  
++    if (!((uint8_t*)enc_start < (uint8_t*)hdr + (*pkt_octet_len - tag_len)))
++        return err_status_parse_err;
+     enc_octet_len = (uint32_t)(*pkt_octet_len - tag_len 
+ 			       - ((enc_start - (uint32_t *)hdr) << 2));
+   } else {
diff -Nru srtp-1.4.5~20130609~dfsg/debian/patches/series srtp-1.4.5~20130609~dfsg/debian/patches/series
--- srtp-1.4.5~20130609~dfsg/debian/patches/series	2014-10-13 22:28:11.000000000 +0200
+++ srtp-1.4.5~20130609~dfsg/debian/patches/series	2016-04-03 09:07:07.000000000 +0200
@@ -7,3 +7,4 @@
 1008_shared-lib.patch
 2001_make_shellscript_noisy.patch
 2002_define_missing_latex_cmd_plus.patch
+CVE-2015-6360.patch

Reply via email to