subject:"Bug#885619\: jessie\-pu\: package libextractor\/1\:1.3\-2"

Bug#885619: jessie-pu: package libextractor/1:1.3-2

2018-06-13 Thread Adam D. Barratt

Control: tags -1 -moreinfo +confirmed

On Mon, 2018-06-11 at 22:07 +0200, Bertrand Marc wrote:
> Le 08/06/2018 à 22:24, Adam D. Barratt a écrit :
> > Control: tags -1 + moreinfo
> > 
> > On Thu, 2017-12-28 at 17:32 +0100, Bertrand Marc wrote:
> > > Would you allow an update of libextractor 1.3-2 in Jessie to fix
> > > several minor security issues?
> > > 7 issues skipped by the security teams:
> > > 
> > 
> > [...]
> > >    * CVE-2017-15600  > > CVE-
> > > 2017-15600>: In GNU Libextractor 1.4, there is a NULL Pointer
> > > Dereference in the
> > >  EXTRACTOR_nsf_extract_method function of
> > > plugins/nsf_extractor.c.
> > > 
> > 
> > I assume the same issue that Julien raised for the stretch package
> > applies here.
> > 
> > Regards,
> > 
> > Adam
> 
> Indeed. The attached patch would fix the issue.

Thanks. Please go ahead.

Regards,

Adam

Bug#885619: jessie-pu: package libextractor/1:1.3-2

2018-06-11 Thread Bertrand Marc


Le 08/06/2018 à 22:24, Adam D. Barratt a écrit :

Control: tags -1 + moreinfo

On Thu, 2017-12-28 at 17:32 +0100, Bertrand Marc wrote:

Would you allow an update of libextractor 1.3-2 in Jessie to fix
several minor security issues?
7 issues skipped by the security teams:


[...]

   * CVE-2017-15600 : In GNU Libextractor 1.4, there is a NULL Pointer
Dereference in the
 EXTRACTOR_nsf_extract_method function of plugins/nsf_extractor.c.


I assume the same issue that Julien raised for the stretch package
applies here.

Regards,

Adam

Indeed. The attached patch would fix the issue.

Regards,
Bertrand
diff -Nru libextractor-1.3/debian/changelog libextractor-1.3/debian/changelog
--- libextractor-1.3/debian/changelog	2014-09-30 22:56:54.0 +0200
+++ libextractor-1.3/debian/changelog	2017-12-27 19:01:53.0 +0100
@@ -1,3 +1,14 @@
+libextractor (1:1.3-2+deb8u1) jessie; urgency=medium
+
+  * Fix CVE-2017-15266, CVE-2017-15267, CVE-2017-15600, CVE-2017-15601,
+CVE-2017-15602, CVE-2017-15922 and CVE-2017-17440. Leon Zhao discovered
+several security vulnerabilities, NULL Pointer Dereferences, heap-based
+buffer overflows, integer signedness errors and out-of-bounds read that
+may lead to a denial-of-service (application crash) or have other
+unspecified impact.
+
+ -- Bertrand Marc   Wed, 27 Dec 2017 19:01:53 +0100
+
 libextractor (1:1.3-2) unstable; urgency=medium
 
