Debian Bug report logs -
#924185
libmatio: CVE-2019-9026 CVE-2019-9027 CVE-2019-9028 CVE-2019-9029 CVE-2019-9030 CVE-2019-9031 CVE-2019-9032 CVE-2019-9033 CVE-2019-9034 CVE-2019-9035 CVE-2019-9036 CVE-2019-9037 CVE-2019-9038
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, team@security.debian.org, Debian Science Team <debian-science-maintainers@lists.alioth.debian.org>:
Bug#924185; Package src:libmatio.
(Sun, 10 Mar 2019 08:18:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, team@security.debian.org, Debian Science Team <debian-science-maintainers@lists.alioth.debian.org>.
(Sun, 10 Mar 2019 08:18:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: libmatio
Version: 1.5.13-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/tbeu/matio/issues/103
Hi,
The following vulnerabilities were published for libmatio.
CVE-2019-9026[0]:
| An issue was discovered in libmatio.a in matio (aka MAT File I/O
| Library) 1.5.13. There is a heap-based buffer overflow in the function
| InflateVarName() in inflate.c when called from ReadNextCell in mat5.c.
CVE-2019-9027[1]:
| An issue was discovered in libmatio.a in matio (aka MAT File I/O
| Library) 1.5.13. There is a heap-based buffer overflow problem in the
| function ReadNextCell() in mat5.c.
CVE-2019-9028[2]:
| An issue was discovered in libmatio.a in matio (aka MAT File I/O
| Library) 1.5.13. There is a stack-based buffer over-read in the
| function InflateDimensions() in inflate.c when called from ReadNextCell
| in mat5.c.
CVE-2019-9029[3]:
| An issue was discovered in libmatio.a in matio (aka MAT File I/O
| Library) 1.5.13. There is an out-of-bounds read with a SEGV in the
| function Mat_VarReadNextInfo5() in mat5.c.
CVE-2019-9030[4]:
| An issue was discovered in libmatio.a in matio (aka MAT File I/O
| Library) 1.5.13. There is a stack-based buffer over-read in
| Mat_VarReadNextInfo5() in mat5.c.
CVE-2019-9031[5]:
| An issue was discovered in libmatio.a in matio (aka MAT File I/O
| Library) 1.5.13. There is a NULL pointer dereference in the function
| Mat_VarFree() in mat.c.
CVE-2019-9032[6]:
| An issue was discovered in libmatio.a in matio (aka MAT File I/O
| Library) 1.5.13. There is an out-of-bounds write problem causing a SEGV
| in the function Mat_VarFree() in mat.c.
CVE-2019-9033[7]:
| An issue was discovered in libmatio.a in matio (aka MAT File I/O
| Library) 1.5.13. There is a stack-based buffer over-read for the "Rank
| and Dimension" feature in the function ReadNextCell() in mat5.c.
CVE-2019-9034[8]:
| An issue was discovered in libmatio.a in matio (aka MAT File I/O
| Library) 1.5.13. There is a stack-based buffer over-read for a memcpy
| in the function ReadNextCell() in mat5.c.
CVE-2019-9035[9]:
| An issue was discovered in libmatio.a in matio (aka MAT File I/O
| Library) 1.5.13. There is a stack-based buffer over-read in the
| function ReadNextStructField() in mat5.c.
CVE-2019-9036[10]:
| An issue was discovered in libmatio.a in matio (aka MAT File I/O
| Library) 1.5.13. There is a heap-based buffer overflow in the function
| ReadNextFunctionHandle() in mat5.c.
CVE-2019-9037[11]:
| An issue was discovered in libmatio.a in matio (aka MAT File I/O
| Library) 1.5.13. There is a buffer over-read in the function
| Mat_VarPrint() in mat.c.
CVE-2019-9038[12]:
| An issue was discovered in libmatio.a in matio (aka MAT File I/O
| Library) 1.5.13. There is an out-of-bounds read problem with a SEGV in
| the function ReadNextCell() in mat5.c.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-9026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9026
[1] https://security-tracker.debian.org/tracker/CVE-2019-9027
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9027
[2] https://security-tracker.debian.org/tracker/CVE-2019-9028
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9028
[3] https://security-tracker.debian.org/tracker/CVE-2019-9029
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9029
[4] https://security-tracker.debian.org/tracker/CVE-2019-9030
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9030
[5] https://security-tracker.debian.org/tracker/CVE-2019-9031
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9031
[6] https://security-tracker.debian.org/tracker/CVE-2019-9032
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9032
[7] https://security-tracker.debian.org/tracker/CVE-2019-9033
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9033
[8] https://security-tracker.debian.org/tracker/CVE-2019-9034
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9034
[9] https://security-tracker.debian.org/tracker/CVE-2019-9035
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9035
[10] https://security-tracker.debian.org/tracker/CVE-2019-9036
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9036
[11] https://security-tracker.debian.org/tracker/CVE-2019-9037
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9037
[12] https://security-tracker.debian.org/tracker/CVE-2019-9038
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9038
[13] https://github.com/tbeu/matio/issues/103
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Marked as found in versions libmatio/1.5.9-1.
Request was from Sébastien Villemot <sebastien@debian.org>
to control@bugs.debian.org.
(Tue, 12 Mar 2019 12:51:05 GMT) (full text, mbox, link).
Marked as found in versions libmatio/1.5.2-3.
