[Pkg-phototools-devel] Bug#731237: openjpeg: CVE-2013-1447 CVE-2013-6045 CVE-2013-6052 CVE-2013-6054
Package: openjpeg Severity: grave Tags: security upstream patch Hi This is to track the issues released with DSA-2808-1 for openjpeg in the BTS. See http://lists.debian.org/debian-security-announce/2013/msg00222.html http://www.debian.org/security/2013/dsa-2808 Regards, Salvatore ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#743372: openjpeg: CVE-2014-0158: Heap-based buffer overflow in JPEG2000 image tile decoder
Source: openjpeg Severity: grave Tags: security upstream Hi, the following vulnerability was published for openjpeg. CVE-2014-0158[0]: Heap-based buffer overflow in JPEG2000 image tile decoder More information are on the Red Hat bugzilla[1]. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0158 https://security-tracker.debian.org/tracker/CVE-2014-0158 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1082925 Please adjust the affected versions in the BTS as needed. I only quickly checked unstable which seems to apply. Could you check if oldstable and stable are also affected by this problem? Regards, Salvatore ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#786792: darktable: CVE-2015-3885: input sanitization flaw leading to buffer overflow
Source: darktable Version: 1.0.4-1 Severity: important Tags: security upstream Hi, the following vulnerability was published for darktable. CVE-2015-3885[0]: | Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier | allows remote attackers to cause a denial of service (crash) via a | crafted image, which triggers a buffer overflow, related to the len | variable. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-3885 [1] http://www.ocert.org/advisories/ocert-2015-006.html This does not seem to warrant a DSA, but it would be nice to have it fixed in jessie and wheezy as well. Could you contact the stable release managers to have an update through a wheezy- and jessie-proposed-update? Regards, Salvatore ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#800149: openjpeg2: Use-after-free in opj_j2k_write_mco
Source: openjpeg2 Version: 2.1.0-2 Severity: important Tags: security upstream patch fixed-upstream Forwarded: https://github.com/uclouvain/openjpeg/issues/563 Hi A use-after-free vulnerability was found in openjpeg2, see http://www.openwall.com/lists/oss-security/2015/09/15/4 for the corresponding CVE request (no CVE assigned so far). Upstream issue: https://github.com/uclouvain/openjpeg/issues/563 Regards, Salvatore ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#801700: optipng: CVE-2015-7802: Buffer overflow in global memory
Source: optipng Version: 0.7.5-1 Severity: important Tags: security upstream Hi, the following vulnerability was published for optipng. CVE-2015-7802[0]: Buffer overflow in global memory If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-7802 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1265956 [2] https://marc.info/?l=oss-security&m=144300993420279&w=2 Please adjust the affected versions in the BTS as needed. Regards, Salvatore ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#820068: optipng: CVE-2016-2191: Invalid write while processing delta escapes without any boundary checking
Source: optipng Version: 0.6.4-1 Severity: important Tags: security upstream fixed-upstream Forwarded: https://sourceforge.net/p/optipng/bugs/59/ Hi, the following vulnerability was published for optipng and is fixed in 0.7.6 upstream. CVE-2016-2191[0]: Invalid write while processing delta escapes without any boundary checking If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-2191 [1] https://sourceforge.net/p/optipng/bugs/59/ [2] https://bugzilla.redhat.com/show_bug.cgi?id=1308550 Regards, Salvatore ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#820068: optipng: diff for NMU version 0.7.5-1.1
Control: tags 820068 + patch
Control: tags 820068 + pending
Dear maintainer,
I've prepared an NMU for optipng (versioned as 0.7.5-1.1) and uploaded
it to DELAYED/2. Please feel free to tell me if I should delay it
longer. It is exactly the same patch as used by Moritz for the
jessie-security upload. Better would be though to straight go to 0.7.6.
