Steffen Joeris
2010-Jan-20 14:52 UTC
[Secure-testing-team] Bug#566002: CVE-2010-0001: integer underflow
Package: gzip
Version: 1.3.12-8
Severity: grave
Tags: security patch
Hi Bdale, Carl
Carl, I saw too late that you''re a new co-maintainer so I only
forwarded the pre-notification to Bdale (who is probably busy at LCA).
i
the following CVE (Common Vulnerabilities & Exposures) id was
published for gzip and is still open for unstable/testing.
CVE-2010-0001[0] (from the DSA text):
Aki Helin discovered an integer underflow when decompressing files that
are compressed using the LZW algorithm. This could lead to the execution
of arbitrary code when trying to decompress a crafted LZW compressed
gzip archive.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
I am available for NMU/sponsoring, in case you''re still busy, just drop
me a line, please.
Cheers
Steffen
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0001
http://security-tracker.debian.org/tracker/CVE-2010-0001
patch:
--- gzip-1.3.12.orig/unlzw.c
+++ gzip-1.3.12/unlzw.c
@@ -248,7 +248,8 @@
int o;
resetbuf:
- e = insize-(o = (posbits>>3));
+ o = posbits >> 3;
+ e = o <= insize ? insize - o : 0;
for (i = 0 ; i < e ; ++i) {
inbuf[i] = inbuf[i+o];