Your message dated Sat, 14 Apr 2018 17:35:25 +0000 with message-id <e1f7p5b-0002ra...@fasolo.debian.org> and subject line Bug#890015: fixed in fig2dev 1:3.2.7-1 has caused the Debian Bug report #890015, regarding fig2dev: global buffer overflow while running fig2dev to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 890015: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890015 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: fig2dev Version: 1:3.2.6a-6 Severity: important Tags: security global buffer overflow running fig2dev with "-L pdf poc" option Running 'fig2dev -L pdf poc' with the attached file raises global buffer overflow which may allow a remote attacker to cause unspecified impact including denial-of-service attack I expected the program to terminate without segfault, but the program crashes as follow june@june:~/temp/report/fig2dev/global$ ../../binary/fig2dev-3.2.6a/fig2dev/fig2dev -L pdf poc ================================================================= ==16175==ERROR: AddressSanitizer: global-buffer-overflow on address 0x555555826e40 at pc 0x55555557da29 bp 0x7fffffffdcd0 sp 0x7fffffffdcc8 READ of size 8 at 0x555555826e40 thread T0 #0 0x55555557da28 in save_comment /home/june/temp/report/binary/fig2dev-3.2.6a/fig2dev/read.c:1425 #1 0x55555557da28 in get_line /home/june/temp/report/binary/fig2dev-3.2.6a/fig2dev/read.c:1404 #2 0x555555581d52 in read_objects /home/june/temp/report/binary/fig2dev-3.2.6a/fig2dev/read.c:325 #3 0x555555581d52 in readfp_fig /home/june/temp/report/binary/fig2dev-3.2.6a/fig2dev/read.c:185 #4 0x55555556eb70 in main /home/june/temp/report/binary/fig2dev-3.2.6a/fig2dev/fig2dev.c:412 #5 0x7ffff63762b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) #6 0x55555556f259 in _start (/home/june/temp/report/binary/fig2dev-3.2.6a/fig2dev/fig2dev+0x1b259) 0x555555826e40 is located 32 bytes to the left of global variable 'line_no' defined in 'read.c:88:13' (0x555555826e60) of size 4 0x555555826e40 is located 0 bytes to the right of global variable 'comments' defined in 'read.c:95:14' (0x555555826b20) of size 800 SUMMARY: AddressSanitizer: global-buffer-overflow /home/june/temp/report/binary/fig2dev-3.2.6a/fig2dev/read.c:1425 in save_comment Shadow bytes around the buggy address: 0x0aab2aafcd70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0aab2aafcd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0aab2aafcd90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0aab2aafcda0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0aab2aafcdb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0aab2aafcdc0: 00 00 00 00 00 00 00 00[f9]f9 f9 f9 04 f9 f9 f9 0x0aab2aafcdd0: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00 0x0aab2aafcde0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0aab2aafcdf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0aab2aafce00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0aab2aafce10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==16175==ABORTING -- System Information: Debian Release: 9.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-3-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages fig2dev depends on: ii gawk 1:4.1.4+dfsg-1 ii libc6 2.24-11+deb9u1 ii libpng16-16 1.6.28-1 ii libxpm4 1:3.5.12-1 ii x11-common 1:7.7+19 Versions of packages fig2dev recommends: ii ghostscript 9.20~dfsg-3.2+deb9u1 ii netpbm 2:10.0-15.3+b2 Versions of packages fig2dev suggests: pn xfig <none> -- no debconf informationpoc
Description: Binary data
--- End Message ---
