Debian Bug report logs -
#875311
gedit: CVE-2017-14108: CPU consumption via crafted file
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>:
Bug#875311; Package src:gedit.
(Sun, 10 Sep 2017 15:27:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>.
(Sun, 10 Sep 2017 15:27:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: gedit
Version: 3.22.1-1
Severity: normal
Tags: security upstream
Control: found -1 3.14.0-3
Hi,
the following vulnerability was published for gedit.
CVE-2017-14108[0]:
| libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to
| cause a denial of service (CPU consumption) via a file that begins with
| many '\0' characters.
The following can be used to produce a crafted file which triggers the
issue:
$ echo -ne '\x68\x6f\x73\x65\x69\x6e\x20\x61\x73\x6b\x61\x72\x69' | dd conv=notrunc bs=1000 seek=100 of=craft.txt
$ gedit craft.txt &
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-14108
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14108
[1] https://bugzilla.novell.com/show_bug.cgi?id=1057184
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1488335
Regards,
Salvatore
Marked as found in versions gedit/3.14.0-3.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to submit@bugs.debian.org.
(Sun, 10 Sep 2017 15:27:04 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>:
Bug#875311; Package src:gedit.
(Mon, 28 May 2018 00:27:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Alan Coopersmith <alan.coopersmith@oracle.com>:
Extra info received and forwarded to list. Copy sent to Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>.
(Mon, 28 May 2018 00:27:02 GMT) (full text, mbox, link).
Message #12 received at 875311@bugs.debian.org (full text, mbox, reply):
Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=791037
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:43:51 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon