711218 – (CVE-2019-1010305) <dev-libs/libmspack-0.10.1_alpha: buffer overflow in function chmd_read_headers() (CVE-2019-1010305)

Bug 711218 (CVE-2019-1010305) - <dev-libs/libmspack-0.10.1_alpha: buffer overflow in function chmd_read_headers() (CVE-2019-1010305)

Summary: <dev-libs/libmspack-0.10.1_alpha: buffer overflow in function chmd_read_heade...

Status:	RESOLVED FIXED

Alias:	CVE-2019-1010305

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://github.com/kyz/libmspack/issu...
Whiteboard:	B3 [noglsa cve]
Keywords:	PullRequest

Depends on:
Blocks:

Reported:	2020-03-01 20:24 UTC by Sam James
Modified:	2021-01-25 23:45 UTC (History)
CC List:	4 users (show)

See Also:	719870 https://github.com/gentoo/gentoo/pull/15891 https://github.com/gentoo/gentoo/pull/18824
Package list:	app-arch/cabextract-1.9.1
Runtime testing required:	---

Flags:	nattka: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sam James archtester

2020-03-01 20:24:28 UTC

Description:
"libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit 2f084136cfe0d05e5bf5703f3e83c6d955234b4d."

Affected versions (dev-libs/libmspack):
- <0.10alpha

Affected versions (app-arch/cabextract):
- <1.9.1

Patch (libmspack): https://github.com/kyz/libmspack/commit/2f084136cfe0d05e5bf5703f3e83c6d955234b4d

Comment 1 Sam James archtester

2020-04-16 00:49:21 UTC

@maintainer(s): ping

Comment 2 Sam James archtester

2020-07-19 13:28:57 UTC

(In reply to Sam James from comment #1)
> @maintainer(s): ping

[14:28:16]  <@sam_c> reavertm_: I haven't reviewed https://github.com/gentoo/gentoo/pull/15891 yet but it's a bump for libmspack (may end up doing it myself if it's not OK). I'll do it for the security bug unless you have an objection.

Comment 3 Larry the Git Cow gentoo-dev

2020-08-02 17:31:04 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=89a8a05de188bd4c1bb7ef9910293788dd6a6850

commit 89a8a05de188bd4c1bb7ef9910293788dd6a6850
Author:     David Heidelberg <david@ixit.cz>
AuthorDate: 2020-05-20 12:03:10 +0000
Commit:     Maciej Mrozowski <reavertm@gentoo.org>
CommitDate: 2020-08-02 17:30:36 +0000

    dev-libs/libmspack: bump to 0.10.1_alpha
    
    Package-Manager: Portage-2.3.99, Repoman-2.3.22
    Signed-off-by: David Heidelberg <david@ixit.cz>
    Bug: https://bugs.gentoo.org/711218
    Closes: https://github.com/gentoo/gentoo/pull/15891
    Signed-off-by: Maciej Mrozowski <reavertm@gentoo.org>

 dev-libs/libmspack/Manifest                      |  1 +
 dev-libs/libmspack/libmspack-0.10.1_alpha.ebuild | 73 ++++++++++++++++++++++++
 2 files changed, 74 insertions(+)

Comment 4 Sam James archtester

2020-08-15 03:03:32 UTC

arm64 done

Comment 5 Sam James archtester

2020-08-15 03:04:38 UTC

amd64 done

Comment 6 Sam James archtester

2020-08-15 03:45:10 UTC

x86 done

Comment 7 Sam James archtester

2020-08-15 04:33:13 UTC

arm done

Comment 8 Agostino Sarubbo gentoo-dev

2020-08-16 14:47:45 UTC

s390 stable

Comment 9 Agostino Sarubbo gentoo-dev

2020-08-16 14:49:02 UTC

sparc stable

Comment 10 Sam James archtester

2020-08-29 12:55:59 UTC

ppc done

Comment 11 Sam James archtester

2020-09-03 23:59:50 UTC

ppc64 stable

Comment 12 Sergei Trofimovich (RETIRED) gentoo-dev

2020-09-06 08:18:43 UTC

hppa stable

Comment 13 Sam James archtester

2020-09-06 14:21:31 UTC

Please cleanup.

Comment 14 Sam James archtester

2020-09-09 16:05:34 UTC

We needed to stable cabextract too.

Comment 15 Sam James archtester

2020-09-09 20:59:13 UTC

arm64 done

Comment 16 Sam James archtester

2020-09-09 21:07:20 UTC

arm done

Comment 17 Sergei Trofimovich (RETIRED) gentoo-dev

2020-09-10 07:49:59 UTC

ppc64 stable

Comment 18 ernsteiswuerfel archtester

2020-09-12 13:07:32 UTC

Looking good on ppc.

 # cat cabextract-711218.report 
USE tests started on Sa 12. Sep 15:03:13 CEST 2020

FEATURES=' test' USE='' succeeded for =app-arch/cabextract-1.9.1
USE='-extras' succeeded for =app-arch/cabextract-1.9.1
USE='extras' succeeded for =app-arch/cabextract-1.9.1

Comment 19 Sergei Trofimovich (RETIRED) gentoo-dev

2020-09-13 09:04:26 UTC

hppa stable

Comment 20 Sergei Trofimovich (RETIRED) gentoo-dev

2020-09-13 09:05:58 UTC

sparc stable

Comment 21 Sergei Trofimovich (RETIRED) gentoo-dev

2020-09-13 09:12:00 UTC

ppc stable thanks to ernsteiswuerfel!

Comment 22 Thomas Deutschmann (RETIRED) gentoo-dev

2020-09-15 17:23:12 UTC

x86 stable

Comment 23 Sam James archtester

2020-09-19 22:28:54 UTC

amd64 done

all arches done

Comment 24 Larry the Git Cow gentoo-dev

2020-12-29 02:00:17 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=992db41a4e6b51729b78139139cd24910b156a65

commit 992db41a4e6b51729b78139139cd24910b156a65
Author:     John Helmert III <jchelmert3@posteo.net>
AuthorDate: 2020-12-27 06:29:30 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2020-12-29 01:59:31 +0000

    dev-libs/libmspack: security cleanup (drop <0.10.1_alpha)
    
    Bug: https://bugs.gentoo.org/711218
    Package-Manager: Portage-3.0.12, Repoman-3.0.2
    Signed-off-by: John Helmert III <jchelmert3@posteo.net>
    Closes: https://github.com/gentoo/gentoo/pull/18824
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-libs/libmspack/Manifest                        |  1 -
 .../libmspack-0.9.1_alpha-fix-bigendian.patch      | 17 -----
 dev-libs/libmspack/libmspack-0.9.1_alpha-r1.ebuild | 75 ----------------------
 3 files changed, 93 deletions(-)