Source: fastdds
Version: 2.11.2+ds-6
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for fastdds.

CVE-2024-28231[0]:
| eprosima Fast DDS is a C++ implementation of the Data Distribution
| Service standard of the Object Management Group. Prior to versions
| 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8, manipulated DATA
| Submessage can cause a heap overflow error in the Fast-DDS process,
| causing the process to be terminated remotely. Additionally, the
| payload_size in the DATA Submessage packet is declared as uint32_t.
| When a negative number, such as -1, is input into this variable, it
| results in an Integer Overflow (for example, -1 gets converted to
| 0xFFFFFFFF). This eventually leads to a heap-buffer-overflow,
| causing the program to terminate. Versions 2.14.0, 2.13.4, 2.12.3,
| 2.10.4, and 2.6.8 contain a fix for this issue.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-28231
https://www.cve.org/CVERecord?id=CVE-2024-28231
[1] https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-9m2j-qw67-ph4w

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is a multi-part message in MIME format...

Your message dated Wed, 17 Apr 2024 18:10:11 +0000
with message-id <E1rx9jX-00FOVM-Jx@fasolo.debian.org>
and subject line Bug#1067393: fixed in fastdds 2.14.0+ds-1
has caused the Debian Bug report #1067393,
regarding fastdds: CVE-2024-28231
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


--
1067393: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067393
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

Received: (at submit) by bugs.debian.org; 20 Mar 2024 22:03:00 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.6-bugs.debian.org_2005_01_02
(2021-04-09) on buxtehude.debian.org
X-Spam-Level:
X-Spam-Status: No, score=-7.2 required=4.0 tests=BAYES_00,FOURLA,FROMDEVELOPER,
HELO_LH_HOME,KHOP_HELO_FCRDNS,RDNS_DYNAMIC,SPF_HELO_NONE,SPF_NONE,
T_SCC_BODY_TEXT_LINE,XMAILER_REPORTBUG autolearn=ham
autolearn_force=no version=3.4.6-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 23; hammy, 150; neutral, 78; spammy,
0. spammytokens: hammytokens:0.000-+--H*F:U*carnil,
0.000-+--XDebbugsCc, 0.000-+--X-Debbugs-Cc, 0.000-+--H*M:reportbug,
0.000-+--H*MI:reportbug
Return-path: <carnil@debian.org>
Received: from c-82-192-242-114.customer.ggaweb.ch ([82.192.242.114]:48616 helo=eldamar.lan)
by buxtehude.debian.org with esmtp (Exim 4.94.2)
(envel