diff -u libapache2-mod-fcgid-2.3.7/debian/changelog libapache2-mod-fcgid-2.3.7/debian/changelog --- libapache2-mod-fcgid-2.3.7/debian/changelog +++ libapache2-mod-fcgid-2.3.7/debian/changelog @@ -1,3 +1,10 @@ +libapache2-mod-fcgid (1:2.3.7-0ubuntu2.12.10.1) quantal-security; urgency=low + + * Fix CVE-2013-4365: heap buffer overwrite. (LP: #1238242) + - Add debian/patches/20_CVE-2013-4365.dpatch, patch from upstream. + + -- Felix Geyer Fri, 11 Oct 2013 19:44:31 +0200 + libapache2-mod-fcgid (1:2.3.7-0ubuntu2) quantal; urgency=low * Pass build flags as EXTRA_$FLAGS so we don't override the default ones. diff -u libapache2-mod-fcgid-2.3.7/debian/patches/00list libapache2-mod-fcgid-2.3.7/debian/patches/00list --- libapache2-mod-fcgid-2.3.7/debian/patches/00list +++ libapache2-mod-fcgid-2.3.7/debian/patches/00list @@ -1,0 +2 @@ +20_CVE-2013-4365.dpatch only in patch2: unchanged: --- libapache2-mod-fcgid-2.3.7.orig/debian/patches/20_CVE-2013-4365.dpatch +++ libapache2-mod-fcgid-2.3.7/debian/patches/20_CVE-2013-4365.dpatch @@ -0,0 +1,35 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## +## DP: Fix CVE-2013-4365: heap buffer overwrite +## DP: Origin: https://svn.apache.org/viewvc?view=revision&revision=r1527362 + +@DPATCH@ + +--- a/modules/fcgid/fcgid_bucket.c ++++ b/modules/fcgid/fcgid_bucket.c +@@ -112,10 +112,12 @@ + if (header.type == FCGI_STDERR) { + char *logbuf = apr_bucket_alloc(APR_BUCKET_BUFF_SIZE, b->list); + char *line; ++ apr_size_t hasput; + + memset(logbuf, 0, APR_BUCKET_BUFF_SIZE); + + hasread = 0; ++ hasput = 0; + while (hasread < bodysize) { + char *buffer; + apr_size_t bufferlen, canput, willput; +@@ -130,9 +132,10 @@ + + canput = fcgid_min(bufferlen, bodysize - hasread); + willput = +- fcgid_min(canput, APR_BUCKET_BUFF_SIZE - hasread - 1); +- memcpy(logbuf + hasread, buffer, willput); ++ fcgid_min(canput, APR_BUCKET_BUFF_SIZE - hasput - 1); ++ memcpy(logbuf + hasput, buffer, willput); + hasread += canput; ++ hasput += willput; + + /* Ignore the "canput" bytes */ + fcgid_ignore_bytes(ctx, canput);