CVE-2012-6303: buffer overflows

Debian Bug report logs - #695614
CVE-2012-6303: buffer overflows

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: submit@bugs.debian.org

Subject: CVE-2012-6303: buffer overflows

Date: Mon, 10 Dec 2012 21:20:59 +0100

[Message part 1 (text/plain, inline)]

Package: snack
Severity: important
Tags: security

Hi,
the following vulnerability was published for snack.

CVE-2012-6303[0]:
WaveSurfer and Snack Sound Toolkit buffer overflows

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6303
    http://security-tracker.debian.org/tracker/CVE-2012-6303
[1] http://www.openwall.com/lists/oss-security/2012/12/10/2

Please adjust the affected versions in the BTS as needed.

p.s.: I haven't done further investigation, only reporting/forwarding
      from oss-security mailinglist.

Regards,
Salvatore

[signature.asc (application/pgp-signature, inline)]

Message #12 received at 695614@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 695614@bugs.debian.org

Subject: Re: Bug#695614: CVE-2012-6303: buffer overflows

Date: Tue, 11 Dec 2012 10:32:45 +0100

[Message part 1 (text/plain, inline)]

Control: severity -1 grave

Hi

[09:51] < jmm> the commits look good, thanks. for buffer overflows it's best to file an RC bug by default.
[09:51] < jmm> if further analysis shows that it's more harmless it can still be downgrade

So I'm raising the severity as it's about buffer overflows.

Regards,
Salvatore

[signature.asc (application/pgp-signature, inline)]

Message #19 received at 695614@bugs.debian.org (full text, mbox, reply):

From: Michael Karcher <Michael.Karcher@fu-berlin.de>

To: 695614@bugs.debian.org

Subject: CVE-2012-6303: buffer overflows

Date: Wed, 02 Jan 2013 00:36:06 +0100

[Message part 1 (text/plain, inline)]

The attached patch fixes the buffer overrun for the fixed-size header
buffer.

[fix-overflow-in-getheaderbytes.diff (text/x-patch, attachment)]

Message #26 received at 695614@bugs.debian.org (full text, mbox, reply):

From: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>

To: Michael Karcher <Michael.Karcher@fu-berlin.de>

Cc: 695614@bugs.debian.org

Subject: Re: CVE-2012-6303: buffer overflows

Date: Wed, 2 Jan 2013 01:00:56 +0100

On Wed, Jan 02, 2013 at 12:36:06AM +0100, Michael Karcher wrote:
> The attached patch fixes the buffer overrun for the fixed-size header
> buffer.

I have verified the patch to work and I am currently preparing an
updated snack package. I used the crafted WAV file from [1] and with
the patched snack library, WaveSurfer no longer crashes.

Cheers,

Adrian

> [1] http://www.exploit-db.com/exploits/19772/

-- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaubitz@debian.org
`. `'   Freie Universitaet Berlin - glaubitz@physik.fu-berlin.de
  `-    GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Message #31 received at 695614-close@bugs.debian.org (full text, mbox, reply):

