Your message dated Sat, 14 Apr 2018 17:35:25 +0000
with message-id <e1f7p5b-0002ro...@fasolo.debian.org>
and subject line Bug#882021: fixed in fig2dev 1:3.2.7-1
has caused the Debian Bug report #882021,
regarding fig2dev: buffer overflow in note_arrow()
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
882021: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882021
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: fig2dev
Version: 1:3.2.6a-6

fig2dev crashes on the attached file:

  $ fig2dev -L epic overflow.fig
  Segmentation fault

GDB says it's a buffer overflow:

  Program received signal SIGSEGV, Segmentation fault.
  0x566488fe in note_arrow (style=0, type=123456789) at read.c:503
  503             arrow_used[2*type + style] = true;
  (gdb) bt
  #0  0x566488fe in note_arrow (style=0, type=123456789) at read.c:503
  #1  read_splineobject (fp=0x5831c838) at read.c:1078
  #2  0x5664a29e in read_objects (obj=0x5831c838, fp=<optimized out>) at 
read.c:382
  #3  readfp_fig (fp=<optimized out>, obj=<optimized out>) at read.c:185
  #4  0x5663fa47 in main (argc=4, argv=0xff8ada24) at fig2dev.c:412


-- System Information:
Architecture: i386

Versions of packages fig2dev depends on:
ii  gawk         1:4.1.4+dfsg-1
ii  x11-common   1:7.7+19
ii  libc6        2.24-17
ii  libpng16-16  1.6.34-1
ii  libxpm4      1:3.5.12-1

--
Jakub Wilk

Attachment: overflow.fig
Description: application/xfig


--- End Message ---
--- Begin Message ---
Source: fig2dev
Source-Version: 1:3.2.7-1

