Debian Bug report logs -
#695614
CVE-2012-6303: buffer overflows
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon, 10 Dec 2012 20:24:01 UTC
Severity: grave
Tags: patch, security
Fixed in versions snack/2.2.10-dfsg1-12.1, snack/2.2.10-dfsg1-9+squeeze1
Done: Sergei Golovan <sgolovan@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Sergei Golovan <sgolovan@debian.org>
:
Bug#695614
; Package snack
.
(Mon, 10 Dec 2012 20:24:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
New Bug report received and forwarded. Copy sent to Sergei Golovan <sgolovan@debian.org>
.
(Mon, 10 Dec 2012 20:24:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: snack
Severity: important
Tags: security
Hi,
the following vulnerability was published for snack.
CVE-2012-6303[0]:
WaveSurfer and Snack Sound Toolkit buffer overflows
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6303
http://security-tracker.debian.org/tracker/CVE-2012-6303
[1] http://www.openwall.com/lists/oss-security/2012/12/10/2
Please adjust the affected versions in the BTS as needed.
p.s.: I haven't done further investigation, only reporting/forwarding
from oss-security mailinglist.
Regards,
Salvatore
[signature.asc (application/pgp-signature, inline)]
Added indication that 695614 affects wavesurfer
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Tue, 11 Dec 2012 08:39:09 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Sergei Golovan <sgolovan@debian.org>
:
Bug#695614
; Package snack
.
(Tue, 11 Dec 2012 09:36:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Extra info received and forwarded to list. Copy sent to Sergei Golovan <sgolovan@debian.org>
.
(Tue, 11 Dec 2012 09:36:03 GMT) (full text, mbox, link).
Message #12 received at 695614@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Control: severity -1 grave
Hi
[09:51] < jmm> the commits look good, thanks. for buffer overflows it's best to file an RC bug by default.
[09:51] < jmm> if further analysis shows that it's more harmless it can still be downgrade
So I'm raising the severity as it's about buffer overflows.
Regards,
Salvatore
[signature.asc (application/pgp-signature, inline)]
Severity set to 'grave' from 'important'
Request was from Salvatore Bonaccorso <carnil@debian.org>
to 695614-submit@bugs.debian.org
.
(Tue, 11 Dec 2012 09:36:03 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Sergei Golovan <sgolovan@debian.org>
:
Bug#695614
; Package snack
.
(Tue, 01 Jan 2013 23:39:09 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Karcher <Michael.Karcher@fu-berlin.de>
:
Extra info received and forwarded to list. Copy sent to Sergei Golovan <sgolovan@debian.org>
.
(Tue, 01 Jan 2013 23:39:09 GMT) (full text, mbox, link).
Message #19 received at 695614@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
The attached patch fixes the buffer overrun for the fixed-size header
buffer.
[fix-overflow-in-getheaderbytes.diff (text/x-patch, attachment)]
Added tag(s) patch.
Request was from John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
to control@bugs.debian.org
.
(Tue, 01 Jan 2013 23:42:08 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Sergei Golovan <sgolovan@debian.org>
:
Bug#695614
; Package snack
.
(Wed, 02 Jan 2013 00:03:03 GMT) (full text, mbox, link).
Acknowledgement sent
to John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
:
Extra info received and forwarded to list. Copy sent to Sergei Golovan <sgolovan@debian.org>
.
(Wed, 02 Jan 2013 00:03:03 GMT) (full text, mbox, link).
Message #26 received at 695614@bugs.debian.org (full text, mbox, reply):
On Wed, Jan 02, 2013 at 12:36:06AM +0100, Michael Karcher wrote:
> The attached patch fixes the buffer overrun for the fixed-size header
> buffer.
I have verified the patch to work and I am currently preparing an
updated snack package. I used the crafted WAV file from [1] and with
the patched snack library, WaveSurfer no longer crashes.