Regards,
Salvatore
diff -Nru optipng-0.7.5/debian/changelog optipng-0.7.5/debian/changelog
--- optipng-0.7.5/debian/changelog 2014-06-11 13:48:44.0 +0200
+++ optipng-0.7.5/debian/changelog 2016-04-08 06:53:53.0 +0200
@@ -1,3 +1,12 @@
+optipng (0.7.5-1.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * CVE-2016-2191: Invalid write while processing delta escapes without
+any boundary checking (Patch from Moritz Muehlenhoff from the jessie-
+security upload) (Closes: #820068)
+
+ -- Salvatore Bonaccorso Fri, 08 Apr 2016 06:26:14 +0200
+
optipng (0.7.5-1) unstable; urgency=medium
* New upstream release (Closes: #687770)
diff -Nru optipng-0.7.5/debian/patches/CVE-2016-2191.patch optipng-0.7.5/debian/patches/CVE-2016-2191.patch
--- optipng-0.7.5/debian/patches/CVE-2016-2191.patch 1970-01-01 01:00:00.0 +0100
+++ optipng-0.7.5/debian/patches/CVE-2016-2191.patch 2016-04-08 06:53:53.0 +0200
@@ -0,0 +1,140 @@
+Description: CVE-2016-2191: Invalid write while processing delta escapes without any boundary checking
+Origin: upstream
+Bug: https://sourceforge.net/p/optipng/bugs/59/
+Bug-Debian: https://bugs.debian.org/820068
+Forwarded: not-needed
+Author: Moritz Muehlenhoff
+Last-Update: 2016-04-08
+Applied-Upstream: 0.7.6
+
+--- optipng-0.7.5.orig/src/pngxtern/pngxrbmp.c
optipng-0.7.5/src/pngxtern/pngxrbmp.c
+@@ -108,17 +108,17 @@ bmp_get_dword(png_bytep ptr)
+
+
+ /*/
+-/* BMP RLE helpers */
++/* BMP helpers */
+ /*/
+
+ static void
+-bmp_rle8_memset(png_bytep ptr, size_t offset, int ch, size_t len)
++bmp_memset_bytes(png_bytep ptr, size_t offset, int ch, size_t len)
+ {
+memset(ptr + offset, ch, len);
+ }
+
+ static void
+-bmp_rle4_memset(png_bytep ptr, size_t offset, int ch, size_t len)
++bmp_memset_halfbytes(png_bytep ptr, size_t offset, int ch, size_t len)
+ {
+if (len == 0)
+ return;
+@@ -136,7 +136,7 @@ bmp_rle4_memset(png_bytep ptr, size_t of
+ }
+
+ static size_t
+-bmp_rle8_fread(png_bytep ptr, size_t offset, size_t len, FILE *stream)
++bmp_fread_bytes(png_bytep ptr, size_t offset, size_t len, FILE *stream)
+ {
+size_t result;
+
+@@ -147,15 +147,17 @@ bmp_rle8_fread(png_bytep ptr, size_t off
+ }
+
+ static size_t
+-bmp_rle4_fread(png_bytep ptr, size_t offset, size_t len, FILE *stream)
++bmp_fread_halfbytes(png_bytep ptr, size_t offset, size_t len, FILE *stream)
+ {
+size_t result;
+int ch;
+
++ if (len == 0)
++ return 0;
+ptr += offset / 2;
+if (offset & 1) /* use half-byte operations at odd offset */
+{
+- for (result = 0; result < len; result += 2)
++ for (result = 0; result < len - 1; result += 2)
+ {
+ ch = getc(stream);
+ if (ch == EOF)
+@@ -231,14 +233,14 @@ bmp_read_rows(png_bytepp begin_row, png_
+ endn = row_size * 2;
+ if (endn <= row_size)
+ return 0; /* overflow */
+- bmp_memset_fn = bmp_rle4_memset;
+- bmp_fread_fn = bmp_rle4_fread;
++ bmp_memset_fn = bmp_memset_halfbytes;
++ bmp_fread_fn = bmp_fread_halfbytes;
+}
+else
+{
+ endn = row_size;
+- bmp_memset_fn = bmp_rle8_memset;
+- bmp_fread_fn = bmp_rle8_fread;
++ bmp_memset_fn = bmp_memset_bytes;
++ bmp_fread_fn = bmp_fread_bytes;
+}
+
+if (compression == BI_RGB || compression == BI_BITFIELDS)
+@@ -258,19 +260,14 @@ bmp_read_rows(png_bytepp begin_row, png_
+ if (compression == BI_RLE8)
+ {
+ endn = row_size;
+- bmp_memset_fn = bmp_rle8_memset;
+- bmp_fread_fn = bmp_rle8_fread;
+ }
+- else /* BI_RLE4 */
++ else /* BI_RLE4 */
+ {
+ endn = row_size * 2;
+ if (endn <= row_size)
+ return 0; /* overflow */
+- bmp_memset_fn = bmp_rle4_memset;
+- bmp_fread_fn = bmp_rle4_fread;
+ }
+- crt_row = begin_row;
+- for ( ; ; )
++ for (crt_row = begin_row; crt_row != end_row; )
+ {
+ ch = getc(stream); b1 = (unsigned int)ch;
+ ch = getc(stream); b2 = (unsigned int)ch;
+@@ -300,6 +297,7 @@ bmp_read_rows(png_bytepp begin_row, png_
+ {
+bmp_memset_fn(*crt_row, crtn, 0, endn - crtn);
+crt_row += inc;
++ crtn = 0;
+result = (begin_row <= end_row) ?