We believe that the bug you reported is fixed in the latest version of
fig2dev, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 882...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Roland Rosenfeld <rol...@debian.org> (supplier of updated fig2dev package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 14 Apr 2018 19:03:37 +0200
Source: fig2dev
Binary: fig2dev
Architecture: source amd64
Version: 1:3.2.7-1
Distribution: unstable
Urgency: medium
Maintainer: Roland Rosenfeld <rol...@debian.org>
Changed-By: Roland Rosenfeld <rol...@debian.org>
Description:
 fig2dev    - Utilities for converting XFig figure files
Closes: 248807 882021 882022 890015 890016
Changes:
 fig2dev (1:3.2.7-1) unstable; urgency=medium
 .
   * New upstream version 3.2.7.
   * This sanitizes input (Closes: #882021, #882022, #890015, #890016).
   * This correctly embeds eps files with binary preview (Closes: #248807).
   * The following patches are now incorporated upstream:
     31_input_sanitizing, 32_fill-style-overflow.
   * Adapt all other patches to new upstream version.
   * Adapt testsuite to new upstream testsuite.
   * Fix typo in 29_RGBFILE description.
   * Upgrade to debhelper v11.
   * Add Vcs-headers pointing to salsa.
   * Remove symlink CHANGES -> changelog.
   * Remove pgf alternative to texlive-pictures from Build-Deps.
   * Upgrade to Standards-Version 4.1.4 (no changes).
   * Fix debian/watch to handle versions without letters.
   * 30_man_typo: Fix more spelling mistakes.
Checksums-Sha1:
 42d385daa234cc421a477635a97a476c3c4fbeb6 2220 fig2dev_3.2.7-1.dsc
 f3cb70171a683b3a7d5190935be154bde7e81c41 508336 fig2dev_3.2.7.orig.tar.xz
 7f9e2b0e40911dc67897c8079800e52497c345ec 209804 fig2dev_3.2.7-1.debian.tar.xz
 293427b48473a9f8920c1a9fc401e67a4c2ea95b 539244 
fig2dev-dbgsym_3.2.7-1_amd64.deb
 44b6770763a4b98c46e9cc2d15abb11e1413fc4f 9410 fig2dev_3.2.7-1_amd64.buildinfo
 a1b20155c7815d4fb25c8e16c8271473c6d3d41f 662404 fig2dev_3.2.7-1_amd64.deb
Checksums-Sha256:
 eb3f80178f36bb536d35a454ac460a5bde72f4747f63936978163e4a772c518e 2220 
fig2dev_3.2.7-1.dsc
 de45819752f657ab7ebffe4a02fc99038d124a8f36be30550b21ef4fa03aa3a5 508336 
fig2dev_3.2.7.orig.tar.xz
 041d2e1a5f126649d24fc84e651d0618f0bcc3bc019c8564c925c1feaebd57fe 209804 
fig2dev_3.2.7-1.debian.tar.xz
 5e8c51702b23c4ab5608dc9ea8d0e1fff62d972b4cd7dd429ff99bca7828ccd9 539244 
fig2dev-dbgsym_3.2.7-1_amd64.deb
 b1bf468b0e4b754718a870bfa1ebd604e79e6585051b1e69fd776b91a3d10cb0 9410 
fig2dev_3.2.7-1_amd64.buildinfo
 9e4d68ae86d0be738e26029a330d036850333423c425181c78cbe9a1253f871d 662404 
fig2dev_3.2.7-1_amd64.deb
Files:
 b1234e83e42d66cfaabc7c306360e217 2220 graphics optional fig2dev_3.2.7-1.dsc
 5573316dee5ad055d040aa3eb2e685ab 508336 graphics optional 
fig2dev_3.2.7.orig.tar.xz
 8f33c99f4c671e62a026bc5bfb7c6c5a 209804 graphics optional 
fig2dev_3.2.7-1.debian.tar.xz
 dda723c1e37e187c877086c07f78001a 539244 debug optional 
fig2dev-dbgsym_3.2.7-1_amd64.deb
 bd09da6ef41aabc87828ac5344214278 9410 graphics optional 
fig2dev_3.2.7-1_amd64.buildinfo
 1266c261d0f54528eb0e705a55dceb88 662404 graphics optional 
fig2dev_3.2.7-1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEErC+9sQSUPYpEoCEdAnE7z8pUELIFAlrSNqIACgkQAnE7z8pU
ELIYPw//ez888Y4/Van4taEzCAWun5KpDMqvSjcSOTB7d6HphigOFKI6h/A3G1iN
DmupVGveJKHdwWwOSyJfjy36GbpWdEwoPM7AmXvgF6vjAzEyvLzo5b3mrqgI3hR4
0TPdiyHEzzzuod8TpdcjCU6nFPjSWI1SPjXbHb7EvO3cL05IT2SKU1UZWGhmfpxE
3+Tp/xlYthDNoYMr4GHJIxvEN8KsPLrPk/8JX613B5Zc3BpA8v53+LIgeAtyhFB0
UsjTPGuaOLpagjPMBNsLWRkn5T378WRZQzQcQZ/zMFV0r4o3osRUE5cqoUvp/xbt
UeQ9pnZPZxTmHAtczVX5dlHcu6KmQyD4LorcHAhcf3527WPgEeik+M63LSXmVrPS
waB2VqS3ML6wgMfqXcSbbC+ldUCrOiaPrkIEmQ/vnWAR00MopAEEc36e52u6Ajjc
ditv0QRkWe3B8bSDuGocGL66fw0hoDvCYDsxUuY0IMUVaTq/8dwt436xuXr/9eyO
ki2XqtN6oYz+uIkrFrHcBb76BCEJW5sCuQMCg/NNEKhqyPC0ZN1XvQTWW/fpjFqI
NdMp8UP/DbRJ1nt4w5DsUjQDMN1/OkGktj0448KaiQvXFVWEyP+rOMg8zVaQK2cv
R21iDCQJPeIciOjrd4zpOSok9I8WNfrvExf1667WOpxlrOYmarg=
=u48c
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to