Your message dated Tue, 30 Dec 2014 17:56:13 +0100
with message-id <[email protected]>
and subject line Re: Bug#774235: unblock: tiff/4.0.3-12
has caused the Debian Bug report #774235,
regarding unblock: tiff/4.0.3-12
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
774235: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774235
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock
Please unblock package tiff
This is a narrowly targeted fix from upstream for CVE-2014-9330. It
changes only bmp2tiff, one of the tools that is part of libtiff-tools.
Although the bug was not created as RC, other similar bugs that only
affect tools in libtiff-tools have been classified as RC, and this fixes
a security issue with an assigned CVE number, so I think it would be
best if it goes through.
debdiff attached.
unblock tiff/4.0.3-12
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.14-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru tiff-4.0.3/debian/changelog tiff-4.0.3/debian/changelog
--- tiff-4.0.3/debian/changelog 2014-12-23 15:52:13.000000000 -0500
+++ tiff-4.0.3/debian/changelog 2014-12-30 11:32:33.000000000 -0500
@@ -1,3 +1,9 @@
+tiff (4.0.3-12) unstable; urgency=high
+
+ * Fix integer overflow in bmp2tiff. CVE-2014-9330. (Closes: #773987)
+
+ -- Jay Berkenbilt <[email protected]> Tue, 30 Dec 2014 11:32:04 -0500
+
tiff (4.0.3-11) unstable; urgency=medium
* Don't crash on JPEG => non-JPEG conversion (Closes: #741451)
diff -Nru tiff-4.0.3/debian/patches/CVE-2014-9330.patch tiff-4.0.3/debian/patches/CVE-2014-9330.patch
--- tiff-4.0.3/debian/patches/CVE-2014-9330.patch 1969-12-31 19:00:00.000000000 -0500
+++ tiff-4.0.3/debian/patches/CVE-2014-9330.patch 2014-12-30 11:32:33.000000000 -0500
@@ -0,0 +1,45 @@
+Description: CVE-2014-9330
+ Integer overflow in bmp2tiff
+Origin: upstream, http://bugzilla.maptools.org/show_bug.cgi?id=2494
+Bug: http://bugzilla.maptools.org/show_bug.cgi?id=2494
+Bug-Debian: http://bugs.debian.org/773987
+
+Index: tiff/tools/bmp2tiff.c
+===================================================================
+--- tiff.orig/tools/bmp2tiff.c
++++ tiff/tools/bmp2tiff.c
+@@ -1,4 +1,4 @@
+-/* $Id: bmp2tiff.c,v 1.23 2010-03-10 18:56:49 bfriesen Exp $
++/* $Id: bmp2tiff.c,v 1.24 2014-12-21 15:15:32 erouault Exp $
+ *
+ * Project: libtiff tools
+ * Purpose: Convert Windows BMP files in TIFF.
+@@ -403,6 +403,13 @@ main(int argc, char* argv[])
+
+ width = info_hdr.iWidth;
+ length = (info_hdr.iHeight > 0) ? info_hdr.iHeight : -info_hdr.iHeight;
++ if( width <= 0 || length <= 0 )
++ {
++ TIFFError(infilename,
++ "Invalid dimensions of BMP file" );
++ close(fd);
++ return -1;
++ }
+
+ switch (info_hdr.iBitCount)
+ {
+@@ -593,6 +600,14 @@ main(int argc, char* argv[])
+
+ compr_size = file_hdr.iSize - file_hdr.iOffBits;
+ uncompr_size = width * length;
++ /* Detect int overflow */
++ if( uncompr_size / width != length )
++ {
++ TIFFError(infilename,
++ "Invalid dimensions of BMP file" );
++ close(fd);
++ return -1;
++ }
+ comprbuf = (unsigned char *) _TIFFmalloc( compr_size );
+ if (!comprbuf) {
+ TIFFError(infilename,
diff -Nru tiff-4.0.3/debian/patches/series tiff-4.0.3/debian/patches/series
--- tiff-4.0.3/debian/patches/series 2014-12-23 15:52:13.000000000 -0500
+++ tiff-4.0.3/debian/patches/series 2014-12-30 11:32:33.000000000 -0500
@@ -7,3 +7,4 @@
CVE-2013-4244.patch
CVE-2013-4243.patch
jpeg-colorspace.patch
+CVE-2014-9330.patch
--- End Message ---
--- Begin Message ---
Hi,
On Tue, Dec 30, 2014 at 11:44:42AM -0500, Jay Berkenbilt wrote:
> Please unblock package tiff
Unblocked.
Cheers,
Ivo
--- End Message ---