Cheers,
Adrian
> [1] http://www.exploit-db.com/exploits/19772/
--
.''`. John Paul Adrian Glaubitz
: :' : Debian Developer - glaubitz@debian.org
`. `' Freie Universitaet Berlin - glaubitz@physik.fu-berlin.de
`- GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913
Reply sent
to John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
:
You have taken responsibility.
(Wed, 02 Jan 2013 00:21:03 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug acknowledged by developer.
(Wed, 02 Jan 2013 00:21:03 GMT) (full text, mbox, link).
Message #31 received at 695614-close@bugs.debian.org (full text, mbox, reply):
Source: snack
Source-Version: 2.2.10-dfsg1-12.1
We believe that the bug you reported is fixed in the latest version of
snack, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 695614@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> (supplier of updated snack package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 02 Jan 2013 00:56:47 +0100
Source: snack
Binary: libsnack2 libsnack2-alsa python-tksnack libsnack2-dev libsnack2-doc
Architecture: source amd64 all
Version: 2.2.10-dfsg1-12.1
Distribution: unstable
Urgency: low
Maintainer: Sergei Golovan <sgolovan@debian.org>
Changed-By: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Description:
libsnack2 - Sound extension to Tcl/Tk and Python/Tkinter - Tcl/Tk library
libsnack2-alsa - Sound extension to Tcl/Tk and Python/Tkinter - Tcl/Tk library
libsnack2-dev - Sound extension to Tcl/Tk and Python/Tkinter - development files
libsnack2-doc - Sound extension to Tcl/Tk and Python/Tkinter - documentation
python-tksnack - Sound extension to Tcl/Tk and Python/Tkinter - Python library
Closes: 695614
Changes:
snack (2.2.10-dfsg1-12.1) unstable; urgency=low
.
* Non-maintainer upload.
* Include patch by Michael Karcher to fix CVE-2012-6303 (Closes: #695614).
Checksums-Sha1:
d904cedf3a86fec64ab3f45bd960776d400d5265 2053 snack_2.2.10-dfsg1-12.1.dsc
05e3b4269a60c0132b29a4c105ef783afd313aa5 656156 snack_2.2.10-dfsg1.orig.tar.gz
4c534576af9d714b2d64a6687e49bc05531b08a7 9766 snack_2.2.10-dfsg1-12.1.diff.gz
900ec5acdb9eb8e7ad4e69c94b4204a8512e02ff 414202 libsnack2_2.2.10-dfsg1-12.1_amd64.deb
96b574a5c37b5ed0fcde8e946ec4c3957418a58f 59012 libsnack2-dev_2.2.10-dfsg1-12.1_amd64.deb
3097f11ce5bf38ad240cf6fc31ae8f5e5bc4f2fe 407514 libsnack2-alsa_2.2.10-dfsg1-12.1_amd64.deb
4ea50258d6a2fbccde6896539edf0d39e7d1c1f7 32826 python-tksnack_2.2.10-dfsg1-12.1_all.deb
802a851f1c3d9212531e6c3f307fd792cc53dbba 226582 libsnack2-doc_2.2.10-dfsg1-12.1_all.deb
Checksums-Sha256:
cda1d5fe7749acd8f7bf5de050dd96aae23a08975550be8ee3403db006d2e967 2053 snack_2.2.10-dfsg1-12.1.dsc
