[apache2] 04/05: CVE-2017-7679: mod_mime buffer overread

Stefan Fritsch sf at moszumanska.debian.org
Tue Jun 20 19:54:47 UTC 2017 

This is an automated email from the git hooks/post-receive script.

sf pushed a commit to branch jessie
in repository apache2.

commit 796be50f62b325c82bd3061854536b877ddebf04
Author: Stefan Fritsch <sf at sfritsch.de>
Date:   Tue Jun 20 21:01:52 2017 +0200

    CVE-2017-7679: mod_mime buffer overread
---
 debian/changelog                  |  1 +
 debian/patches/CVE-2017-7679.diff | 34 ++++++++++++++++++++++++++++++++++
 debian/patches/series             |  1 +
 3 files changed, 36 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 1ef3169..9653119 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,7 @@ apache2 (2.4.10-10+deb8u9) UNRELEASED; urgency=medium
   * CVE-2017-3167: Authentication bypass with ap_get_basic_auth_pw()
   * CVE-2017-3169: mod_ssl NULL pointer dereference
   * CVE-2017-7668: Buffer overrun in ap_find_token()
+  * CVE-2017-7679: mod_mime buffer overread
 
  -- Stefan Fritsch <sf at debian.org>  Tue, 20 Jun 2017 20:42:01 +0200
 
diff --git a/debian/patches/CVE-2017-7679.diff b/debian/patches/CVE-2017-7679.diff
new file mode 100644
index 0000000..1c975aa
--- /dev/null
+++ b/debian/patches/CVE-2017-7679.diff
@@ -0,0 +1,34 @@
+#commit 398f3ddeb1ceb8ba710eadf7036a36a41e0e769a
+#Author: Eric Covener <covener at apache.org>
+#Date:   Mon Jun 5 12:12:31 2017 +0000
+#
+#    Merge 1797550 from trunk:
+#    
+#    mod_mime: fix quoted pair scanning
+#    
+#    
+#    Submitted By: ylavic
+#    Reviewed By: covener, ylavic, jim
+#    
+#    
+#    
+#    
+#    
+#    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1797653 13f79535-47bb-0310-9956-ffa450edef68
+#
+diff --git a/modules/http/mod_mime.c b/modules/http/mod_mime.c
+index f92119b633..28c53be132 100644
+--- a/modules/http/mod_mime.c
++++ b/modules/http/mod_mime.c
+@@ -528,9 +528,9 @@ static int is_quoted_pair(const char *s)
+     int res = -1;
+     int c;
+ 
+-    if (((s + 1) != NULL) && (*s == '\\')) {
++    if (*s == '\\') {
+         c = (int) *(s + 1);
+-        if (apr_isascii(c)) {
++        if (c && apr_isascii(c)) {
+             res = 1;
+         }
+     }
diff --git a/debian/patches/series b/debian/patches/series
index 7ca57d5..749efb3 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -28,3 +28,4 @@ hostnames_with_underscores.diff
 CVE-2017-3167.diff
 CVE-2017-3169.diff
 CVE-2017-7668.diff
+CVE-2017-7679.diff

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-apache/apache2.git

More information about the Pkg-apache-commits mailing list