Request was from Sébastien Villemot <sebastien@debian.org>
to control@bugs.debian.org.
(Tue, 12 Mar 2019 12:51:06 GMT) (full text, mbox, link).
Added tag(s) fixed-upstream.
Request was from debian-bts-link@lists.debian.org
to control@bugs.debian.org.
(Thu, 14 Mar 2019 17:27:17 GMT) (full text, mbox, link).
Removed tag(s) fixed-upstream.
Request was from Sébastien Villemot <sebastien@debian.org>
to control@bugs.debian.org.
(Thu, 14 Mar 2019 17:33:04 GMT) (full text, mbox, link).
Reply sent
to Sébastien Villemot <sebastien@debian.org>:
You have taken responsibility.
(Fri, 22 Mar 2019 11:21:03 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Fri, 22 Mar 2019 11:21:03 GMT) (full text, mbox, link).
Message #18 received at 924185-close@bugs.debian.org (full text, mbox, reply):
Source: libmatio
Source-Version: 1.5.13-2
We believe that the bug you reported is fixed in the latest version of
libmatio, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 924185@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sébastien Villemot <sebastien@debian.org> (supplier of updated libmatio package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 22 Mar 2019 11:46:25 +0100
Source: libmatio
Architecture: source
Version: 1.5.13-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Science Team <debian-science-maintainers@lists.alioth.debian.org>
Changed-By: Sébastien Villemot <sebastien@debian.org>
Closes: 924185
Changes:
libmatio (1.5.13-2) unstable; urgency=medium
.
* Fix security issues
+ fix-reading-vars-from-mat-v5.patch: new patch backported from upstream.
Fixes CVE-2019-9026, CVE-2019-9027, CVE-2019-9028, CVE-2019-9029,
CVE-2019-9030, CVE-2019-9031, CVE-2019-9032, CVE-2019-9033,
CVE-2019-9034, CVE-2019-9035, CVE-2019-9038.
+ fix-printing-vars-from-mat-v5.patch: new patch backported from upstream.
Fixes CVE-2019-9037.
+ avoid-int-mult-overflow.patch: new patch backported from upstream.
Fixes CVE-2019-9036.
+ d/copyright: mention two files added by the latest patch.
(Closes: #924185)
Checksums-Sha1:
079459bf990214170ab04df21e6e152c8e11c4a3 2107 libmatio_1.5.13-2.dsc
bc88ff3f3398c65b9416a016191304965276ab0f 22352 libmatio_1.5.13-2.debian.tar.xz
0216193adf7541816cba3f2866ddc37a8316be8f 9111 libmatio_1.5.13-2_amd64.buildinfo
Checksums-Sha256:
21b55c13702ec3ee24e800b889780a0d4414fb40219881cab079e1754a4a85c4 2107 libmatio_1.5.13-2.dsc
b1c5ca2aba50967186139602a9759c8705ef20624ae66dfb3535d9f7225b1baf 22352 libmatio_1.5.13-2.debian.tar.xz
896fff5677e68104f13733535abdee854073b5b6b76ce6e01bd990344e340559 9111 libmatio_1.5.13-2_amd64.buildinfo
Files:
a30fa7c5c285755368b3565c8cea700d 2107 libs optional libmatio_1.5.13-2.dsc
d10233323ffb780c344c9e22ee07c802 22352 libs optional libmatio_1.5.13-2.debian.tar.xz
dcfcec220e7d7fa7836412f907df5c8e 9111 libs optional libmatio_1.5.13-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEU5UdlScuDFuCvoxKLOzpNQ7OvkoFAlyUwIIACgkQLOzpNQ7O
vkoOrA//SUkd0DzWE9osHmUdS9G76dcfx+LNdxLHrKPqtd22jZFJxouF2J4Cj+LF
x2/bd2m7bUf9yhgObFykMlSziA9RB1tteP2CDGC9cQblD8bePwmaE8tTLMSxHzEK
xrBJgEk/oM6D/bFBjXIuTHB46o6SazJzBg/wQWAsthiB2J92C7e2gPC9+9p1CeTV
3+3ijQSkyTsfT0i57YA0/FRVVNM4j+xavnGU3+f1K/P1psHrgd4rTCW8m42VRZ6q
XYPfQKpxlUabF2QGNJ40O4NnJvt7yNQABQ4hrOmno0Zzbu6+8siRxNSfHnwR/qN1
X2vQttX5qNmPf2PfwVbtMdn0tsuEKAxqyXwIPgtYSUrdwdKfBC0jiVBKlnrPXfbS
14Os2srsShg9ePrvStIITrhj4xvhrIy4rK42YWohiWook2/oWHtm+7/TN7Ch94VB
2x/tRFbIX+Qg+BriJ6Xilotrvey8VwXUhLFTsnFSik4vBvsogO+xfV3LcQYeUcpu
SntJ8jGX58tAUBOGrxsWzxP1p64EP+ZVJ4g6E4M4ATNFNLlRdbin9XjyP3j9yXGA
tcslzf5TGjEA2wwbv8wr6WhUljAyq0McCJ96qtay6FhEMPOySKNEJqLiv9siw6gh
YRyh4ZDXUUFN58y7dGkl4cpqLK0iru7gQD9Wr9EW/0DHegUb//g=
=hmil
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 29 Apr 2019 07:32:41 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:41:20 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon