Debian Bug report logs - #690924
mcrypt: CVE-2012-4527

version graph

Package: mcrypt; Maintainer for mcrypt is RISKO Gergely <risko@debian.org>; Source for mcrypt is src:mcrypt.

Reported by: Moritz Muehlenhoff <jmm@inutil.org>

Date: Fri, 19 Oct 2012 05:57:07 UTC

Severity: grave

Tags: patch, security

Fixed in version mcrypt/2.6.8-1.3

Done: Michael Gilbert <mgilbert@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, RISKO Gergely <risko@debian.org>:
Bug#690924; Package mcrypt. (Fri, 19 Oct 2012 05:57:10 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, RISKO Gergely <risko@debian.org>. (Fri, 19 Oct 2012 05:57:10 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: mcrypt: CVE-2012-4527
Date: Fri, 19 Oct 2012 07:53:02 +0200
Package: mcrypt
Severity: grave
Tags: security
Justification: user security hole

Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4527

Cheers,
        Moritz



Information forwarded to debian-bugs-dist@lists.debian.org, RISKO Gergely <risko@debian.org>:
Bug#690924; Package mcrypt. (Thu, 01 Nov 2012 14:09:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Jean-Michel Vourgère" <jmv_deb@nirgal.com>:
Extra info received and forwarded to list. Copy sent to RISKO Gergely <risko@debian.org>. (Thu, 01 Nov 2012 14:09:03 GMT) Full text and rfc822 format available.

Message #10 received at 690924@bugs.debian.org (full text, mbox):

From: "Jean-Michel Vourgère" <jmv_deb@nirgal.com>
To: 690924@bugs.debian.org
Subject: Re: CVE-2012-4527
Date: Thu, 1 Nov 2012 14:04:55 +0000
[Message part 1 (text/plain, inline)]
Second patch listed at redhat is ok.

But I would either replace
#define WIDTH 80
by
#define WIDTH (sizeof(tmperr))

or
#define WIDTH 80
char tmperr[128];
by
#define WIDTH 128
char tmperr[WIDTH];

snprintf does add a \0 at tmperr[WIDTH]

WIDTH is a poor choice as a macro name IMHO.
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, RISKO Gergely <risko@debian.org>:
Bug#690924; Package mcrypt. (Thu, 01 Nov 2012 14:21:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Jean-Michel Vourgère" <jmv_deb@nirgal.com>:
Extra info received and forwarded to list. Copy sent to RISKO Gergely <risko@debian.org>. (Thu, 01 Nov 2012 14:21:03 GMT) Full text and rfc822 format available.

Message #15 received at 690924@bugs.debian.org (full text, mbox):

From: "Jean-Michel Vourgère" <jmv_deb@nirgal.com>
To: 690924@bugs.debian.org
Subject: Re: CVE-2012-4527
Date: Thu, 1 Nov 2012 14:18:18 +0000
On Thursday 01 November 2012 14:04:55 Jean-Michel Vourgère wrote:
> snprintf does add a \0 at tmperr[WIDTH]

Doh! I mean tmperr[WIDTH-1] of course!



Information forwarded to debian-bugs-dist@lists.debian.org, RISKO Gergely <risko@debian.org>:
Bug#690924; Package mcrypt. (Thu, 01 Nov 2012 18:45:09 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Jean-Michel Vourgère" <jmv_deb@nirgal.com>:
Extra info received and forwarded to list. Copy sent to RISKO Gergely <risko@debian.org>. (Thu, 01 Nov 2012 18:45:09 GMT) Full text and rfc822 format available.

Message #20 received at 690924@bugs.debian.org (full text, mbox):

From: "Jean-Michel Vourgère" <jmv_deb@nirgal.com>
To: control@bugs.debian.org
Cc: 690924@bugs.debian.org
Subject: CVE-2012-4527
Date: Thu, 1 Nov 2012 18:41:08 +0000
[Message part 1 (text/plain, inline)]
tags 690924 + patch
thanks

Attached is a patch based on excellent job by Attila Bogar.
I just increased buffer size so that a full file name could be printed.
[CVE-2012-4527.diff (text/x-patch, attachment)]
[signature.asc (application/pgp-signature, inline)]

Added tag(s) patch. Request was from "Jean-Michel Vourgère" <jmv_deb@nirgal.com> to control@bugs.debian.org. (Thu, 01 Nov 2012 18:45:13 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, RISKO Gergely <risko@debian.org>:
Bug#690924; Package mcrypt. (Fri, 02 Nov 2012 19:18:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Michael Gilbert <mgilbert@debian.org>:
Extra info received and forwarded to list. Copy sent to RISKO Gergely <risko@debian.org>. (Fri, 02 Nov 2012 19:18:03 GMT) Full text and rfc822 format available.

Message #27 received at 690924@bugs.debian.org (full text, mbox):

From: Michael Gilbert <mgilbert@debian.org>
To: 690924@bugs.debian.org
Subject: nmu
Date: Fri, 2 Nov 2012 15:14:55 -0400
[Message part 1 (text/plain, inline)]
Hi, I've just uploaded an nmu fixing this issue.  See attached patch.

Best wishes,
Mike
[mcrypt.patch (application/octet-stream, attachment)]

Reply sent to Michael Gilbert <mgilbert@debian.org>:
You have taken responsibility. (Fri, 02 Nov 2012 19:21:11 GMT) Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. (Fri, 02 Nov 2012 19:21:11 GMT) Full text and rfc822 format available.

