[Pkg-cups-devel] Bug#324459: marked as done (cupsys: Missing fix for CAN-2005-0064?)

Debian Bug Tracking System owner at bugs.debian.org
Tue Dec 13 01:03:12 UTC 2005 

Your message dated Mon, 12 Dec 2005 16:47:10 -0800
with message-id <E1ElyJy-0005v8-13 at spohr.debian.org>
and subject line Bug#324459: fixed in cupsys 1.1.23-13
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 22 Aug 2005 08:37:47 +0000
>From jfs at computer.org Mon Aug 22 01:37:47 2005
Return-path: <jfs at computer.org>
Received: from 148.red-213-96-98.pooles.rima-tde.net (javifsp.no-ip.org) [213.96.98.148] (Debian-exim)
	by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
	id 1E77oR-00065E-00; Mon, 22 Aug 2005 01:37:47 -0700
Received: from jfs by javifsp.no-ip.org with local (Exim 4.52)
	id 1E77oP-0000ah-DE
	for submit at bugs.debian.org; Mon, 22 Aug 2005 10:37:45 +0200
Date: Mon, 22 Aug 2005 10:37:45 +0200
From: Javier =?iso-8859-1?Q?Fern=E1ndez-Sanguino_Pe=F1a?= <jfs at computer.org>
To: submit at bugs.debian.org
Subject: cupsys: Missing fix for CAN-2005-0064?
Message-ID: <20050822083745.GA32478 at javifsp.no-ip.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="aVD9QWMuhilNxW9f"
Content-Disposition: inline
User-Agent: Mutt/1.5.10i
Delivered-To: submit at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no 
	version=2.60-bugs.debian.org_2005_01_02


--aVD9QWMuhilNxW9f
Content-Type: multipart/mixed; boundary="k1lZvvs/B4yU6o8G"
Content-Disposition: inline


--k1lZvvs/B4yU6o8G
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline


Package: cupsys
Version: 1.1.23-11
Priority: important
Tags: security

Reviewing the Fedora patches for cupsys I've found that
cups-CAN-2005-0064.patch (attached) is not available as a patch
in the Debian source package. This bug is described as
"Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf
3.00 and earlier allows remote attackers to execute arbitrary code via a PDF
file with a large /Encrypt /Length keyLength value."

And has been fixed in DSA-645 and DSA-648

Please review this patch and apply it if needed.

Thanks

Javier

--k1lZvvs/B4yU6o8G
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="cups-CAN-2005-0064.patch"
Content-Transfer-Encoding: quoted-printable

--- cups-1.1.17/pdftops/Decrypt.cxx	2005-01-14 14:26:55.679891237 +0000
+++ cups-1.1.17/pdftops/Decrypt.cxx	2005-01-17 14:21:58.917198715 +0000
@@ -116,13 +116,19 @@
   Guchar *buf;
   Guchar test[32];
   Guchar fState[256];
-  Guchar tmpKey[16];
+  Guchar *tmpKey;
   Guchar fx, fy;
   int len, i, j;
   GBool ok;
=20
+  // check whether we have non-zero keyLength
+  if ( !keyLength || keyLength > 16 ) {
+    return gFalse;
+  }
+ =20
   // generate file key
   buf =3D (Guchar *)gmalloc(68 + fileID->getLength());
+  tmpKey =3D (Guchar *)gmalloc(keyLength * sizeof(Guchar));
   if (userPassword) {
     len =3D userPassword->getLength();
     if (len < 32) {
@@ -175,6 +181,7 @@
     ok =3D gFalse;
   }
=20
+  gfree(tmpKey);
   gfree(buf);
   return ok;
 }

--k1lZvvs/B4yU6o8G--

--aVD9QWMuhilNxW9f
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDCY7ZsandgtyBSwkRApUjAKCB+gljc69Klfwg6ld7zFszwCf47wCdFYjk
tUaQabBVs7YKBjjbSculHhs=
=bf84
-----END PGP SIGNATURE-----

--aVD9QWMuhilNxW9f--

---------------------------------------
Received: (at 324459-close) by bugs.debian.org; 13 Dec 2005 00:51:01 +0000
>From katie at ftp-master.debian.org Mon Dec 12 16:51:01 2005
Return-path: <katie at ftp-master.debian.org>
Received: from katie by spohr.debian.org with local (Exim 4.50)
	id 1ElyJy-0005v8-13; Mon, 12 Dec 2005 16:47:10 -0800
From: Kenshi Muto <kmuto at debian.org>
To: 324459-close at bugs.debian.org
X-Katie: $Revision: 1.60 $
Subject: Bug#324459: fixed in cupsys 1.1.23-13
Message-Id: <E1ElyJy-0005v8-13 at spohr.debian.org>
Sender: Archive Administrator <katie at ftp-master.debian.org>
Date: Mon, 12 Dec 2005 16:47:10 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 3

