Debian Bug report logs - #587700
python-cjson: CVE-2010-1666: buffer overflow

version graph

Package: python-cjson; Maintainer for python-cjson is Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>; Source for python-cjson is src:python-cjson.

Reported by: Raphael Geissert <geissert@debian.org>

Date: Wed, 30 Jun 2010 23:24:07 UTC

Severity: grave

Tags: security

Fixed in versions python-cjson/1.0.5-3, python-cjson/1.0.5-1+lenny1

Done: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>:
Bug#587700; Package python-cjson. (Wed, 30 Jun 2010 23:24:10 GMT) Full text and rfc822 format available.

Message #3 received at submit@bugs.debian.org (full text, mbox):

From: Raphael Geissert <geissert@debian.org>
To: submit@bugs.debian.org
Subject: python-cjson: CVE-2010-1666: buffer overflow
Date: Wed, 30 Jun 2010 18:17:08 -0500
Package: python-cjson
Severity: grave
Tags: security

Hi,

The following CVE (Common Vulnerabilities & Exposures) id was published for 
python-cjson.

Quoting the original bug report[1]:
> There is a buffer overrun in cjson 1.0.5, on UCS4 builds. The string length
> is only resized for wide unicode characters if there is less than 12 bytes
> of space left. Padding with narrow-but-escaped characters prevents string
> resizing.
> 
> The following line exhibits the overrun (it *may* segfault or display 
garbage, etc):
> >>> cjson.encode(u'\U0001D11E\U0001D11E\U0001D11E\U0001D11E\u1234\u1234\u12
> >>> 34\u1234\u1234\u1234')
> 
> (u'\U0001D11E\u1234' also breaks, but sometimes goes undetected.)

This issue has been assigned CVE-2010-1666.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
If possible, please provide packages for stable (to be released via the 
security archive.)

For further information see:
[1]https://bugs.launchpad.net/ubuntu/+source/python-cjson/+bug/585274

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net




Reply sent to Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>:
You have taken responsibility. (Tue, 06 Jul 2010 22:21:03 GMT) Full text and rfc822 format available.

Notification sent to Raphael Geissert <geissert@debian.org>:
Bug acknowledged by developer. (Tue, 06 Jul 2010 22:21:03 GMT) Full text and rfc822 format available.

Message #8 received at 587700-close@bugs.debian.org (full text, mbox):

From: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
To: 587700-close@bugs.debian.org
Subject: Bug#587700: fixed in python-cjson 1.0.5-3
Date: Tue, 06 Jul 2010 22:17:14 +0000
Source: python-cjson
Source-Version: 1.0.5-3

We believe that the bug you reported is fixed in the latest version of
python-cjson, which is due to be installed in the Debian FTP archive:

python-cjson-dbg_1.0.5-3_amd64.deb
  to main/p/python-cjson/python-cjson-dbg_1.0.5-3_amd64.deb
python-cjson_1.0.5-3.debian.tar.gz
  to main/p/python-cjson/python-cjson_1.0.5-3.debian.tar.gz
python-cjson_1.0.5-3.dsc
  to main/p/python-cjson/python-cjson_1.0.5-3.dsc
python-cjson_1.0.5-3_amd64.deb
  to main/p/python-cjson/python-cjson_1.0.5-3_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 587700@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Debian Python Modules Team <python-modules-team@lists.alioth.debian.org> (supplier of updated python-cjson package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 06 Jul 2010 23:22:56 +0200
Source: python-cjson
Binary: python-cjson python-cjson-dbg
Architecture: source amd64
Version: 1.0.5-3
Distribution: unstable
Urgency: high
Maintainer: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
Changed-By: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
Description: 
 python-cjson - Very fast JSON encoder/decoder for Python
 python-cjson-dbg - Very fast JSON encoder/decoder for Python (debug extension)
Closes: 587700
Changes: 
 python-cjson (1.0.5-3) unstable; urgency=high
 .
   [ Christian Kastner ]
   * debian/source/format
     - Convert to format 3.0 (quilt)
   * debian/patches:
     - New patch 0001-fix-for-CVE-2010-1666
       Matt Giuca discovered a buffer overflow when encoding wide unicode
       characters on UCS4 builds. This fix was taken from Ubuntu LP #585274,
       which he provided.
       Closes: #587700, Fixes: CVE-2010-1666
Checksums-Sha1: 
 376e493e77206ceac155d4391b4fc65c03c5d4e8 1433 python-cjson_1.0.5-3.dsc
 2a5c27c87defb87d57bdf9e9932845c32939e5b5 4491 python-cjson_1.0.5-3.debian.tar.gz
 55b1a38e821bf0d6910cd572c41d3f92246f70ee 16156 python-cjson_1.0.5-3_amd64.deb
 57cdda8055434b024cbab65f743d65d217db009a 67778 python-cjson-dbg_1.0.5-3_amd64.deb
Checksums-Sha256: 
 99a4fa06a5f278c0c6750ee36901096257a2cd4b59f5983260bdb2373c043662 1433 python-cjson_1.0.5-3.dsc
 8dc793f907a30950e22b84bddba008e73bdcc5c8325aeec428f7e20114fb36ba 4491 python-cjson_1.0.5-3.debian.tar.gz
 dc0a3195b615d1add749d8ecd904c44b3873a77ad90b63f9948437dba0db589a 16156 python-cjson_1.0.5-3_amd64.deb
 2ac9dfb8a0ce3468d3a18a73ed2c3974fe3f1db6f0eace506c93614858a442fa 67778 python-cjson-dbg_1.0.5-3_amd64.deb
Files: 
 4518e7a57fcf573baa928e1a8b6edea0 1433 python optional python-cjson_1.0.5-3.dsc
 5978dca231e03afd1cb11caf5c2dbf0c 4491 python optional python-cjson_1.0.5-3.debian.tar.gz
 19cada10558e48983621ab09d0598123 16156 python optional python-cjson_1.0.5-3_amd64.deb
 36083fb2e578f5538e3b6e0eea17105c 67778 debug extra python-cjson-dbg_1.0.5-3_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkwzqWkACgkQBnqtBMk7/3n4HQCgnu5gbAzG3286+GBqrHTNXODe
UCQAn1iuYg5awUdLf6+r32+NtgpaWBZf
=9Rgg
-----END PGP SIGNATURE-----





Reply sent to Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>:
You have taken responsibility. (Sun, 11 Jul 2010 19:57:05 GMT) Full text and rfc822 format available.