Message #32 received at 690924-close@bugs.debian.org (full text, mbox):

From: Michael Gilbert <mgilbert@debian.org>
To: 690924-close@bugs.debian.org
Subject: Bug#690924: fixed in mcrypt 2.6.8-1.3
Date: Fri, 02 Nov 2012 19:17:40 +0000
Source: mcrypt
Source-Version: 2.6.8-1.3

We believe that the bug you reported is fixed in the latest version of
mcrypt, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 690924@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Gilbert <mgilbert@debian.org> (supplier of updated mcrypt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 02 Nov 2012 19:04:58 +0000
Source: mcrypt
Binary: mcrypt
Architecture: source amd64
Version: 2.6.8-1.3
Distribution: unstable
Urgency: high
Maintainer: RISKO Gergely <risko@debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Description: 
 mcrypt     - Replacement for old unix crypt(1)
Closes: 690924
Changes: 
 mcrypt (2.6.8-1.3) unstable; urgency=high
 .
   * Non-maintainer upload.
   * Fix cve-2012-4527: long file name buffer overflow (closes: #690924).
Checksums-Sha1: 
 0e4014947273ab8053b6bd7ee61bd3b5015a2c8f 2575 mcrypt_2.6.8-1.3.dsc
 1ebe64a316acbf22738aad5263e3185cc1bb1391 432709 mcrypt_2.6.8-1.3.diff.gz
 6aa2e42bba19cb3ac2eb3787bcd8985b24cc097f 73006 mcrypt_2.6.8-1.3_amd64.deb
Checksums-Sha256: 
 09023c528171dc4d9d5c58442743aaabad711881763b5de32388f3c63db76e0f 2575 mcrypt_2.6.8-1.3.dsc
 332268123ca1e7ea39402e400c4e6eaea3e97e0d6e73234ca8be325d9bdc7c76 432709 mcrypt_2.6.8-1.3.diff.gz
 f17fdf2ff7718e972e22927303537afd4192abcebc8728089cf630ee80d3da9a 73006 mcrypt_2.6.8-1.3_amd64.deb
Files: 
 386b73985ed6dfd3255cc3fa1ae00380 2575 utils optional mcrypt_2.6.8-1.3.dsc
 00f9e2d0642e73bf13ca52103cee07b9 432709 utils optional mcrypt_2.6.8-1.3.diff.gz
 bab95d0b3fcd4da886e04ebdd32d1bb4 73006 utils optional mcrypt_2.6.8-1.3_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQQcBAEBCAAGBQJQlBrbAAoJELjWss0C1vRzUR4f/iIdJP3Q33Tn7dmcWGoQmGOs
vcW9WEUlADWDMyJmgurDLEueeDsunJsOZmSc+lBEG4GS9Ox0d+1gRFekCd9OVbvb
AJR/mptwo3mkbeJw+Vrq3oLvbqsCG2P+K1Wk2+gX3S9KYV8yuWcBFK2QqPXSCqIe
9INS9Zb/tZ74KEVIdzM+qY1AqY0AgDD1hbHFuvu3oteCT6sLYgnKf0mq1PFXRns6
DpB3d4u6IxAeD+GBUVy7cbWDDNe9Any2VaO/dWmTHCp4TXE+7PvOJ9Hnk/nlVloU
/AIy38qL9M7kjmy5qCKbj8CKVdpgpZ42eibpn8yjUEdomoGZO8IUoo6EJK1JiwG1
l9yVtDmLVA9NzQjiFz38EibWwaCSB7ck6ibYBO4J1lU283S2mVqvheXx6aetE+9D
mjTYXfQM5BdlL06ocn0ekTW8IVFLGdraUmVAfFKsykO113JqM5QjfUatwBYAU+a1
uv0rtBLO/YLlb18q+lrLbgVyHQtmwz75q4tTGmzIaltvMXNqpRL0/PhIbZeoCqUh
OJ1ILkR+Ch4bLnvmpeDOw4XA9yd9ig3Fv0LkqHnF88xnEWbUP9Yq4gf1NGSqVUsk
b959Kvz83ipEqD9hrYlblUH+wP4Nm4Hv2ySRYddOICkoET2iq8tfBadVwHsrrAnL
ZV9NvK21mJrEvqvM1e5th6kSdS4u2+Oe1suD4R3z+T88xStWZxvsfcLlvpy4/bFI
eZV/l63InwxfPJ3HADvTUflk8HRoPYOO0uyEgeP9NiI9cUPyA1r4EQbg3PF8MI0b
aQqj2EfUPD857MufYPnRvS0VGkA/fiaEfUcm29oSZ3U/5e+qHl9q/3H16YtY2uYI
kdPAFfa8xcuiv45dSwVJD3oYMSHoraynVvDl3fQ8yGyKqdS4OX+KfSXvn/ypxKTC
rj5KSRYILmTo9BxC5RqmasA1D1SDfdrdFl1HZTloTxu2Iyj0uFBExvkcqgyhpRh2
HvsWd3fKJ9Vdg2nG4jybX4j/o2ewbSPm+plVIhnBYKRO/CT8o5ssgofLqZQ7eLRr
6JnkfhGkW+dSl/barfO5VuKLJdkSCB4zia377u15mN815Fm4WK5dPLD2AQubMzcQ
qRMGA5s+nSOn/3exCQg78RGgRrB0ELfiGypIzI7JaB07GlOnYTei5q6VbateGIK/
cgNKylJz09fGn1HAgvZyfy9Jny89fnwnNIGmvh/KfOPFhsRuQ3A6GmwEYx3h+1X/
OYrzjp9aKLt4KAWn7ShPiO86ZZ90JopehyZL+ER/UPoINw2BQy3J3uCDlc63ou4Y
dPnl7ystv4JbiwKtjuyKY4ti5hGQCQdNf1hH4zWB2hk+x2tTo1QT7eTamWH+otU=
=1yyy
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 02 Jun 2013 07:43:28 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 09:58:08 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.