Version in base suite: 1.1.2-2

Base version: libu2f-host_1.1.2-2
Target version: libu2f-host_1.1.2-2+deb9u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/libu/libu2f-host/libu2f-host_1.1.2-2.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/libu/libu2f-host/libu2f-host_1.1.2-2+deb9u1.dsc

 changelog                        |    6 +++++
 patches/Fix-CVE-2018-20340.patch |   46 +++++++++++++++++++++++++++++++++++++++
 patches/series                   |    1 
 3 files changed, 53 insertions(+)

diff -Nru libu2f-host-1.1.2/debian/changelog libu2f-host-1.1.2/debian/changelog
--- libu2f-host-1.1.2/debian/changelog	2016-09-23 18:42:49.000000000 +0000
+++ libu2f-host-1.1.2/debian/changelog	2019-02-08 20:42:16.000000000 +0000
@@ -1,3 +1,9 @@
+libu2f-host (1.1.2-2+deb9u1) stretch-security; urgency=high
+
+  * Backport patch for CVE-2018-20340 (Closes: #921725)
+
+ -- Nicolas Braud-Santoni <nicoo@debian.org>  Fri, 08 Feb 2019 21:42:16 +0100
+
 libu2f-host (1.1.2-2) unstable; urgency=medium
 
   * debian/control: Move the packaging repo to Alioth
diff -Nru libu2f-host-1.1.2/debian/patches/Fix-CVE-2018-20340.patch libu2f-host-1.1.2/debian/patches/Fix-CVE-2018-20340.patch
--- libu2f-host-1.1.2/debian/patches/Fix-CVE-2018-20340.patch	1970-01-01 00:00:00.000000000 +0000
+++ libu2f-host-1.1.2/debian/patches/Fix-CVE-2018-20340.patch	2019-02-08 20:42:16.000000000 +0000
@@ -0,0 +1,46 @@
+Subject: Fix CVE-2018-20340
+
+Origin: upstream, https://github.com/Yubico/libu2f-host/commit/4d490bb2c528c351e32837fcdaebd998eb5d3f27
+Bug-Debian: https://bugs.debian.org/921725
+From: Klas Lindfors <klas@yubico.com>
+Reviewed-by: Nicolas Braud-Santoni <nicoo@debian.org>
+Last-Update: 2019-02-08
+Applied-Upstream: yes
+
+---
+ u2f-host/devs.c    | 5 +++++
+ u2f-host/u2fmisc.c | 5 +++++
+ 2 files changed, 10 insertions(+)
+
+diff --git a/u2f-host/devs.c b/u2f-host/devs.c
+index 6f27c72..0c50882 100644
+--- a/u2f-host/devs.c
++++ b/u2f-host/devs.c
+@@ -247,6 +247,11 @@ init_device (u2fh_devs * devs, struct u2fdevice *dev)
+        &resplen) == U2FH_OK)
+     {
+       U2FHID_INIT_RESP initresp;
++      if (resplen > sizeof (initresp))
++        {
++          return U2FH_MEMORY_ERROR;
++        }
++
+       memcpy (&initresp, resp, resplen);
+       dev->cid = initresp.cid;
+       dev->versionInterface = initresp.versionInterface;
+diff --git a/u2f-host/u2fmisc.c b/u2f-host/u2fmisc.c
+index 0be1adc..e17a6c3 100644
+--- a/u2f-host/u2fmisc.c
++++ b/u2f-host/u2fmisc.c
+@@ -306,6 +306,11 @@ u2fh_sendrecv (u2fh_devs * devs, unsigned index, uint8_t cmd,
+ 		     frame.cont.seq, sequence);
+ 	    return U2FH_TRANSPORT_ERROR;
+ 	  }
++
++	if (recvddata + sizeof (frame.cont.data) > maxlen)
++	  {
++	    return U2FH_TRANSPORT_ERROR;
++	  }
+ 	memcpy (recv + recvddata, frame.cont.data, sizeof (frame.cont.data));
+ 	recvddata += sizeof (frame.cont.data);
+       }
diff -Nru libu2f-host-1.1.2/debian/patches/series libu2f-host-1.1.2/debian/patches/series
--- libu2f-host-1.1.2/debian/patches/series	1970-01-01 00:00:00.000000000 +0000
+++ libu2f-host-1.1.2/debian/patches/series	2019-02-08 20:42:16.000000000 +0000
@@ -0,0 +1 @@
+Fix-CVE-2018-20340.patch