Bug#1068451: bookworm-pu: package libtommath/1.2.0-6+deb12u1

Moritz Muehlenhoff jmm at debian.org
Fri Apr 5 15:19:06 BST 2024 

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian.org at packages.debian.org
Usertags: pu
X-Debbugs-Cc: libtommath at packages.debian.org
Control: affects -1 + src:libtommath

Addresses CVE-2023-36328, debdiff below. Acked by Dominique before.

Cheers,
        Moritz

diff -Nru libtommath-1.2.0/debian/changelog libtommath-1.2.0/debian/changelog
--- libtommath-1.2.0/debian/changelog	2021-02-07 11:58:15.000000000 +0100
+++ libtommath-1.2.0/debian/changelog	2024-04-04 22:20:38.000000000 +0200
@@ -1,3 +1,9 @@
+libtommath (1.2.0-6+deb12u1) bookworm; urgency=medium
+
+  * CVE-2023-36328 (Closes: #1051100)
+
+ -- Moritz Mühlenhoff <jmm at debian.org>  Thu, 04 Apr 2024 22:20:38 +0200
+
 libtommath (1.2.0-6) unstable; urgency=medium
 
   [ Helmut Grohne ]
diff -Nru libtommath-1.2.0/debian/patches/CVE-2023-36328.patch libtommath-1.2.0/debian/patches/CVE-2023-36328.patch
--- libtommath-1.2.0/debian/patches/CVE-2023-36328.patch	1970-01-01 01:00:00.000000000 +0100
+++ libtommath-1.2.0/debian/patches/CVE-2023-36328.patch	2024-04-04 22:20:38.000000000 +0200
@@ -0,0 +1,121 @@
+From beba892bc0d4e4ded4d667ab1d2a94f4d75109a9 Mon Sep 17 00:00:00 2001
+From: czurnieden <czurnieden at gmx.de>
+Date: Tue, 9 May 2023 17:17:12 +0200
+Subject: [PATCH] Fix possible integer overflow
+
+---
+ bn_mp_2expt.c                | 4 ++++
+ bn_mp_grow.c                 | 4 ++++
+ bn_mp_init_size.c            | 5 +++++
+ bn_mp_mul_2d.c               | 4 ++++
+ bn_s_mp_mul_digs.c           | 4 ++++
+ bn_s_mp_mul_digs_fast.c      | 4 ++++
+ bn_s_mp_mul_high_digs.c      | 4 ++++
+ bn_s_mp_mul_high_digs_fast.c | 4 ++++
+ 8 files changed, 33 insertions(+)
+
+--- libtommath-1.2.0.orig/bn_mp_2expt.c
++++ libtommath-1.2.0/bn_mp_2expt.c
+@@ -12,6 +12,10 @@ mp_err mp_2expt(mp_int *a, int b)
+ {
+    mp_err    err;
+ 
++   if (b < 0) {
++      return MP_VAL;
++   }
++
+    /* zero a as per default */
+    mp_zero(a);
+ 
+--- libtommath-1.2.0.orig/bn_mp_grow.c
++++ libtommath-1.2.0/bn_mp_grow.c
+@@ -9,6 +9,10 @@ mp_err mp_grow(mp_int *a, int size)
+    int     i;
+    mp_digit *tmp;
+ 
++   if (size < 0) {
++      return MP_VAL;
++   }
++
+    /* if the alloc size is smaller alloc more ram */
+    if (a->alloc < size) {
+       /* reallocate the array a->dp
+--- libtommath-1.2.0.orig/bn_mp_init_size.c
++++ libtommath-1.2.0/bn_mp_init_size.c
+@@ -6,6 +6,11 @@
+ /* init an mp_init for a given size */
+ mp_err mp_init_size(mp_int *a, int size)
+ {
++
++   if (size < 0) {
++      return MP_VAL;
++   }
++
+    size = MP_MAX(MP_MIN_PREC, size);
+ 
+    /* alloc mem */
+--- libtommath-1.2.0.orig/bn_mp_mul_2d.c
++++ libtommath-1.2.0/bn_mp_mul_2d.c
+@@ -9,6 +9,10 @@ mp_err mp_mul_2d(const mp_int *a, int b,
+    mp_digit d;
+    mp_err   err;
+ 
++   if (b < 0) {
++      return MP_VAL;
++   }
++
+    /* copy */
+    if (a != c) {
+       if ((err = mp_copy(a, c)) != MP_OKAY) {
+--- libtommath-1.2.0.orig/bn_s_mp_mul_digs.c
++++ libtommath-1.2.0/bn_s_mp_mul_digs.c
+@@ -16,6 +16,10 @@ mp_err s_mp_mul_digs(const mp_int *a, co
+    mp_word r;
+    mp_digit tmpx, *tmpt, *tmpy;
+ 
++   if (digs < 0) {
++      return MP_VAL;
++   }
++
+    /* can we use the fast multiplier? */
+    if ((digs < MP_WARRAY) &&
+        (MP_MIN(a->used, b->used) < MP_MAXFAST)) {
+--- libtommath-1.2.0.orig/bn_s_mp_mul_digs_fast.c
++++ libtommath-1.2.0/bn_s_mp_mul_digs_fast.c
+@@ -26,6 +26,10 @@ mp_err s_mp_mul_digs_fast(const mp_int *
+    mp_digit W[MP_WARRAY];
+    mp_word  _W;
+ 
++   if (digs < 0) {
++      return MP_VAL;
++   }
++
+    /* grow the destination as required */
+    if (c->alloc < digs) {
+       if ((err = mp_grow(c, digs)) != MP_OKAY) {
+--- libtommath-1.2.0.orig/bn_s_mp_mul_high_digs.c
++++ libtommath-1.2.0/bn_s_mp_mul_high_digs.c
+@@ -15,6 +15,10 @@ mp_err s_mp_mul_high_digs(const mp_int *
+    mp_word  r;
+    mp_digit tmpx, *tmpt, *tmpy;
+ 
++   if (digs < 0) {
++      return MP_VAL;
++   }
++
+    /* can we use the fast multiplier? */
+    if (MP_HAS(S_MP_MUL_HIGH_DIGS_FAST)
+        && ((a->used + b->used + 1) < MP_WARRAY)
+--- libtommath-1.2.0.orig/bn_s_mp_mul_high_digs_fast.c
++++ libtommath-1.2.0/bn_s_mp_mul_high_digs_fast.c
+@@ -19,6 +19,10 @@ mp_err s_mp_mul_high_digs_fast(const mp_
+    mp_digit W[MP_WARRAY];
+    mp_word  _W;
+ 
++   if (digs < 0) {
++      return MP_VAL;
++   }
++
+    /* grow the destination as required */
+    pa = a->used + b->used;
+    if (c->alloc < pa) {
diff -Nru libtommath-1.2.0/debian/patches/series libtommath-1.2.0/debian/patches/series
--- libtommath-1.2.0/debian/patches/series	2021-02-07 11:58:15.000000000 +0100
+++ libtommath-1.2.0/debian/patches/series	2024-04-04 22:20:38.000000000 +0200
@@ -2,3 +2,4 @@
 remove-undefined-macro
 fix-shift-count-overflow-on-x32
 use-utc-timezone
+CVE-2023-36328.patch

More information about the Pkg-rakudo-devel mailing list