From: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>

To: 695614-close@bugs.debian.org

Subject: Bug#695614: fixed in snack 2.2.10-dfsg1-12.1

Date: Wed, 02 Jan 2013 00:17:31 +0000

Source: snack
Source-Version: 2.2.10-dfsg1-12.1

We believe that the bug you reported is fixed in the latest version of
snack, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 695614@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> (supplier of updated snack package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 02 Jan 2013 00:56:47 +0100
Source: snack
Binary: libsnack2 libsnack2-alsa python-tksnack libsnack2-dev libsnack2-doc
Architecture: source amd64 all
Version: 2.2.10-dfsg1-12.1
Distribution: unstable
Urgency: low
Maintainer: Sergei Golovan <sgolovan@debian.org>
Changed-By: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Description: 
 libsnack2  - Sound extension to Tcl/Tk and Python/Tkinter - Tcl/Tk library
 libsnack2-alsa - Sound extension to Tcl/Tk and Python/Tkinter - Tcl/Tk library
 libsnack2-dev - Sound extension to Tcl/Tk and Python/Tkinter - development files
 libsnack2-doc - Sound extension to Tcl/Tk and Python/Tkinter - documentation
 python-tksnack - Sound extension to Tcl/Tk and Python/Tkinter - Python library
Closes: 695614
Changes: 
 snack (2.2.10-dfsg1-12.1) unstable; urgency=low
 .
   * Non-maintainer upload.
   * Include patch by Michael Karcher to fix CVE-2012-6303 (Closes: #695614).
Checksums-Sha1: 
 d904cedf3a86fec64ab3f45bd960776d400d5265 2053 snack_2.2.10-dfsg1-12.1.dsc
 05e3b4269a60c0132b29a4c105ef783afd313aa5 656156 snack_2.2.10-dfsg1.orig.tar.gz
 4c534576af9d714b2d64a6687e49bc05531b08a7 9766 snack_2.2.10-dfsg1-12.1.diff.gz
 900ec5acdb9eb8e7ad4e69c94b4204a8512e02ff 414202 libsnack2_2.2.10-dfsg1-12.1_amd64.deb
 96b574a5c37b5ed0fcde8e946ec4c3957418a58f 59012 libsnack2-dev_2.2.10-dfsg1-12.1_amd64.deb
 3097f11ce5bf38ad240cf6fc31ae8f5e5bc4f2fe 407514 libsnack2-alsa_2.2.10-dfsg1-12.1_amd64.deb
 4ea50258d6a2fbccde6896539edf0d39e7d1c1f7 32826 python-tksnack_2.2.10-dfsg1-12.1_all.deb
 802a851f1c3d9212531e6c3f307fd792cc53dbba 226582 libsnack2-doc_2.2.10-dfsg1-12.1_all.deb
Checksums-Sha256: 
 cda1d5fe7749acd8f7bf5de050dd96aae23a08975550be8ee3403db006d2e967 2053 snack_2.2.10-dfsg1-12.1.dsc
 596396e3c7dcace8fd112a9e16d027d37f7f227096fb1b03afe1ef28f9311ac4 656156 snack_2.2.10-dfsg1.orig.tar.gz
 1e40efaaac14b3aba17886f825302c2f3964937dd39755fcd9d5461f793bd598 9766 snack_2.2.10-dfsg1-12.1.diff.gz
 f20a2f534376faa5e67d8cb7bc9b722e0aada564d210d16f92a5acc94c4d58ed 414202 libsnack2_2.2.10-dfsg1-12.1_amd64.deb
 bcefb10187fe6ebc0801174ba392a3263aa98c4fd74f529c444cbf97ba70ae22 59012 libsnack2-dev_2.2.10-dfsg1-12.1_amd64.deb
 02ee4e0d582bb232582a6d1842ff71f723691e63f4ef33776343b258a3ca3226 407514 libsnack2-alsa_2.2.10-dfsg1-12.1_amd64.deb
 1bd9bfba91681c3b31ef8e5760cc11bd2116632bd1d2ad9ab35840673d7e6527 32826 python-tksnack_2.2.10-dfsg1-12.1_all.deb
 76b35f58918141230c5201a6afa49e5655f8fa5edc161698d7e2e737f1f245a2 226582 libsnack2-doc_2.2.10-dfsg1-12.1_all.deb
Files: 
 e620bd1d7793afdb949a6172881352b9 2053 sound optional snack_2.2.10-dfsg1-12.1.dsc
 7b29d83a8dc163ea8dcf7bf3f461db79 656156 sound optional snack_2.2.10-dfsg1.orig.tar.gz
 f20481a0b6ef43f94c9dea52191a44d5 9766 sound optional snack_2.2.10-dfsg1-12.1.diff.gz
 b2596d732330dcd683f11a10987d7526 414202 libs optional libsnack2_2.2.10-dfsg1-12.1_amd64.deb
 ac17f159312cb884e7cd5865e35bbe6a 59012 libdevel optional libsnack2-dev_2.2.10-dfsg1-12.1_amd64.deb
 4431a4f10e6981959778bfddf54aef3e 407514 libs optional libsnack2-alsa_2.2.10-dfsg1-12.1_amd64.deb
 71ad97f3b2aa5dc43707c9d263d421f8 32826 python optional python-tksnack_2.2.10-dfsg1-12.1_all.deb
 686697d0e0aadec3e5525982bcb93ec7 226582 doc optional libsnack2-doc_2.2.10-dfsg1-12.1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJQ43jFAAoJEHQmOzf1tfkT6zwP/3UFVYVldNJSZUjNFUgfg4bo
ejCh4zVmCL8rC5/l2zaSP+mxKi4oNCLyepnltIot4sgonK/tNvfXB1Fi4iBZuDA8
t1c8/kzMKVfbGsn7XNuEhvWfFbY303nNMS8l22wsoDBqQY3IWmEussRUUhEtbwQx
zgAAPXG0JvjSQkQlCgC5RbMTZDwokaPLqlVsRyM9Z/BhJN9NmRbRbLmvch4ftayq
SCjfOPizn+cfZjrWw38iD3ldcNTaUcztf2mfPWFUbtDReWKs2eQpnLpEMq9cKZuc
nrFFb8ArbsjET4qQmQSdwjQ+0ndhB/IbrrKzHLIPCvl/zkSOv+z/wpfThOm+Zh+H
CMj2leaIA1FgPfX+1To79FGfPED72sQF3pjU0IoLr0AikGsiGhk05fut9sbsqqGA
zKdlkBr1MQOM0qXwqgMFrillpoEmFt2TcwkCaztIhHZZD93/chwvu2CJabW3A6v6
RR/8cbFd/yT5Uye1+nlSCmL5swPnyCsuX3eS0JePQLSJqhIhjV4+ZDymgWCzfwrt
WcnvJKACX9USufK8gvRbUwm9or/Hlc9OmhNHFMeXVbjzYtOsGIh8sSWCtOn18zXu
GJd5jpc7b9Owgj5nA046Mbd/zeKTog6E6U79c+ImNa+j4psdhcHA2Ws+csvVh5Tn
7EsS4PSj6KJ64e8RyQhW
=nwOY
-----END PGP SIGNATURE-----

