Version in base suite: 4.8-2

Base version: libpam-krb5_4.8-2
Target version: libpam-krb5_4.8-2+deb10u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/libp/libpam-krb5/libpam-krb5_4.8-2.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/libp/libpam-krb5/libpam-krb5_4.8-2+deb10u1.dsc

 changelog                                           |    8 +++++
 patches/0001-Fix-buffer-overflow-in-prompting.patch |   32 ++++++++++++++++++++
 patches/series                                      |    1 
 3 files changed, 41 insertions(+)

diff -Nru libpam-krb5-4.8/debian/changelog libpam-krb5-4.8/debian/changelog
--- libpam-krb5-4.8/debian/changelog	2018-08-31 17:57:00.000000000 +0000
+++ libpam-krb5-4.8/debian/changelog	2020-03-23 04:17:19.000000000 +0000
@@ -1,3 +1,11 @@
+libpam-krb5 (4.8-2+deb10u1) buster-security; urgency=high
+
+  * SECURITY: Fix potential one-byte buffer overflow when the underlying
+    Kerberos library initiates prompting (such as for PKINIT or when the
+    no_prompt PAM option is set).  (CVE-2020-10595)
+
+ -- Russ Allbery <rra@debian.org>  Sun, 22 Mar 2020 21:17:19 -0700
+
 libpam-krb5 (4.8-2) unstable; urgency=medium
 
   * Move canonical packaging repository to salsa.debian.org.
diff -Nru libpam-krb5-4.8/debian/patches/0001-Fix-buffer-overflow-in-prompting.patch libpam-krb5-4.8/debian/patches/0001-Fix-buffer-overflow-in-prompting.patch
--- libpam-krb5-4.8/debian/patches/0001-Fix-buffer-overflow-in-prompting.patch	1970-01-01 00:00:00.000000000 +0000
+++ libpam-krb5-4.8/debian/patches/0001-Fix-buffer-overflow-in-prompting.patch	2020-03-23 04:17:19.000000000 +0000
@@ -0,0 +1,32 @@
+From: Russ Allbery <rra@debian.org>
+Date: Sun, 22 Mar 2020 21:13:22 -0700
+Subject: Fix buffer overflow in prompting
+
+SECURITY: All previous versions of this module could overflow the
+buffer provided by the underlying Kerberos library for the response to
+a prompt by writing a single nul character past the end of the buffer.
+(CVE-2020-10595)
+---
+ prompting.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/prompting.c b/prompting.c
+index e985d95..d81054f 100644
+--- a/prompting.c
++++ b/prompting.c
+@@ -321,12 +321,13 @@ pamk5_prompter_krb5(krb5_context context UNUSED, void *data, const char *name,
+     if (banner != NULL && !args->silent)
+         pam_prompts++;
+     for (i = 0; i < num_prompts; i++, pam_prompts++) {
+-        size_t len;
++        size_t len, allowed;
+ 
+         if (resp[pam_prompts].resp == NULL)
+             goto cleanup;
+         len = strlen(resp[pam_prompts].resp);
+-        if (len > prompts[i].reply->length)
++        allowed = prompts[i].reply->length;
++        if (allowed == 0 || len > allowed - 1)
+             goto cleanup;
+ 
+         /*
diff -Nru libpam-krb5-4.8/debian/patches/series libpam-krb5-4.8/debian/patches/series
--- libpam-krb5-4.8/debian/patches/series	1970-01-01 00:00:00.000000000 +0000
+++ libpam-krb5-4.8/debian/patches/series	2020-03-23 04:17:19.000000000 +0000
@@ -0,0 +1 @@
+0001-Fix-buffer-overflow-in-prompting.patch