Your message dated Fri, 01 Jan 2010 23:48:17 +0000
with message-id <[email protected]>
and subject line Bug#550978: fixed in gif2png 2.5.2-2
has caused the Debian Bug report #550978,
regarding gif2png: Command line buffer overflow
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
550978: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: gif2png
Version: 2.5.1-3
Severity: normal
gif2png is prone to a command line buffer overflow since there is an
strcpy(3) call that fails to bounds-check user-supplied data before copying
them to a fixed size buffer. Here is a transcript:
[a...@hegel /tmp]$ gif2png `python -c 'print "A"*2048'`
Segmentation fault (core dumped)
[a...@hegel /tmp]$ gdb -q gif2png -c core
(no debugging symbols found)
warning: Can't read pathname for load map: Input/output error.
Reading symbols from /usr/lib/libpng12.so.0...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib/libpng12.so.0
Reading symbols from /lib/i686/cmov/libm.so.6...(no debugging symbols
found)...done.
Loaded symbols for /lib/i686/cmov/libm.so.6
Reading symbols from /usr/lib/libz.so.1...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libz.so.1
Reading symbols from /lib/i686/cmov/libc.so.6...(no debugging symbols
found)...done.
Loaded symbols for /lib/i686/cmov/libc.so.6
Reading symbols from /lib/ld-linux.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/ld-linux.so.2
(no debugging symbols found)
Core was generated by
`AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'.
Program terminated with signal 11, Segmentation fault.
#0 0xb7e6c6ed in ?? () from /lib/i686/cmov/libc.so.6
gdb $ i r
eax 0x41414141 0x41414141
ecx 0xb7f5960c 0xb7f5960c
edx 0xbfffe960 0xbfffe960
ebx 0xb7f57ff4 0xb7f57ff4
esp 0xbfffe384 0xbfffe384
ebp 0xbfffe3d8 0xbfffe3d8
esi 0xb7f3b1da 0xb7f3b1da
edi 0xb7f3b1e4 0xb7f3b1e4
eip 0xb7e6c6ed 0xb7e6c6ed
eflags 0x10206 [ PF IF RF ]
cs 0x73 0x73
ss 0x7b 0x7b
ds 0x7b 0x7b
es 0x7b 0x7b
fs 0x0 0x0
gs 0x33 0x33
The bug is located at file gif2png.c, line number 901
(strcpy(name, argv[i])) where name is a fixed size char array. This may
have security repercussions if gif2png is configured as a handler for
other applications that can pass user-supplied filenames as command line
input to gif2png (e.g. from a CGI or other).
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-686-bigmem (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=el_GR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages gif2png depends on:
ii libc6 2.9-25 GNU C Library: Shared libraries
ii libpng12-0 1.2.39-1 PNG library - runtime
ii zlib1g 1:1.2.3.3.dfsg-15 compression library - runtime
Versions of packages gif2png recommends:
ii python 2.5.4-2 An interactive high-level object-o
gif2png suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: gif2png
Source-Version: 2.5.2-2
We believe that the bug you reported is fixed in the latest version of
gif2png, which is due to be installed in the Debian FTP archive:
gif2png_2.5.2-2.diff.gz
to main/g/gif2png/gif2png_2.5.2-2.diff.gz
gif2png_2.5.2-2.dsc
to main/g/gif2png/gif2png_2.5.2-2.dsc
gif2png_2.5.2-2_i386.deb
to main/g/gif2png/gif2png_2.5.2-2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Erik Schanze <[email protected]> (supplier of updated gif2png package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 01 Jan 2010 21:29:18 +0100
Source: gif2png
Binary: gif2png
Architecture: source i386
Version: 2.5.2-2
Distribution: unstable
Urgency: low
Maintainer: Erik Schanze <[email protected]>
Changed-By: Erik Schanze <[email protected]>
Description:
gif2png - GIF -> PNG conversions
Closes: 550978
Changes:
gif2png (2.5.2-2) unstable; urgency=low
.
* Adapted 10_fix_gif2png_c.dpatch, closes: #550978
Checksums-Sha1:
8d0e9eca7b0f8b0a592a0870adfc277daf59ad16 1010 gif2png_2.5.2-2.dsc
4edc5056a19435430779f62ab50b15372a5dbe28 13655 gif2png_2.5.2-2.diff.gz
fae9001604d783ca0a7e05525bb93583deb36a0f 38640 gif2png_2.5.2-2_i386.deb
Checksums-Sha256:
af2702290aff36475e33bcb0501722b265d294054ccde11131ed2893b7568453 1010
gif2png_2.5.2-2.dsc
5f3418b8f9a61fbc20326eadb6f0ac467b8c802a72d9a8a576e9fdecb0516342 13655
gif2png_2.5.2-2.diff.gz
93874ba04f9e9f6c2ecd5674196f3aedfcea3950a7531efa2548bc6868c96abf 38640
gif2png_2.5.2-2_i386.deb
Files:
2644d3ec599722e0af93bee188da27f0 1010 graphics optional gif2png_2.5.2-2.dsc
51d2cc3eb4eab1e0d26bd4027d5cd6e0 13655 graphics optional
gif2png_2.5.2-2.diff.gz
68e2f726a364aeb3ace679cf4dae745a 38640 graphics optional
gif2png_2.5.2-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAks+hY8ACgkQwAfeuzCCU0Ww1gCeMgCMVioPAFowQmq7NUdFCwYZ
ZZoAnAv7ZrNylTUbSmwdgg+d+vkfbYw9
=8nkf
-----END PGP SIGNATURE-----
--- End Message ---
