Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock X-Debbugs-Cc: haavard_aa...@yahoo.no
Please unblock package htmldoc The bug #984765 [0] is only of severity normal, but it got a CVE number some days ago, it has been deemed unimportant by the security team. The patch is cherry-picked from upstream. [ Reason ] buffer-overflow caused by integer-overflow in image_load_gif(), which is CVE-2021-20308 [1] [ Impact ] Probably quite small. [ Tests ] None. [ Risks ] Small risk. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock htmldoc/1.9.11-3 Regards, Håvard [0] https://bugs.debian.org/#984765 [1] https://security-tracker.debian.org/tracker/CVE-2021-20308
diff -Nru htmldoc-1.9.11/debian/changelog htmldoc-1.9.11/debian/changelog --- htmldoc-1.9.11/debian/changelog 2021-02-08 15:46:44.000000000 +0100 +++ htmldoc-1.9.11/debian/changelog 2021-05-10 16:10:41.000000000 +0200 @@ -1,3 +1,10 @@ +htmldoc (1.9.11-3) unstable; urgency=medium + + * Add patch to mitigate buffer-overflow caused by integer-overflow in + image_load_gif() Closes: 984765 and fixes CVE-2021-20308 + + -- Håvard Flaget Aasen <haavard_aa...@yahoo.no> Mon, 10 May 2021 16:10:41 +0200 + htmldoc (1.9.11-2) unstable; urgency=medium * Update build-dependency to libfltk1.3-dev Closes: #982276 diff -Nru htmldoc-1.9.11/debian/patches/Fix-crash-bug-with-bad-GIFs-Issue-423.patch htmldoc-1.9.11/debian/patches/Fix-crash-bug-with-bad-GIFs-Issue-423.patch --- htmldoc-1.9.11/debian/patches/Fix-crash-bug-with-bad-GIFs-Issue-423.patch 1970-01-01 01:00:00.000000000 +0100 +++ htmldoc-1.9.11/debian/patches/Fix-crash-bug-with-bad-GIFs-Issue-423.patch 2021-05-10 16:10:41.000000000 +0200 @@ -0,0 +1,27 @@ +From: Michael R Sweet <michael.r.sw...@gmail.com> +Date: Wed, 31 Mar 2021 20:18:00 -0400 +Subject: Fix crash bug with bad GIFs (Issue #423) + +CVE-2021-20308 + +Origin: upstream, https://github.com/michaelrsweet/htmldoc/commit/6a8322a718b2ba5c440bd33e6f26d9e281c39654 +Bug: https://github.com/michaelrsweet/htmldoc/issues/423 +Bug-Debian: https://bugs.debian.org/#984765 +--- + htmldoc/image.cxx | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/htmldoc/image.cxx b/htmldoc/image.cxx +index 68d6b92..8f53050 100644 +--- a/htmldoc/image.cxx ++++ b/htmldoc/image.cxx +@@ -1245,6 +1245,9 @@ image_load_gif(image_t *img, /* I - Image pointer */ + img->height = (buf[9] << 8) | buf[8]; + ncolors = 2 << (buf[10] & 0x07); + ++ if (img->width <= 0 || img->width > 32767 || img->height <= 0 || img->height > 32767) ++ return (-1); ++ + // If we are writing an encrypted PDF file, bump the use count so we create + // an image object (Acrobat 6 bug workaround) + if (Encryption) diff -Nru htmldoc-1.9.11/debian/patches/series htmldoc-1.9.11/debian/patches/series --- htmldoc-1.9.11/debian/patches/series 2021-02-08 14:38:12.000000000 +0100 +++ htmldoc-1.9.11/debian/patches/series 2021-05-10 16:10:41.000000000 +0200 @@ -5,3 +5,4 @@ autoheader_support.patch disable_libz.patch remove-os-check.patch +Fix-crash-bug-with-bad-GIFs-Issue-423.patch