596396e3c7dcace8fd112a9e16d027d37f7f227096fb1b03afe1ef28f9311ac4 656156 snack_2.2.10-dfsg1.orig.tar.gz
1e40efaaac14b3aba17886f825302c2f3964937dd39755fcd9d5461f793bd598 9766 snack_2.2.10-dfsg1-12.1.diff.gz
f20a2f534376faa5e67d8cb7bc9b722e0aada564d210d16f92a5acc94c4d58ed 414202 libsnack2_2.2.10-dfsg1-12.1_amd64.deb
bcefb10187fe6ebc0801174ba392a3263aa98c4fd74f529c444cbf97ba70ae22 59012 libsnack2-dev_2.2.10-dfsg1-12.1_amd64.deb
02ee4e0d582bb232582a6d1842ff71f723691e63f4ef33776343b258a3ca3226 407514 libsnack2-alsa_2.2.10-dfsg1-12.1_amd64.deb
1bd9bfba91681c3b31ef8e5760cc11bd2116632bd1d2ad9ab35840673d7e6527 32826 python-tksnack_2.2.10-dfsg1-12.1_all.deb
76b35f58918141230c5201a6afa49e5655f8fa5edc161698d7e2e737f1f245a2 226582 libsnack2-doc_2.2.10-dfsg1-12.1_all.deb
Files:
e620bd1d7793afdb949a6172881352b9 2053 sound optional snack_2.2.10-dfsg1-12.1.dsc
7b29d83a8dc163ea8dcf7bf3f461db79 656156 sound optional snack_2.2.10-dfsg1.orig.tar.gz
f20481a0b6ef43f94c9dea52191a44d5 9766 sound optional snack_2.2.10-dfsg1-12.1.diff.gz
b2596d732330dcd683f11a10987d7526 414202 libs optional libsnack2_2.2.10-dfsg1-12.1_amd64.deb
ac17f159312cb884e7cd5865e35bbe6a 59012 libdevel optional libsnack2-dev_2.2.10-dfsg1-12.1_amd64.deb
4431a4f10e6981959778bfddf54aef3e 407514 libs optional libsnack2-alsa_2.2.10-dfsg1-12.1_amd64.deb
71ad97f3b2aa5dc43707c9d263d421f8 32826 python optional python-tksnack_2.2.10-dfsg1-12.1_all.deb
686697d0e0aadec3e5525982bcb93ec7 226582 doc optional libsnack2-doc_2.2.10-dfsg1-12.1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJQ43jFAAoJEHQmOzf1tfkT6zwP/3UFVYVldNJSZUjNFUgfg4bo
ejCh4zVmCL8rC5/l2zaSP+mxKi4oNCLyepnltIot4sgonK/tNvfXB1Fi4iBZuDA8
t1c8/kzMKVfbGsn7XNuEhvWfFbY303nNMS8l22wsoDBqQY3IWmEussRUUhEtbwQx
zgAAPXG0JvjSQkQlCgC5RbMTZDwokaPLqlVsRyM9Z/BhJN9NmRbRbLmvch4ftayq
SCjfOPizn+cfZjrWw38iD3ldcNTaUcztf2mfPWFUbtDReWKs2eQpnLpEMq9cKZuc
nrFFb8ArbsjET4qQmQSdwjQ+0ndhB/IbrrKzHLIPCvl/zkSOv+z/wpfThOm+Zh+H
CMj2leaIA1FgPfX+1To79FGfPED72sQF3pjU0IoLr0AikGsiGhk05fut9sbsqqGA
zKdlkBr1MQOM0qXwqgMFrillpoEmFt2TcwkCaztIhHZZD93/chwvu2CJabW3A6v6
RR/8cbFd/yT5Uye1+nlSCmL5swPnyCsuX3eS0JePQLSJqhIhjV4+ZDymgWCzfwrt
WcnvJKACX9USufK8gvRbUwm9or/Hlc9OmhNHFMeXVbjzYtOsGIh8sSWCtOn18zXu
GJd5jpc7b9Owgj5nA046Mbd/zeKTog6E6U79c+ImNa+j4psdhcHA2Ws+csvVh5Tn
7EsS4PSj6KJ64e8RyQhW
=nwOY
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, Sergei Golovan <sgolovan@debian.org>
:
Bug#695614
; Package snack
.
(Thu, 17 Jan 2013 23:36:08 GMT) (full text, mbox, link).
Acknowledgement sent
to Jonathan Wiltshire <jmw@debian.org>
:
Extra info received and forwarded to list. Copy sent to Sergei Golovan <sgolovan@debian.org>
.
