Your message dated Fri, 09 Jan 2015 21:20:33 +0000 with message-id <e1y9gyv-0005w1...@franck.debian.org> and subject line Bug#773846: fixed in exiv2 0.24-4.1 has caused the Debian Bug report #773846, regarding exiv2: CVE-2014-9449: buffer overflow in RiffVideo::infoTagsHandler to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 773846: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773846 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: exiv2 Version: 0.24-4.1 Severity: grave Tags: security patch There is a buffer overflow condition with some AVI files. I am not fully sure but maybe it could be used for a code execution. However, the bug is fixed upstream. See also report [0]. I extracted and tested the patch from upstream and added it to this report. This bug affects also many other packages that uses libexiv2. Namely geeqie and digikam. -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (800, 'unstable'), (110, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.17.5 (SMP w/8 CPU cores) Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1) (ignored: LC_ALL set to de_DE) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages exiv2 depends on: ii libc6 2.19-13 ii libexiv2-13 0.24-4.1 ii libgcc1 1:4.9.2-9 ii libstdc++6 4.9.2-9 exiv2 recommends no packages. exiv2 suggests no packages. -- no debconf information [0] http://dev.exiv2.org/issues/1002 -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <kl...@ethgen.de> Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C>From ed36a4692058f745a06d87bdaf107bc43c7d2359 Mon Sep 17 00:00:00 2001 From: badola <badola@b7c8b350-86e7-0310-a4b4-de8f6a8f16a3> Date: Thu, 19 Jun 2014 20:28:44 +0000 Subject: [PATCH] #960: Added a Buffer Overflow Fix in INFO tags of RIFFVIDEO.CPP git-svn-id: svn://dev.exiv2.org/svn/trunk@3264 b7c8b350-86e7-0310-a4b4-de8f6a8f16a3 --- src/riffvideo.cpp | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/riffvideo.cpp b/src/riffvideo.cpp index 4545bc3..0dcd291 100644 --- a/src/riffvideo.cpp +++ b/src/riffvideo.cpp @@ -856,7 +856,7 @@ namespace Exiv2 { void RiffVideo::infoTagsHandler() { - const long bufMinSize = 100; + const long bufMinSize = 10000; DataBuf buf(bufMinSize); buf.pData_[4] = '\0'; io_->seek(-12, BasicIo::cur); @@ -879,10 +879,14 @@ namespace Exiv2 { if(infoSize >= 0) { size -= infoSize; io_->read(buf.pData_, infoSize); + if(infoSize < 4) + buf.pData_[infoSize] = '\0'; } if(tv) xmpData_[exvGettext(tv->label_)] = buf.pData_; + else + continue; } io_->seek(cur_pos + size_external, BasicIo::beg); } // RiffVideo::infoTagsHandler -- 2.1.4signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---Source: exiv2 Source-Version: 0.24-4.1 We believe that the bug you reported is fixed in the latest version of exiv2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 773...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated exiv2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 07 Jan 2015 20:25:48 +0100 Source: exiv2 Binary: exiv2 libexiv2-13 libexiv2-dev libexiv2-doc libexiv2-dbg Architecture: source amd64 all Version: 0.24-4.1 Distribution: unstable Urgency: medium Maintainer: Debian KDE Extras Team <pkg-kde-ext...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: exiv2 - EXIF/IPTC metadata manipulation tool libexiv2-13 - EXIF/IPTC metadata manipulation library libexiv2-dbg - EXIF/IPTC metadata manipulation library - debug libexiv2-dev - EXIF/IPTC metadata manipulation library - development files libexiv2-doc - EXIF/IPTC metadata manipulation library - HTML documentation Closes: 773846 Changes: exiv2 (0.24-4.1) unstable; urgency=medium . * Non-maintainer upload. * Add CVE-2014-9449.patch patch. CVE-2014-9449: buffer overflow in RiffVideo::infoTagsHandler Thanks to Klaus Ethgen <kl...@ethgen.de> (Closes: #773846) Checksums-Sha1: bd8d27882805e5ccaf4cbfba6c1a89356cd60388 2253 exiv2_0.24-4.1.dsc 77091a1bb6c8f306d3826e6edf58541fb1f17161 10176 exiv2_0.24-4.1.debian.tar.xz 1eed716080c6b6e992d6ec1b5a6c7195b167e8bf 19295406 libexiv2-doc_0.24-4.1_all.deb Checksums-Sha256: 7fd25a1325cba6dffc7da4a395fd76e2ee49918550c3f57e2d5cfa1dac3811d3 2253 exiv2_0.24-4.1.dsc 5171c12d884d63684b700d7d5ab5bb209829435a8a0f0a9343209dcfe1b12e5b 10176 exiv2_0.24-4.1.debian.tar.xz fce17aa5fdc8ceb82b09a2ecfcc6d4eef1cb519beffddf0a554dca4d5de4ab0a 19295406 libexiv2-doc_0.24-4.1_all.deb Files: a3a63d6506d0dcc4e31e4a273925e98e 2253 graphics optional exiv2_0.24-4.1.dsc 7536a1f545a0233225eba3d826a71758 10176 graphics optional exiv2_0.24-4.1.debian.tar.xz fbbe0cae5b81b305d486df9da49e30a8 19295406 doc optional libexiv2-doc_0.24-4.1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJUrYxnAAoJEAVMuPMTQ89EZkEP/R3jsLkPwribPNZHgKZ2HJ2Q U6FaqG4U9dIw/QQhlwY3lYczI7tLD2AoaSsqu0zD1wZqVTGPp+eg2nJzl7hqGKgZ ixAuwum0mM5t1m15mW5gHUr1yCPU43erIlXTtN9sPLh/GIywln4acB0gPCWWX61f v+cxPX3LRDOTFMUOhNzmcsKabcknrUQcCREkviFj69Ya4y7Yrou1nc9rWRfE+QQs dAHN8VodX3F3P3MIIA+pNTwYuNE9JJDzzxsyiR5xWaOnhgxAXfpHM/+4qdSqAJel HffdQTT4KJLnr1y4au7f3z1UCRjYJutrYCuo8JkvzE54qIoph8wrkBFmuNbPilQD MozJV+4gpnsXjitZnCp+D3CDa1xVOzQkn8m2UHF4eJKfmxGGGqJyRZz4fMhoSMch 5pBAXHWDdTJ/oiMhFAmGMgsiIZ17kVGeFsX4xvQf3d2uTYJkLjbqEdOKKuEy063g Q12gHpmZM3LHMOlWRl2yZd3GVgg1vBRpzbS9F3MumBgzbKPqcyi2ihW1jRungokD m9okGPoin25f99bgfSqinhhaOGNtkG3Ms7Wd9IYkv8R6zgs/sXlkb1nanftTFWtd oinzDx4BzMku86HWF6qCuCXYPYh4iimEYccppia4oulS3yRufUlVlSJff4UwGUcr JMtFEj9m/t822SroYijh =wOka -----END PGP SIGNATURE-----
--- End Message ---