Notification sent to Raphael Geissert <geissert@debian.org>:
Bug acknowledged by developer. (Sun, 11 Jul 2010 19:57:05 GMT) Full text and rfc822 format available.

Message #13 received at 587700-close@bugs.debian.org (full text, mbox):

From: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
To: 587700-close@bugs.debian.org
Subject: Bug#587700: fixed in python-cjson 1.0.5-1+lenny1
Date: Sun, 11 Jul 2010 19:55:38 +0000
Source: python-cjson
Source-Version: 1.0.5-1+lenny1

We believe that the bug you reported is fixed in the latest version of
python-cjson, which is due to be installed in the Debian FTP archive:

python-cjson-dbg_1.0.5-1+lenny1_amd64.deb
  to main/p/python-cjson/python-cjson-dbg_1.0.5-1+lenny1_amd64.deb
python-cjson_1.0.5-1+lenny1.diff.gz
  to main/p/python-cjson/python-cjson_1.0.5-1+lenny1.diff.gz
python-cjson_1.0.5-1+lenny1.dsc
  to main/p/python-cjson/python-cjson_1.0.5-1+lenny1.dsc
python-cjson_1.0.5-1+lenny1_amd64.deb
  to main/p/python-cjson/python-cjson_1.0.5-1+lenny1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 587700@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Debian Python Modules Team <python-modules-team@lists.alioth.debian.org> (supplier of updated python-cjson package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 10 Jul 2010 15:02:09 +0200
Source: python-cjson
Binary: python-cjson python-cjson-dbg
Architecture: source amd64
Version: 1.0.5-1+lenny1
Distribution: stable-security
Urgency: high
Maintainer: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
Changed-By: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
Description: 
 python-cjson - Very fast JSON encoder/decoder for Python
 python-cjson-dbg - Very fast JSON encoder/decoder for Python (debug extension)
Closes: 587700
Changes: 
 python-cjson (1.0.5-1+lenny1) stable-security; urgency=high
 .
   [ Christian Kastner ]
   * debian/rules:
     - Use simple-patchsys from cdbs for patch below
   * debian/patches:
     - Include patch 0001-fix-for-CVE-2010-1666 from unstable:
       Matt Giuca discovered a buffer overflow when encoding wide unicode
       characters on UCS4 builds. This fix was taken from Ubuntu
       LP #585274, which he provided.
       Closes: #587700, Fixes: CVE-2010-1666
Checksums-Sha1: 
 8ddfe9fc940ac0b0e568e29b32b118918cfe697c 1222 python-cjson_1.0.5-1+lenny1.dsc
 a00519debfdc6dcc33acfe68dc10ee4866fdcd8b 10978 python-cjson_1.0.5.orig.tar.gz
 d6af8aeac422fcce82fe9051407047dc7f38b87a 3892 python-cjson_1.0.5-1+lenny1.diff.gz
 a449ee5a631fcce7bdf62110ef68e723c8694fa4 16882 python-cjson_1.0.5-1+lenny1_amd64.deb
 834afa577d182f3a491dced61df665e109143ce6 73264 python-cjson-dbg_1.0.5-1+lenny1_amd64.deb
Checksums-Sha256: 
 ecbf31b27949eecc051654a59edba2a6210a818e3f07492ad7c92dd841a60d10 1222 python-cjson_1.0.5-1+lenny1.dsc
 85bbe7a9fb6617e24bb4dbef528af8ef6eae07f8809dcd05ec926142feca7714 10978 python-cjson_1.0.5.orig.tar.gz
 efe2e849f67368bc3b2595dcd8600e0c67d44d31a70d498978592a21b976f9a1 3892 python-cjson_1.0.5-1+lenny1.diff.gz
 0a9e8912c392706346bd710e1fa866c34032a01dc995a1fa1d0d11f690ab51a2 16882 python-cjson_1.0.5-1+lenny1_amd64.deb
 c6856590228009788b94d91773210a2f45af094199c8aebf4a65c99703ea5e36 73264 python-cjson-dbg_1.0.5-1+lenny1_amd64.deb
Files: 
 64a01e8f53b2ede46a66bca6ac19b693 1222 python optional python-cjson_1.0.5-1+lenny1.dsc
 4d55b66ecdf0300313af9d030d9644a3 10978 python optional python-cjson_1.0.5.orig.tar.gz
 106f2da130d255e076a7bf8f5c58a593 3892 python optional python-cjson_1.0.5-1+lenny1.diff.gz
 7fca836c1f1ddaf1a3cb689ab18e9ed7 16882 python optional python-cjson_1.0.5-1+lenny1_amd64.deb
 058c96847871f8a1850c2e6b785b38d5 73264 python optional python-cjson-dbg_1.0.5-1+lenny1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkw4/GIACgkQBnqtBMk7/3mkjgCglWzfigraLTA7fb4XiuMbUy3K
7s4AoLTIQLzcEWIKGypchOr3M7CPCZj4
=EAzx
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 05 Sep 2010 07:29:53 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 23 07:25:47 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.