--- Begin Message ---Source: fig2dev Source-Version: 1:3.2.7-1 We believe that the bug you reported is fixed in the latest version of fig2dev, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 890...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Roland Rosenfeld <rol...@debian.org> (supplier of updated fig2dev package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 14 Apr 2018 19:03:37 +0200 Source: fig2dev Binary: fig2dev Architecture: source amd64 Version: 1:3.2.7-1 Distribution: unstable Urgency: medium Maintainer: Roland Rosenfeld <rol...@debian.org> Changed-By: Roland Rosenfeld <rol...@debian.org> Description: fig2dev - Utilities for converting XFig figure files Closes: 248807 882021 882022 890015 890016 Changes: fig2dev (1:3.2.7-1) unstable; urgency=medium . * New upstream version 3.2.7. * This sanitizes input (Closes: #882021, #882022, #890015, #890016). * This correctly embeds eps files with binary preview (Closes: #248807). * The following patches are now incorporated upstream: 31_input_sanitizing, 32_fill-style-overflow. * Adapt all other patches to new upstream version. * Adapt testsuite to new upstream testsuite. * Fix typo in 29_RGBFILE description. * Upgrade to debhelper v11. * Add Vcs-headers pointing to salsa. * Remove symlink CHANGES -> changelog. * Remove pgf alternative to texlive-pictures from Build-Deps. * Upgrade to Standards-Version 4.1.4 (no changes). * Fix debian/watch to handle versions without letters. * 30_man_typo: Fix more spelling mistakes. Checksums-Sha1: 42d385daa234cc421a477635a97a476c3c4fbeb6 2220 fig2dev_3.2.7-1.dsc f3cb70171a683b3a7d5190935be154bde7e81c41 508336 fig2dev_3.2.7.orig.tar.xz 7f9e2b0e40911dc67897c8079800e52497c345ec 209804 fig2dev_3.2.7-1.debian.tar.xz 293427b48473a9f8920c1a9fc401e67a4c2ea95b 539244 fig2dev-dbgsym_3.2.7-1_amd64.deb 44b6770763a4b98c46e9cc2d15abb11e1413fc4f 9410 fig2dev_3.2.7-1_amd64.buildinfo a1b20155c7815d4fb25c8e16c8271473c6d3d41f 662404 fig2dev_3.2.7-1_amd64.deb Checksums-Sha256: eb3f80178f36bb536d35a454ac460a5bde72f4747f63936978163e4a772c518e 2220 fig2dev_3.2.7-1.dsc de45819752f657ab7ebffe4a02fc99038d124a8f36be30550b21ef4fa03aa3a5 508336 fig2dev_3.2.7.orig.tar.xz 041d2e1a5f126649d24fc84e651d0618f0bcc3bc019c8564c925c1feaebd57fe 209804 fig2dev_3.2.7-1.debian.tar.xz 5e8c51702b23c4ab5608dc9ea8d0e1fff62d972b4cd7dd429ff99bca7828ccd9 539244 fig2dev-dbgsym_3.2.7-1_amd64.deb b1bf468b0e4b754718a870bfa1ebd604e79e6585051b1e69fd776b91a3d10cb0 9410 fig2dev_3.2.7-1_amd64.buildinfo 9e4d68ae86d0be738e26029a330d036850333423c425181c78cbe9a1253f871d 662404 fig2dev_3.2.7-1_amd64.deb Files: b1234e83e42d66cfaabc7c306360e217 2220 graphics optional fig2dev_3.2.7-1.dsc 5573316dee5ad055d040aa3eb2e685ab 508336 graphics optional fig2dev_3.2.7.orig.tar.xz 8f33c99f4c671e62a026bc5bfb7c6c5a 209804 graphics optional fig2dev_3.2.7-1.debian.tar.xz dda723c1e37e187c877086c07f78001a 539244 debug optional fig2dev-dbgsym_3.2.7-1_amd64.deb bd09da6ef41aabc87828ac5344214278 9410 graphics optional fig2dev_3.2.7-1_amd64.buildinfo 1266c261d0f54528eb0e705a55dceb88 662404 graphics optional fig2dev_3.2.7-1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEErC+9sQSUPYpEoCEdAnE7z8pUELIFAlrSNqIACgkQAnE7z8pU ELIYPw//ez888Y4/Van4taEzCAWun5KpDMqvSjcSOTB7d6HphigOFKI6h/A3G1iN DmupVGveJKHdwWwOSyJfjy36GbpWdEwoPM7AmXvgF6vjAzEyvLzo5b3mrqgI3hR4 0TPdiyHEzzzuod8TpdcjCU6nFPjSWI1SPjXbHb7EvO3cL05IT2SKU1UZWGhmfpxE 3+Tp/xlYthDNoYMr4GHJIxvEN8KsPLrPk/8JX613B5Zc3BpA8v53+LIgeAtyhFB0 UsjTPGuaOLpagjPMBNsLWRkn5T378WRZQzQcQZ/zMFV0r4o3osRUE5cqoUvp/xbt UeQ9pnZPZxTmHAtczVX5dlHcu6KmQyD4LorcHAhcf3527WPgEeik+M63LSXmVrPS waB2VqS3ML6wgMfqXcSbbC+ldUCrOiaPrkIEmQ/vnWAR00MopAEEc36e52u6Ajjc ditv0QRkWe3B8bSDuGocGL66fw0hoDvCYDsxUuY0IMUVaTq/8dwt436xuXr/9eyO ki2XqtN6oYz+uIkrFrHcBb76BCEJW5sCuQMCg/NNEKhqyPC0ZN1XvQTWW/fpjFqI NdMp8UP/DbRJ1nt4w5DsUjQDMN1/OkGktj0448KaiQvXFVWEyP+rOMg8zVaQK2cv R21iDCQJPeIciOjrd4zpOSok9I8WNfrvExf1667WOpxlrOYmarg= =u48c -----END PGP SIGNATURE-----
--- End Message ---