Message #36 received at 695614@bugs.debian.org (full text, mbox, reply):

From: Jonathan Wiltshire <jmw@debian.org>

To: 695614@bugs.debian.org

Subject: Re: CVE-2012-6303: buffer overflows

Date: Thu, 17 Jan 2013 11:42:09 -0000

Package: snack

Dear maintainer,

Recently you fixed one or more security problems and as a result you closed
this bug. These problems were not serious enough for a Debian Security
Advisory, so they are now on my radar for fixing in the following suites
through point releases:

squeeze (6.0.7) - use target "stable"

Please prepare a minimal-changes upload targetting each of these suites,
and submit a debdiff to the Release Team [0] for consideration. They will
offer additional guidance or instruct you to upload your package.

I will happily assist you at any stage if the patch is straightforward and
you need help. Please keep me in CC at all times so I can
track [1] the progress of this request.

For details of this process and the rationale, please see the original
announcement [2] and my blog post [3].

0: debian-release@lists.debian.org
1: http://prsc.debian.net/tracker/695614/
2: <201101232332.11736.thijs@debian.org>
3: http://deb.li/prsc

Thanks,

with his security hat on:
--
Jonathan Wiltshire                                      jmw@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

Message #41 received at 695614@bugs.debian.org (full text, mbox, reply):

From: Sergei Golovan <sgolovan@nes.ru>

To: Jonathan Wiltshire <jmw@debian.org>, 695614@bugs.debian.org

Subject: Re: Bug#695614: CVE-2012-6303: buffer overflows

Date: Fri, 18 Jan 2013 09:49:18 +0400

Hi Jonathan.

On Thu, Jan 17, 2013 at 3:42 PM, Jonathan Wiltshire <jmw@debian.org> wrote:
>
> Please prepare a minimal-changes upload targetting each of these suites,
> and submit a debdiff to the Release Team [0] for consideration. They will
> offer additional guidance or instruct you to upload your package.

I'll do that in a few days. Thank you for the reminder.

Cheers!
-- 
Sergei Golovan

Message #46 received at 695614-close@bugs.debian.org (full text, mbox, reply):

