Version in base suite: 2.0.3-3 Base version: lwip_2.0.3-3 Target version: lwip_2.0.3-3+deb10u1 Base file: /srv/ftp-master.debian.org/ftp/pool/main/l/lwip/lwip_2.0.3-3.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/l/lwip/lwip_2.0.3-3+deb10u1.dsc changelog | 6 ++++++ patches/CVE-2020-8597 | 20 ++++++++++++++++++++ patches/series | 1 + 3 files changed, 27 insertions(+) diff -Nru lwip-2.0.3/debian/changelog lwip-2.0.3/debian/changelog --- lwip-2.0.3/debian/changelog 2018-11-03 23:25:58.000000000 +0000 +++ lwip-2.0.3/debian/changelog 2020-03-21 08:02:20.000000000 +0000 @@ -1,3 +1,9 @@ +lwip (2.0.3-3+deb10u1) buster; urgency=high + + * Fix CVE-2020-8597 + + -- Joan Lledó Sat, 21 Mar 2020 09:02:20 +0100 + lwip (2.0.3-3) unstable; urgency=medium [ Samuel Thibault ] diff -Nru lwip-2.0.3/debian/patches/CVE-2020-8597 lwip-2.0.3/debian/patches/CVE-2020-8597 --- lwip-2.0.3/debian/patches/CVE-2020-8597 1970-01-01 00:00:00.000000000 +0000 +++ lwip-2.0.3/debian/patches/CVE-2020-8597 2020-03-14 09:00:49.000000000 +0000 @@ -0,0 +1,20 @@ +--- a/src/netif/ppp/eap.c ++++ b/src/netif/ppp/eap.c +@@ -1417,7 +1417,7 @@ + } + + /* Not so likely to happen. */ +- if (vallen >= len + sizeof (rhostname)) { ++ if (len - vallen >= (int)sizeof (rhostname)) { + ppp_dbglog("EAP: trimming really long peer name down"); + MEMCPY(rhostname, inp + vallen, sizeof (rhostname) - 1); + rhostname[sizeof (rhostname) - 1] = '\0'; +@@ -1845,7 +1845,7 @@ + } + + /* Not so likely to happen. */ +- if (vallen >= len + sizeof (rhostname)) { ++ if (len - vallen >= (int)sizeof (rhostname)) { + ppp_dbglog("EAP: trimming really long peer name down"); + MEMCPY(rhostname, inp + vallen, sizeof (rhostname) - 1); + rhostname[sizeof (rhostname) - 1] = '\0'; diff -Nru lwip-2.0.3/debian/patches/series lwip-2.0.3/debian/patches/series --- lwip-2.0.3/debian/patches/series 2018-08-30 08:47:30.000000000 +0000 +++ lwip-2.0.3/debian/patches/series 2020-03-14 09:02:04.000000000 +0000 @@ -1,3 +1,4 @@ +CVE-2020-8597 port posix errno