Comment 5 for bug 1835896

Il giorno gio 11 lug 2019 alle ore 12:20 Alex Murray <
<email address hidden>> ha scritto:

> Is the temporary patch
>
> https://github.com/FreeTDS/freetds/commit/0df4eb82a0e3ff844e373d7c9f9c6c813925e2ac
> expected to be the final and authoritative fix for this issue? In
>

The patch fixes the security issue.
On the other hand the path of exploitation reveals that there are also some
missing checks
and some conditions should be handled in a different way.
So I'll write tests for this and will handle checks more robustly to remove
other similar possibilities in the future.

> general, we wouldn't normally keep security bugs private when the fix is
> already out-in-the-open since smart hackers can usually reverse engineer
> these things to deduce the presence of a bug just from the commit which
> fixes it. However, this is your bug so you get to make the call -
>

Usually it makes sense. In this case it's far from clear that this is a
security
fix (usually is very clear) so I adopted this uncommon process.
I think in the future patches (I'll obviously wait till packages are out,
at least
3 months) I'll explain all the security issue and quote the CVE.

> although once CVE is announced publicly then the bug should become
> public too regardless.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1835896
>
> Title:
> Heap overflow if UDT type is used with protocol 5.0
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/freetds/+bug/1835896/+subscriptions
>