From: Sergei Golovan <sgolovan@debian.org>

To: 695614-close@bugs.debian.org

Subject: Bug#695614: fixed in snack 2.2.10-dfsg1-9+squeeze1

Date: Wed, 30 Jan 2013 21:02:07 +0000

Source: snack
Source-Version: 2.2.10-dfsg1-9+squeeze1

We believe that the bug you reported is fixed in the latest version of
snack, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 695614@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sergei Golovan <sgolovan@debian.org> (supplier of updated snack package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 29 Oct 2009 21:58:50 +0300
Source: snack
Binary: libsnack2 libsnack2-alsa python-tksnack libsnack2-dev libsnack2-doc
Architecture: source i386 all
Version: 2.2.10-dfsg1-9+squeeze1
Distribution: stable
Urgency: low
Maintainer: Sergei Golovan <sgolovan@debian.org>
Changed-By: Sergei Golovan <sgolovan@debian.org>
Description: 
 libsnack2  - Sound extension to Tcl/Tk and Python/Tkinter - Tcl/Tk library
 libsnack2-alsa - Sound extension to Tcl/Tk and Python/Tkinter - Tcl/Tk library
 libsnack2-dev - Sound extension to Tcl/Tk and Python/Tkinter - development files
 libsnack2-doc - Sound extension to Tcl/Tk and Python/Tkinter - documentation
 python-tksnack - Sound extension to Tcl/Tk and Python/Tkinter - Python library
Closes: 695614
Changes: 
 snack (2.2.10-dfsg1-9+squeeze1) stable; urgency=low
 .
   * Included patch by Michael Karcher to fix CVE-2012-6303 (closes: #695614).
Checksums-Sha1: 
 45a301b74c5fdf69bd74bba9ac873cceaf97680c 1265 snack_2.2.10-dfsg1-9+squeeze1.dsc
 7272b114a8feb717fce380da5018042c67cd5620 8326 snack_2.2.10-dfsg1-9+squeeze1.diff.gz
 e3743eafa7fd033f92d54850ccdcca3fce4694f2 366576 libsnack2_2.2.10-dfsg1-9+squeeze1_i386.deb
 5e15cc2f68fc6ebb31e59b66b1f0c98c7b78dae8 58652 libsnack2-dev_2.2.10-dfsg1-9+squeeze1_i386.deb
 48282a55aa75e422f69cbbed33eec1ecc5db4419 359500 libsnack2-alsa_2.2.10-dfsg1-9+squeeze1_i386.deb
 d9f07ca696604cbf3ebcfc57b92c1869b60e16b0 32796 python-tksnack_2.2.10-dfsg1-9+squeeze1_all.deb
 7c2dda2f00ed344da432bccd4af7c89307f6f36e 223076 libsnack2-doc_2.2.10-dfsg1-9+squeeze1_all.deb
Checksums-Sha256: 
 b4334f17d13d168cb6ac6847d5b665bafe2cd497146808bdc4af06b2ba7a2ce6 1265 snack_2.2.10-dfsg1-9+squeeze1.dsc
 86f9ae2fa71d66187058c511a9a4caab0831856d641997dec303170d381a8091 8326 snack_2.2.10-dfsg1-9+squeeze1.diff.gz
 569804ad04bcc2647bcf3ce4441e34c34a5b2cacd051836725b40f9698dd6189 366576 libsnack2_2.2.10-dfsg1-9+squeeze1_i386.deb
 6f81f4ab24e3c66ca958afa804fcb3290f72835b2e7ccbc12046d17a4fabf5b9 58652 libsnack2-dev_2.2.10-dfsg1-9+squeeze1_i386.deb
 76db158f730fea303d1dccc51946488c3437baad9474d8115b2c7bc531109285 359500 libsnack2-alsa_2.2.10-dfsg1-9+squeeze1_i386.deb
 14915d0dcf4402ffd16b15451250be5c8109d415a4821ecbd035394110e5649e 32796 python-tksnack_2.2.10-dfsg1-9+squeeze1_all.deb
 5d09b569c7799892e1603d57c87a903099daecd58629cbea51e6e4f5f1fab3dd 223076 libsnack2-doc_2.2.10-dfsg1-9+squeeze1_all.deb
Files: 
 4df58757105754079f59d5008d2ed2ad 1265 sound optional snack_2.2.10-dfsg1-9+squeeze1.dsc
 fb5d47f81d349f7684f576e36e7766f4 8326 sound optional snack_2.2.10-dfsg1-9+squeeze1.diff.gz
 4b3ce03f1ffdad5e9bd3e963a4142dc2 366576 libs optional libsnack2_2.2.10-dfsg1-9+squeeze1_i386.deb
 eb0d73e4862d7fdf73836074eaeb2908 58652 libdevel optional libsnack2-dev_2.2.10-dfsg1-9+squeeze1_i386.deb
 20ff666e3f2689ac2067592d33706780 359500 libs optional libsnack2-alsa_2.2.10-dfsg1-9+squeeze1_i386.deb
 1d28ec48477762e9c14fb98f6bfabf6a 32796 python optional python-tksnack_2.2.10-dfsg1-9+squeeze1_all.deb
 936373a38ed052b3984dc647c7a140ae 223076 doc optional libsnack2-doc_2.2.10-dfsg1-9+squeeze1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFRCLr6IcdH02pGEFIRAoyWAJ9WzlByoeYU4XBz7DAYaoV7g0hDMgCfb2cR
o5OBy8onYqz2httrZgiTLgM=
=Yjx4
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.