(Thu, 17 Jan 2013 23:36:08 GMT) (full text, mbox, link).
Message #36 received at 695614@bugs.debian.org (full text, mbox, reply):
Package: snack
Dear maintainer,
Recently you fixed one or more security problems and as a result you closed
this bug. These problems were not serious enough for a Debian Security
Advisory, so they are now on my radar for fixing in the following suites
through point releases:
squeeze (6.0.7) - use target "stable"
Please prepare a minimal-changes upload targetting each of these suites,
and submit a debdiff to the Release Team [0] for consideration. They will
offer additional guidance or instruct you to upload your package.
I will happily assist you at any stage if the patch is straightforward and
you need help. Please keep me in CC at all times so I can
track [1] the progress of this request.
For details of this process and the rationale, please see the original
announcement [2] and my blog post [3].
0: debian-release@lists.debian.org
1: http://prsc.debian.net/tracker/695614/
2: <201101232332.11736.thijs@debian.org>
3: http://deb.li/prsc
Thanks,
with his security hat on:
--
Jonathan Wiltshire jmw@debian.org
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
Information forwarded
to debian-bugs-dist@lists.debian.org, Sergei Golovan <sgolovan@debian.org>
:
Bug#695614
; Package snack
.
(Fri, 18 Jan 2013 05:51:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Sergei Golovan <sgolovan@nes.ru>
:
Extra info received and forwarded to list. Copy sent to Sergei Golovan <sgolovan@debian.org>
.
(Fri, 18 Jan 2013 05:51:03 GMT) (full text, mbox, link).
Message #41 received at 695614@bugs.debian.org (full text, mbox, reply):
Hi Jonathan.
On Thu, Jan 17, 2013 at 3:42 PM, Jonathan Wiltshire <jmw@debian.org> wrote:
>
> Please prepare a minimal-changes upload targetting each of these suites,
> and submit a debdiff to the Release Team [0] for consideration. They will
> offer additional guidance or instruct you to upload your package.
I'll do that in a few days. Thank you for the reminder.
Cheers!
--
Sergei Golovan
Reply sent
to Sergei Golovan <sgolovan@debian.org>
:
You have taken responsibility.
(Wed, 30 Jan 2013 21:03:03 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug acknowledged by developer.
(Wed, 30 Jan 2013 21:03:04 GMT) (full text, mbox, link).
Message #46 received at 695614-close@bugs.debian.org (full text, mbox, reply):
Source: snack
Source-Version: 2.2.10-dfsg1-9+squeeze1
We believe that the bug you reported is fixed in the latest version of
snack, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 695614@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sergei Golovan <sgolovan@debian.org> (supplier of updated snack package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 29 Oct 2009 21:58:50 +0300
Source: snack
Binary: libsnack2 libsnack2-alsa python-tksnack libsnack2-dev libsnack2-doc
Architecture: source i386 all
Version: 2.2.10-dfsg1-9+squeeze1
Distribution: stable
Urgency: low
Maintainer: Sergei Golovan <sgolovan@debian.org>
Changed-By: Sergei Golovan <sgolovan@debian.org>
Description:
libsnack2 - Sound extension to Tcl/Tk and Python/Tkinter - Tcl/Tk library
libsnack2-alsa - Sound extension to Tcl/Tk and Python/Tkinter - Tcl/Tk library
libsnack2-dev - Sound extension to Tcl/Tk and Python/Tkinter - development files
libsnack2-doc - Sound extension to Tcl/Tk and Python/Tkinter - documentation
python-tksnack - Sound extension to Tcl/Tk and Python/Tkinter - Python library
Closes: 695614
Changes:
snack (2.2.10-dfsg1-9+squeeze1) stable; urgency=low
.
* Included patch by Michael Karcher to fix CVE-2012-6303 (closes: #695614).
