Ubuntu
fetchmail package

Merge lp:~ari-tczew/ubuntu/dapper/fetchmail/fix-CVE-2008-2711 into lp:ubuntu/dapper-security/fetchmail

Dapper (6.06)
fix-CVE-2008-2711
Merge into dapper-security

Proposed by Artur Rona on 2010-04-02

Status:

Rejected

Rejected by:

Jamie Strandboge on 2011-11-30

Proposed branch:

lp:~ari-tczew/ubuntu/dapper/fetchmail/fix-CVE-2008-2711

Merge into:

lp:ubuntu/dapper-security/fetchmail

Diff against target:

94 lines (+74/-0)

3 files modified

debian/changelog (+10/-0)
debian/patches/00list (+1/-0)
debian/patches/07_fix_CVE-2008-2711_DoS.dpatch (+63/-0)

To merge this branch:

bzr merge lp:~ari-tczew/ubuntu/dapper/fetchmail/fix-CVE-2008-2711

Low

Won't Fix

Link a bug report

Reviewer	Review Type	Date Requested	Status
Ubuntu Security Sponsors Team		2010-04-02	Pending
Review via email: mp+22696@code.launchpad.net

Unmerged revisions

12. By Artur Rona on 2010-04-02: * SECURITY UPDATE: Corrects a denial of service attack that can crash
  fetchmail when running in -v -v mode via malformed mail messages
  with long headers (LP: #240549)
  - debian/patches/07_fix_CVE-2008-2711_DoS.dpatch
  - CVE-2008-2711

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Artur Rona

James Westby

 === modified file 'debian/changelog'
 --- debian/changelog	2009-08-11 12:03:52 +0000
 +++ debian/changelog	2010-04-02 16:46:27 +0000
@@ -1,3 +1,13 @@
++fetchmail (6.3.2-2ubuntu2.4) dapper-security; urgency=low
++
++  * SECURITY UPDATE: Corrects a denial of service attack that can crash
++    fetchmail when running in -v -v mode via malformed mail messages
++    with long headers (LP: #240549)
++    - debian/patches/07_fix_CVE-2008-2711_DoS.dpatch
++    - CVE-2008-2711
++
++ -- Artur Rona <ari-tczew@tlen.pl>  Fri, 02 Apr 2010 15:34:17 +0200
++
  fetchmail (6.3.2-2ubuntu2.3) dapper-security; urgency=low
    * SECURITY UPDATE: SSL cert validation bypass via NULL bytes.
 === modified file 'debian/patches/00list'
 --- debian/patches/00list	2009-08-11 12:03:52 +0000
 +++ debian/patches/00list	2010-04-02 16:46:27 +0000
@@ -6,3 +6,4 @@
 _CVE-2007-4565.dpatch
 _CVE-2007-1558.dpatch
 _cert_0_byte
++07_fix_CVE-2008-2711_DoS
 === added file 'debian/patches/07_fix_CVE-2008-2711_DoS.dpatch'
 --- debian/patches/07_fix_CVE-2008-2711_DoS.dpatch	1970-01-01 00:00:00 +0000
 +++ debian/patches/07_fix_CVE-2008-2711_DoS.dpatch	2010-04-02 16:46:27 +0000
@@ -0,0 +1,63 @@
++#! /bin/sh /usr/share/dpatch/dpatch-run
++## From: Artur Rona <ari-tczew@tlen.pl>
++## Description: CVE-2008-2711 - fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, allows remote attackers to cause a denial of service (crash and persistent mail failure) via a malformed mail message with long headers, which triggers an erroneous dereference when using vsnprintf to format log messages.
++## Origin: http://fetchmail.berlios.de/fetchmail-SA-2008-01.txt
++## Bug: https://launchpad.net/bugs/240549
++## Author: Matthias Andree
++
++@DPATCH@
++
++diff -pruN -x '*~' fetchmail-6.3.2.orig/report.c fetchmail-6.3.2/report.c
++--- fetchmail-6.3.2.orig/report.c	2006-01-23 10:09:18.000000000 +0100
+++++ fetchmail-6.3.2/report.c	2010-04-02 16:04:32.000000000 +0200
++@@ -238,12 +238,18 @@ report_build (FILE *errfp, message, va_a
++     rep_ensuresize();
++
++ #if defined(VA_START)
++-    VA_START (args, message);
++     for ( ; ; )
++     {
+++       /*
+++        * args has to be initialized before every call of vsnprintf(),
+++        * because vsnprintf() invokes va_arg macro and thus args is
+++        * undefined after the call
+++        */
+++    VA_START (args, message);
++ 	n = vsnprintf (partial_message + partial_message_size_used,
++ 		       partial_message_size - partial_message_size_used,
++ 		       message, args);
+++	va_end (args);
++
++ 	if (n < partial_message_size - partial_message_size_used)
++         {
++@@ -254,7 +260,6 @@ report_build (FILE *errfp, message, va_a
++ 	partial_message_size += 2048;
++ 	partial_message = REALLOC (partial_message, partial_message_size);
++     }
++-    va_end (args);
++ #else
++     for ( ; ; )
++     {
++@@ -303,12 +308,13 @@ report_complete (FILE *errfp, message, v
++     rep_ensuresize();
++
++ #if defined(VA_START)
++-    VA_START (args, message);
++     for ( ; ; )
++     {
+++    VA_START (args, message);
++ 	n = vsnprintf (partial_message + partial_message_size_used,
++ 		       partial_message_size - partial_message_size_used,
++ 		       message, args);
+++	va_end (args);
++
++ 	if (n < partial_message_size - partial_message_size_used)
++         {
++@@ -319,7 +325,6 @@ report_complete (FILE *errfp, message, v
++ 	partial_message_size += 2048;
++ 	partial_message = REALLOC (partial_message, partial_message_size);
++     }
++-    va_end (args);
++ #else
++     for ( ; ; )
++     {

Ubuntu
fetchmail package

Merge lp:~ari-tczew/ubuntu/dapper/fetchmail/fix-CVE-2008-2711 into lp:ubuntu/dapper-security/fetchmail

Commit message

Description of the change

Unmerged revisions

Preview Diff

Subscribers

Ubuntufetchmail package

Merge lp:~ari-tczew/ubuntu/dapper/fetchmail/fix-CVE-2008-2711 into lp:ubuntu/dapper-security/fetchmail

Commit message

Description of the change

Unmerged revisions

Preview Diff

Subscribers

Ubuntu
fetchmail package