   * Build-depend on libmagic-dev and libavresample-dev to enable additional
diff -Nru libextractor-1.3/debian/patches/CVE-2017-15266.patch libextractor-1.3/debian/patches/CVE-2017-15266.patch
--- libextractor-1.3/debian/patches/CVE-2017-15266.patch	1970-01-01 01:00:00.0 +0100
+++ libextractor-1.3/debian/patches/CVE-2017-15266.patch	2017-12-27 19:01:53.0 +0100
@@ -0,0 +1,17 @@
+From: Bertrand Marc 
+Subject: CVE-2017-15266
+
+Bug-Upstream: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg2.html
+Bug-Debian: https://bugs.debian.org/878314
+Origin: https://gnunet.org/git/libextractor.git/commit/?id=b577d5452c5c4ee9d552da62a24b95f461551fe2
+--- a/src/plugins/wav_extractor.c
 b/src/plugins/wav_extractor.c
+@@ -109,6 +109,8 @@
+ return;/* invalid sample size found in wav file */
+   if (0 == channels)
+ return;/* invalid channels value -- avoid division by 0! */
++  if (0 == sample_rate)
++return;/* invalid sample_rate */
+   samples = data_len / (channels * (sample_size >> 3));
+ 
+   snprintf (scratch,
diff -Nru libextractor-1.3/debian/patches/CVE-2017-15267.patch libextractor-1.3/debian/patches/CVE-2017-15267.patch
--- libextractor-1.3/debian/patches/CVE-2017-15267.patch	1970-01-01 01:00:00.0 +0100
+++ libextractor-1.3/debian/patches/CVE-2017-15267.patch	2017-12-27 19:01:53.0 +0100
@@ -0,0 +1,22 @@
+From: Markus Koschany 
+Date: Mon, 4 Dec 2017 00:00:15 +0100
+Subject: CVE-2017-15267
+
+Bug-Upstream: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg3.html
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878314
+Origin: https://gnunet.org/git/libextractor.git/commit/?id=6095d7132b57fc7368fc7a40bab2a71b735724d2
+---
+ src/plugins/flac_extractor.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/src/plugins/flac_extractor.c
 b/src/plugins/flac_extractor.c
+@@ -339,6 +339,8 @@
+ 	  {
+ 	entry = >comments[count];
+ 	eq = (const char*) entry->entry;
++	if (NULL == eq)
++			break;
+ 	len = entry->length;
+ 	ilen = 0;
+ 	while ( ('=' != *eq) && ('\0' != *eq) &&
diff -Nru libextractor-1.3/debian/patches/CVE-2017-15600.patch libextractor-1.3/debian/patches/CVE-2017-15600.patch
--- libextractor-1.3/debian/patches/CVE-2017-15600.patch	1970-01-01 01:00:00.0 +0100
+++ libextractor-1.3/debian/patches/CVE-2017-15600.patch	2017-12-27 19:01:53.0 +0100
@@ -0,0 +1,29 @@
+From: Bertrand Marc , Markus Koschany 
+Subject: CVE-2017-15600
+
+Bug-Upstream: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg4.html
+Origin: https://gnunet.org/git/libextractor.git/commit/?id=38e8933539ee9d044057b18a971c2eae3c21aba7
+--- a/src/plugins/nsf_extractor.c
 b/src/plugins/nsf_extractor.c
+@@ -152,13 +152,17 @@
+   char nsfversion[32];
+   const struct header *head;
+   void *data;
++  ssize_t ds;
+ 
+-  if (sizeof (struct header) >
+-  ec->read (ec->cls,
+-		,
+-		sizeof (struct header)))
++  ds = ec->read (ec->cls,
++ ,
++ sizeof (struct header));
++  if ( (-1 == ds) ||
++   (sizeof (struct header) > ds) )
+ return;
+   head = data; 
++  if (NULL == head)
++return;
+ 
+   /* Check "magic" id bytes */
+   if (memcmp (head->magicid, "NESM\x1a", 5))
diff -Nru libextractor-1.3/debian/patches/CVE-2017-15601.patch libextractor-1.3/debian/patches/CVE-2017-15601.patch
--- libextractor-1.3/debian/patches/CVE-2017-15601.patch	1970-01-01

Bug#885619: jessie-pu: package libextractor/1:1.3-2

2018-06-08 Thread Adam D. Barratt

Control: tags -1 + moreinfo

On Thu, 2017-12-28 at 17:32 +0100, Bertrand Marc wrote:
> Would you allow an update of libextractor 1.3-2 in Jessie to fix
> several minor security issues?
> 7 issues skipped by the security teams:
> 
[...]
>   * CVE-2017-15600  2017-15600>: In GNU Libextractor 1.4, there is a NULL Pointer
> Dereference in the
> EXTRACTOR_nsf_extract_method function of plugins/nsf_extractor.c.
> 

I assume the same issue that Julien raised for the stretch package
applies here.

Regards,

Adam

Bug#885619: jessie-pu: package libextractor/1:1.3-2

2017-12-28 Thread Bertrand Marc

Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: pu
Tags: jessie
Severity: normal

Dear release team,

Would you allow an update of libextractor 1.3-2 in Jessie to fix several minor 
security issues?
7 issues skipped by the security teams:

