Control: tags -1 confirmed moreinfo On 2021-05-10 16:53:54, Håvard Flaget Aasen wrote: > Package: release.debian.org > Severity: normal > User: [email protected] > Usertags: unblock > X-Debbugs-Cc: [email protected] > > Please unblock package htmldoc
Please go ahead and remove the moreinfo tag once the new version is available in unstable. Cheers > > The bug #984765 [0] is only of severity normal, but it got a CVE number some > days > ago, it has been deemed unimportant by the security team. > > The patch is cherry-picked from upstream. > > [ Reason ] > buffer-overflow caused by integer-overflow in image_load_gif(), which is > CVE-2021-20308 [1] > > [ Impact ] > Probably quite small. > > [ Tests ] > None. > > [ Risks ] > Small risk. > > [ Checklist ] > [x] all changes are documented in the d/changelog > [x] I reviewed all changes and I approve them > [x] attach debdiff against the package in testing > > unblock htmldoc/1.9.11-3 > > Regards, > Håvard > > [0] https://bugs.debian.org/#984765 > [1] https://security-tracker.debian.org/tracker/CVE-2021-20308 > diff -Nru htmldoc-1.9.11/debian/changelog htmldoc-1.9.11/debian/changelog > --- htmldoc-1.9.11/debian/changelog 2021-02-08 15:46:44.000000000 +0100 > +++ htmldoc-1.9.11/debian/changelog 2021-05-10 16:10:41.000000000 +0200 > @@ -1,3 +1,10 @@ > +htmldoc (1.9.11-3) unstable; urgency=medium > + > + * Add patch to mitigate buffer-overflow caused by integer-overflow in > + image_load_gif() Closes: 984765 and fixes CVE-2021-20308 > + > + -- Håvard Flaget Aasen <[email protected]> Mon, 10 May 2021 16:10:41 > +0200 > + > htmldoc (1.9.11-2) unstable; urgency=medium > > * Update build-dependency to libfltk1.3-dev Closes: #982276 > diff -Nru > htmldoc-1.9.11/debian/patches/Fix-crash-bug-with-bad-GIFs-Issue-423.patch > htmldoc-1.9.11/debian/patches/Fix-crash-bug-with-bad-GIFs-Issue-423.patch > --- htmldoc-1.9.11/debian/patches/Fix-crash-bug-with-bad-GIFs-Issue-423.patch > 1970-01-01 01:00:00.000000000 +0100 > +++ htmldoc-1.9.11/debian/patches/Fix-crash-bug-with-bad-GIFs-Issue-423.patch > 2021-05-10 16:10:41.000000000 +0200 > @@ -0,0 +1,27 @@ > +From: Michael R Sweet <[email protected]> > +Date: Wed, 31 Mar 2021 20:18:00 -0400 > +Subject: Fix crash bug with bad GIFs (Issue #423) > + > +CVE-2021-20308 > + > +Origin: upstream, > https://github.com/michaelrsweet/htmldoc/commit/6a8322a718b2ba5c440bd33e6f26d9e281c39654 > +Bug: https://github.com/michaelrsweet/htmldoc/issues/423 > +Bug-Debian: https://bugs.debian.org/#984765 > +--- > + htmldoc/image.cxx | 3 +++ > + 1 file changed, 3 insertions(+) > + > +diff --git a/htmldoc/image.cxx b/htmldoc/image.cxx > +index 68d6b92..8f53050 100644 > +--- a/htmldoc/image.cxx > ++++ b/htmldoc/image.cxx > +@@ -1245,6 +1245,9 @@ image_load_gif(image_t *img, /* I - Image pointer */ > + img->height = (buf[9] << 8) | buf[8]; > + ncolors = 2 << (buf[10] & 0x07); > + > ++ if (img->width <= 0 || img->width > 32767 || img->height <= 0 || > img->height > 32767) > ++ return (-1); > ++ > + // If we are writing an encrypted PDF file, bump the use count so we > create > + // an image object (Acrobat 6 bug workaround) > + if (Encryption) > diff -Nru htmldoc-1.9.11/debian/patches/series > htmldoc-1.9.11/debian/patches/series > --- htmldoc-1.9.11/debian/patches/series 2021-02-08 14:38:12.000000000 > +0100 > +++ htmldoc-1.9.11/debian/patches/series 2021-05-10 16:10:41.000000000 > +0200 > @@ -5,3 +5,4 @@ > autoheader_support.patch > disable_libz.patch > remove-os-check.patch > +Fix-crash-bug-with-bad-GIFs-Issue-423.patch -- Sebastian Ramacher