Checksums-Sha1:
45a301b74c5fdf69bd74bba9ac873cceaf97680c 1265 snack_2.2.10-dfsg1-9+squeeze1.dsc
7272b114a8feb717fce380da5018042c67cd5620 8326 snack_2.2.10-dfsg1-9+squeeze1.diff.gz
e3743eafa7fd033f92d54850ccdcca3fce4694f2 366576 libsnack2_2.2.10-dfsg1-9+squeeze1_i386.deb
5e15cc2f68fc6ebb31e59b66b1f0c98c7b78dae8 58652 libsnack2-dev_2.2.10-dfsg1-9+squeeze1_i386.deb
48282a55aa75e422f69cbbed33eec1ecc5db4419 359500 libsnack2-alsa_2.2.10-dfsg1-9+squeeze1_i386.deb
d9f07ca696604cbf3ebcfc57b92c1869b60e16b0 32796 python-tksnack_2.2.10-dfsg1-9+squeeze1_all.deb
7c2dda2f00ed344da432bccd4af7c89307f6f36e 223076 libsnack2-doc_2.2.10-dfsg1-9+squeeze1_all.deb
Checksums-Sha256:
b4334f17d13d168cb6ac6847d5b665bafe2cd497146808bdc4af06b2ba7a2ce6 1265 snack_2.2.10-dfsg1-9+squeeze1.dsc
86f9ae2fa71d66187058c511a9a4caab0831856d641997dec303170d381a8091 8326 snack_2.2.10-dfsg1-9+squeeze1.diff.gz
569804ad04bcc2647bcf3ce4441e34c34a5b2cacd051836725b40f9698dd6189 366576 libsnack2_2.2.10-dfsg1-9+squeeze1_i386.deb
6f81f4ab24e3c66ca958afa804fcb3290f72835b2e7ccbc12046d17a4fabf5b9 58652 libsnack2-dev_2.2.10-dfsg1-9+squeeze1_i386.deb
76db158f730fea303d1dccc51946488c3437baad9474d8115b2c7bc531109285 359500 libsnack2-alsa_2.2.10-dfsg1-9+squeeze1_i386.deb
14915d0dcf4402ffd16b15451250be5c8109d415a4821ecbd035394110e5649e 32796 python-tksnack_2.2.10-dfsg1-9+squeeze1_all.deb
5d09b569c7799892e1603d57c87a903099daecd58629cbea51e6e4f5f1fab3dd 223076 libsnack2-doc_2.2.10-dfsg1-9+squeeze1_all.deb
Files:
4df58757105754079f59d5008d2ed2ad 1265 sound optional snack_2.2.10-dfsg1-9+squeeze1.dsc
fb5d47f81d349f7684f576e36e7766f4 8326 sound optional snack_2.2.10-dfsg1-9+squeeze1.diff.gz
4b3ce03f1ffdad5e9bd3e963a4142dc2 366576 libs optional libsnack2_2.2.10-dfsg1-9+squeeze1_i386.deb
eb0d73e4862d7fdf73836074eaeb2908 58652 libdevel optional libsnack2-dev_2.2.10-dfsg1-9+squeeze1_i386.deb
20ff666e3f2689ac2067592d33706780 359500 libs optional libsnack2-alsa_2.2.10-dfsg1-9+squeeze1_i386.deb
1d28ec48477762e9c14fb98f6bfabf6a 32796 python optional python-tksnack_2.2.10-dfsg1-9+squeeze1_all.deb
936373a38ed052b3984dc647c7a140ae 223076 doc optional libsnack2-doc_2.2.10-dfsg1-9+squeeze1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFRCLr6IcdH02pGEFIRAoyWAJ9WzlByoeYU4XBz7DAYaoV7g0hDMgCfb2cR
o5OBy8onYqz2httrZgiTLgM=
=Yjx4
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Thu, 28 Feb 2013 07:25:58 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:34:16 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.