  * CVE-2017-15266 
: In GNU 
Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_extract_method in
wav_extractor.c via a zero sample rate.
  * CVE-2017-15922 
: In GNU 
Libextractor 1.4, there is an out-of-bounds read in the 
EXTRACTOR_dvi_extract_method
function in plugins/dvi_extractor.c.
  * CVE-2017-15267 
: In GNU 
Libextractor 1.4, there is a NULL Pointer Dereference in flac_metadata in
flac_extractor.c.
  * CVE-2017-15602 
: In GNU 
Libextractor 1.4, there is an integer signedness error for the chunk size in the
EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading 
to an infinite loop for a crafted size.
  * CVE-2017-17440 
: GNU Libextractor 
1.6 allows remote attackers to cause a denial of service (NULL pointer
dereference and application crash) via a crafted GIF, IT (Impulse Tracker), 
NSFE, S3M (Scream Tracker 3), SID, or XM (eXtended Module) file, as 
demonstrated by the
EXTRACTOR_xm_extract_method function in plugins/xm_extractor.c.
  * CVE-2017-15600 
: In GNU 
Libextractor 1.4, there is a NULL Pointer Dereference in the
EXTRACTOR_nsf_extract_method function of plugins/nsf_extractor.c.
  * CVE-2017-15601 
: In GNU 
Libextractor 1.4, there is a heap-based buffer overflow in the
EXTRACTOR_png_extract_method function in plugins/png_extractor.c, related 
to processiTXt and stndup.

You will find attached the full debdiff.


Cheers,
Bertrand

PS These are the same changes as in #885617

diff -Nru libextractor-1.3/debian/changelog libextractor-1.3/debian/changelog
--- libextractor-1.3/debian/changelog	2014-09-30 22:56:54.0 +0200
+++ libextractor-1.3/debian/changelog	2017-12-27 19:01:53.0 +0100
@@ -1,3 +1,14 @@
+libextractor (1:1.3-2+deb8u1) jessie; urgency=medium
+
+  * Fix CVE-2017-15266, CVE-2017-15267, CVE-2017-15600, CVE-2017-15601,
+CVE-2017-15602, CVE-2017-15922 and CVE-2017-17440. Leon Zhao discovered
+several security vulnerabilities, NULL Pointer Dereferences, heap-based
+buffer overflows, integer signedness errors and out-of-bounds read that
+may lead to a denial-of-service (application crash) or have other
+unspecified impact.
+
+ -- Bertrand Marc   Wed, 27 Dec 2017 19:01:53 +0100
+
 libextractor (1:1.3-2) unstable; urgency=medium
 
   * Build-depend on libmagic-dev and libavresample-dev to enable additional
diff -Nru libextractor-1.3/debian/patches/CVE-2017-15266.patch libextractor-1.3/debian/patches/CVE-2017-15266.patch
--- libextractor-1.3/debian/patches/CVE-2017-15266.patch	1970-01-01 01:00:00.0 +0100
+++ libextractor-1.3/debian/patches/CVE-2017-15266.patch	2017-12-27 19:01:53.0 +0100
@@ -0,0 +1,17 @@
+From: Bertrand Marc 
+Subject: CVE-2017-15266
+
+Bug-Upstream: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg2.html
+Bug-Debian: https://bugs.debian.org/878314
+Origin: https://gnunet.org/git/libextractor.git/commit/?id=b577d5452c5c4ee9d552da62a24b95f461551fe2
+--- a/src/plugins/wav_extractor.c
 b/src/plugins/wav_extractor.c
+@@ -109,6 +109,8 @@
+ return;/* invalid sample size found in wav file */
+   if (0 == channels)
+ return;/* invalid channels value -- avoid division by 0! */
++  if (0 == sample_rate)
++return;/* invalid sample_rate */
+   samples = data_len / (channels * (sample_size >> 3));
+ 
+   snprintf (scratch,
diff -Nru libextractor-1.3/debian/patches/CVE-2017-15267.patch libextractor-1.3/debian/patches/CVE-2017-15267.patch
--- libextractor-1.3/debian/patches/CVE-2017-15267.patch	1970-01-01 01:00:00.0 +0100
+++ libextractor-1.3/debian/patches/CVE-2017-15267.patch	2017-12-27 19:01:53.0 +0100
@@ -0,0 +1,22 @@
+From: Markus Koschany 
+Date: Mon, 4 Dec 2017 00:00:15 +0100
+Subject: CVE-2017-15267
+
+Bug-Upstream: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg3.html
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878314
+Origin: https://gnunet.org/git/libextractor.git/commit/?id=6095d7132b57fc7368fc7a40bab2a71b735724d2
+---
+ src/plugins/flac_extractor.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/src/plugins/flac_extractor.c
 b/src/plugins/flac_extractor.c
+@@ -339,6 +339,8 @@
+ 	  {
+

Bug#885619: jessie-pu: package libextractor/1:1.3-2

Bug#885619: jessie-pu: package libextractor/1:1.3-2

Bug#885619: jessie-pu: package libextractor/1:1.3-2

Bug#885619: jessie-pu: package libextractor/1:1.3-2

4 matches

Site Navigation

Mail list logo

Footer information