Your message dated Tue, 11 May 2021 10:00:44 +0000
with message-id <[email protected]>
and subject line unblock htmldoc
has caused the Debian Bug report #988325,
regarding unblock: htmldoc/1.9.11-3
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
988325: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988325
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock
X-Debbugs-Cc: [email protected]
Please unblock package htmldoc
The bug #984765 [0] is only of severity normal, but it got a CVE number some
days
ago, it has been deemed unimportant by the security team.
The patch is cherry-picked from upstream.
[ Reason ]
buffer-overflow caused by integer-overflow in image_load_gif(), which is
CVE-2021-20308 [1]
[ Impact ]
Probably quite small.
[ Tests ]
None.
[ Risks ]
Small risk.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
unblock htmldoc/1.9.11-3
Regards,
Håvard
[0] https://bugs.debian.org/#984765
[1] https://security-tracker.debian.org/tracker/CVE-2021-20308
diff -Nru htmldoc-1.9.11/debian/changelog htmldoc-1.9.11/debian/changelog
--- htmldoc-1.9.11/debian/changelog 2021-02-08 15:46:44.000000000 +0100
+++ htmldoc-1.9.11/debian/changelog 2021-05-10 16:10:41.000000000 +0200
@@ -1,3 +1,10 @@
+htmldoc (1.9.11-3) unstable; urgency=medium
+
+ * Add patch to mitigate buffer-overflow caused by integer-overflow in
+ image_load_gif() Closes: 984765 and fixes CVE-2021-20308
+
+ -- Håvard Flaget Aasen <[email protected]> Mon, 10 May 2021 16:10:41
+0200
+
htmldoc (1.9.11-2) unstable; urgency=medium
* Update build-dependency to libfltk1.3-dev Closes: #982276
diff -Nru
htmldoc-1.9.11/debian/patches/Fix-crash-bug-with-bad-GIFs-Issue-423.patch
htmldoc-1.9.11/debian/patches/Fix-crash-bug-with-bad-GIFs-Issue-423.patch
--- htmldoc-1.9.11/debian/patches/Fix-crash-bug-with-bad-GIFs-Issue-423.patch
1970-01-01 01:00:00.000000000 +0100
+++ htmldoc-1.9.11/debian/patches/Fix-crash-bug-with-bad-GIFs-Issue-423.patch
2021-05-10 16:10:41.000000000 +0200
@@ -0,0 +1,27 @@
+From: Michael R Sweet <[email protected]>
+Date: Wed, 31 Mar 2021 20:18:00 -0400
+Subject: Fix crash bug with bad GIFs (Issue #423)
+
+CVE-2021-20308
+
+Origin: upstream,
https://github.com/michaelrsweet/htmldoc/commit/6a8322a718b2ba5c440bd33e6f26d9e281c39654
+Bug: https://github.com/michaelrsweet/htmldoc/issues/423
+Bug-Debian: https://bugs.debian.org/#984765
+---
+ htmldoc/image.cxx | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/htmldoc/image.cxx b/htmldoc/image.cxx
+index 68d6b92..8f53050 100644
+--- a/htmldoc/image.cxx
++++ b/htmldoc/image.cxx
+@@ -1245,6 +1245,9 @@ image_load_gif(image_t *img, /* I - Image pointer */
+ img->height = (buf[9] << 8) | buf[8];
+ ncolors = 2 << (buf[10] & 0x07);
+
++ if (img->width <= 0 || img->width > 32767 || img->height <= 0 ||
img->height > 32767)
++ return (-1);
++
+ // If we are writing an encrypted PDF file, bump the use count so we create
+ // an image object (Acrobat 6 bug workaround)
+ if (Encryption)
diff -Nru htmldoc-1.9.11/debian/patches/series
htmldoc-1.9.11/debian/patches/series
--- htmldoc-1.9.11/debian/patches/series 2021-02-08 14:38:12.000000000
+0100
+++ htmldoc-1.9.11/debian/patches/series 2021-05-10 16:10:41.000000000
+0200
@@ -5,3 +5,4 @@
autoheader_support.patch
disable_libz.patch
remove-os-check.patch
+Fix-crash-bug-with-bad-GIFs-Issue-423.patch
--- End Message ---
--- Begin Message ---
Unblocked.
--- End Message ---