Source: cupsys
Source-Version: 1.1.23-13

We believe that the bug you reported is fixed in the latest version of
cupsys, which is due to be installed in the Debian FTP archive:

cupsys-bsd_1.1.23-13_i386.deb
  to pool/main/c/cupsys/cupsys-bsd_1.1.23-13_i386.deb
cupsys-client_1.1.23-13_i386.deb
  to pool/main/c/cupsys/cupsys-client_1.1.23-13_i386.deb
cupsys_1.1.23-13.diff.gz
  to pool/main/c/cupsys/cupsys_1.1.23-13.diff.gz
cupsys_1.1.23-13.dsc
  to pool/main/c/cupsys/cupsys_1.1.23-13.dsc
cupsys_1.1.23-13_i386.deb
  to pool/main/c/cupsys/cupsys_1.1.23-13_i386.deb
libcupsimage2-dev_1.1.23-13_i386.deb
  to pool/main/c/cupsys/libcupsimage2-dev_1.1.23-13_i386.deb
libcupsimage2_1.1.23-13_i386.deb
  to pool/main/c/cupsys/libcupsimage2_1.1.23-13_i386.deb
libcupsys2-dev_1.1.23-13_i386.deb
  to pool/main/c/cupsys/libcupsys2-dev_1.1.23-13_i386.deb
libcupsys2-gnutls10_1.1.23-13_all.deb
  to pool/main/c/cupsys/libcupsys2-gnutls10_1.1.23-13_all.deb
libcupsys2_1.1.23-13_i386.deb
  to pool/main/c/cupsys/libcupsys2_1.1.23-13_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 324459 at bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Kenshi Muto <kmuto at debian.org> (supplier of updated cupsys package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster at debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 22 Aug 2005 18:50:26 +0900
Source: cupsys
Binary: cupsys-bsd libcupsys2-dev libcupsys2 cupsys libcupsys2-gnutls10 libcupsimage2-dev libcupsimage2 cupsys-client
Architecture: source i386 all
Version: 1.1.23-13
Distribution: unstable
Urgency: high
Maintainer: Debian CUPS Maintainers <pkg-cups-devel at lists.alioth.debian.org>
Changed-By: Kenshi Muto <kmuto at debian.org>
Description: 
 cupsys     - Common UNIX Printing System(tm) - server
 cupsys-bsd - Common UNIX Printing System(tm) - BSD commands
 cupsys-client - Common UNIX Printing System(tm) - client programs (SysV)
 libcupsimage2 - Common UNIX Printing System(tm) - image libs
 libcupsimage2-dev - Common UNIX Printing System(tm) - image development files
 libcupsys2 - Common UNIX Printing System(tm) - libs
 libcupsys2-dev - Common UNIX Printing System(tm) - development files
 libcupsys2-gnutls10 - Common UNIX Printing System(tm) - dummy libs for transition
Closes: 178838 235906 288838 297695 324459 324460 324464 338545 340626
Changes: 
 cupsys (1.1.23-13) unstable; urgency=high
 .
   * 38_pdftopscan.dpatch: Apply CAN-2005-0064, CAN-2004-0888,
     and CAN-2005-2097 patches. (closes: #324459, #324460, #324464)
     Because Debian cupsys uses xpdf wrapper instead of forked pdftops,
     so users aren't affected these security problems.
     This patch is just for users who want to create own pdftops from
     source.
   * Move Port/Listen and Browsing configurations from /etc/cups/
     cupsd.conf to /etc/cups/cups.d/.
 .
     /etc/cups/cups.d/ports.conf: Port/Listen configuration.
     /etc/cups/cups.d/browse.conf: Browsing configuration
 .
     You can configure these values by using "dpkg-reconfigure cupsys".
     (closes: #235906, #297695, #178838, #288838)
 .
   * Added Swedish debconf translation (closes: #338545). Thanks Daniel.
   * Updated Russian debconf translation (closes: #340626). Thanks Yuri.
 .
   * Applied xpdf patch to fix buffer overflows [pdftops/Stream.cxx,
     pdftops/Stream.h, CAN-2005-3191, CAN-2005-3192,
     48_security_CAN-2005-3191.dpatch]
     Because Debian cupsys uses xpdf wrapper instead of forked pdftops,
     so users aren't affected these security problems.
     This patch is just for users who want to create own pdftops from
     source.
Files: 
 c80d765816798b9b43ae3efedab005ea 1021 net optional cupsys_1.1.23-13.dsc
 751a0785a7d5704fb48d83f8f05ef910 1282545 net optional cupsys_1.1.23-13.diff.gz
 013840b7fb31896a9c1aaf3c64c55c40 984 libs optional libcupsys2-gnutls10_1.1.23-13_all.deb
 7c8e56ea3d20fe872e0a0b3f52d2285e 8963860 net optional cupsys_1.1.23-13_i386.deb
 81dd7f9b227d6e0b101d8b4b2d13895a 108582 net optional cupsys-client_1.1.23-13_i386.deb
 1049c749c8079e552653b4ac3aa52f5a 75214 libs optional libcupsys2_1.1.23-13_i386.deb
 4667934c8cb0c7ff6c3ecc0251bc9b53 85210 libdevel optional libcupsys2-dev_1.1.23-13_i386.deb
 0e29eb5c25315a40d5b23da1a5ce1fa8 56756 libs optional libcupsimage2_1.1.23-13_i386.deb
 4bf48d492a3b1a54a2f88f040069d808 46460 libdevel optional libcupsimage2-dev_1.1.23-13_i386.deb
 dcab3926e3097d2c6c880f8cf5795dcb 48082 net extra cupsys-bsd_1.1.23-13_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iEYEARECAAYFAkOeFzsACgkQQKW+7XLQPLFPJgCeOXZfBlGRQyNTddJoqNDJQO56
/IEAoKnUhmUfngveHnu2406MEkNCiR0f
=czHy
-----END PGP SIGNATURE-----

More information about the Pkg-cups-devel mailing list