Étienne Mollier pushed to branch debian/bullseye at Debian Med / xmedcon
Commits: 623e458e by Étienne Mollier at 2024-08-07T18:09:11+02:00 CVE-2024-29421.patch: new: fix CVE-2024-29421. Closes: #1077369 - - - - - 30fed006 by Étienne Mollier at 2024-08-07T18:11:06+02:00 Ready for upload to bullseye proposed-updates. - - - - - 3 changed files: - debian/changelog - + debian/patches/CVE-2024-29421.patch - debian/patches/series Changes: ===================================== debian/changelog ===================================== @@ -1,3 +1,10 @@ +xmedcon (0.16.3+dfsg-1+deb11u1) bullseye; urgency=medium + + * Team upload. + * CVE-2024-29421.patch: new: fix CVE-2024-29421. (Closes: #1077369) + + -- Étienne Mollier <[email protected]> Wed, 07 Aug 2024 18:10:18 +0200 + xmedcon (0.16.3+dfsg-1) unstable; urgency=medium * Build-Depends: s/libnifti-dev/libnifti2-dev/ ===================================== debian/patches/CVE-2024-29421.patch ===================================== @@ -0,0 +1,47 @@ +Description: Prevent overflow of value before a malloc(). + This patch includes commits a35cd9b856c23e20cc1753e36cd9228391366082 + from upstream, and 5131a648f09a82c26088b340bdd983fd09a6e19e for + additional error messaging. This fixes CVE-2024-29421. + +Author: Erik Nolf +Origin: upstream, + https://sourceforge.net/p/xmedcon/code/ci/5131a648f09a82c26088b340bdd983fd09a6e19e/, + https://sourceforge.net/p/xmedcon/code/ci/434925fca63c855dd6d24e4c018c2fa745646f9e/ +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077369 +Reviewed-by: Étienne Mollier <[email protected]> +Last-Update: 2024-08-07 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/libs/dicom/basic.c ++++ b/libs/dicom/basic.c +@@ -401,6 +401,16 @@ int dicom_load(VR vr) + if (element.vr==SQ || element.length==0xFFFFFFFF) + return 0; + ++ /* eNlf: - simply prevent length values that will overflow */ ++ /* eNlf: when we sum with an extra 4 bytes; thus preventing */ ++ /* eNlf: a heap overflow due to a small value at malloc() */ ++ /* eNlf: notified by Spike Reply Cyber Security Team */ ++ if (element.length > (0xFFFFFFFF - 4)) { ++ dicom_log(ERROR,"Unsupported element length"); ++ dicom_close(); ++ return -4; ++ } ++ + if (element.group==0xFFFE) + if (!element.encapsulated) + return 0; +@@ -499,6 +509,13 @@ int mdc_dicom_load(VR vr) + if (element.vr==SQ || element.length==0xFFFFFFFF) + return 0; + ++ /* eNlf: prevent overflowed value - see dicom_load() */ ++ if (element.length > (0xFFFFFFFF - 4)) { ++ dicom_log(ERROR,"Unsupported element length"); ++ dicom_close(); ++ return -4; ++ } ++ + if (element.group==0xFFFE) + if (!element.encapsulated) + return 0; ===================================== debian/patches/series ===================================== @@ -2,3 +2,4 @@ avoid_linking_to_unneeded_libs.patch add_gtk_libraries_to_linker.patch use_debian_packaged_niftilib.patch cross.patch +CVE-2024-29421.patch View it on GitLab: https://salsa.debian.org/med-team/xmedcon/-/compare/a0404cc8aa8a84afb02314737c9c393a72197160...30fed0064228a26dc87ae354a9fa1165d6e50e2a -- View it on GitLab: https://salsa.debian.org/med-team/xmedcon/-/compare/a0404cc8aa8a84afb02314737c9c393a72197160...30fed0064228a26dc87ae354a9fa1165d6e50e2a You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-med-commit mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-med-commit