+
[Pkg-phototools-devel] Bug#820068: optipng: diff for NMU version 0.7.5-1.1
Hi The used patch took into account as well the fixed from upstream bugs 56 and 57, which correspond to CVE-2016-3981 and CVE-2016-3982. At the time of writing those two CVEs were not yet assigned. So once accepted into the archive, I will update as well the information for those CVEs. Regards, Salvatore ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#800149: openjpeg2: Use-after-free in opj_j2k_write_mco
Control: retitle -1 openjpeg2: CVE-2015-8871: Use-after-free in opj_j2k_write_mco Hi, On Sun, Sep 27, 2015 at 01:54:25PM +0200, Salvatore Bonaccorso wrote: > Source: openjpeg2 > Version: 2.1.0-2 > Severity: important > Tags: security upstream patch fixed-upstream > Forwarded: https://github.com/uclouvain/openjpeg/issues/563 > > Hi > > A use-after-free vulnerability was found in openjpeg2, see > http://www.openwall.com/lists/oss-security/2015/09/15/4 for the > corresponding CVE request (no CVE assigned so far). > > Upstream issue: https://github.com/uclouvain/openjpeg/issues/563 This issue has been assigned CVE-2015-8871. Regards, Salvatore ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#831814: lepton: CVE-2016-6234 CVE-2016-6235 CVE-2016-6236 CVE-2016-6237 CVE-2016-6238
Source: lepton Version: 1.0-2 Severity: grave Tags: security upstream Justification: user security hole Hi, Multiple issues were found in lepton. The CVE request was at http://www.openwall.com/lists/oss-security/2016/07/17/1 referencing https://github.com/dropbox/lepton/issues/26 (note to compile with address sanitizer to reproduce the issues). lepton got several CVE assigned in subsequent http://www.openwall.com/lists/oss-security/2016/07/17/6 I'm not sure if current master fixes all the reported cases from #26. Regards, Salvatore ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#837604: openjpeg2: CVE-2016-7163: Integer overflow in opj_pi_create_decode
Source: openjpeg2 Version: 2.1.0-2 Severity: grave Tags: security upstream patch Control: fixed -1 2.1.0-2+deb8u1 Hi, the following vulnerability was published for openjpeg2. CVE-2016-7163[0]: Integer overflow in opj_pi_create_decode If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-7163 Regards, Salvatore ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#844552: openjpeg2: CVE-2016-9113
Source: openjpeg2 Version: 2.1.2-1 Severity: important Tags: security upstream Forwarded: https://github.com/uclouvain/openjpeg/issues/856 Hi, the following vulnerability was published for openjpeg2. CVE-2016-9113[0]: | There is a NULL pointer dereference in function imagetobmp of | convertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not | assigned a value after initialization(NULL). Impact is Denial of | Service. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-9113 [1] https://github.com/uclouvain/openjpeg/issues/856 Please adjust the affected versions in the BTS as needed. Regards, Salvatore ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#844551: openjpeg2: CVE-2016-9112
Source: openjpeg2 Version: 2.1.2-1 Severity: important Tags: security upstream Forwarded: https://github.com/uclouvain/openjpeg/issues/855 Hi, the following vulnerability was published for openjpeg2. CVE-2016-9112[0]: | Floating Point Exception (aka FPE or divide by zero) in | opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-9112 [1] https://github.com/uclouvain/openjpeg/issues/855 Please adjust the affected versions in the BTS as needed. Regards, Salvatore ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#844554: openjpeg2: CVE-2016-9115
Source: openjpeg2 Version: 2.1.2-1 Severity: important Tags: security upstream Forwarded: https://github.com/uclouvain/openjpeg/issues/858 Hi, the following vulnerability was published for openjpeg2. CVE-2016-9115[0]: | Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in | OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a | crafted j2k file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-9115 [1] https://github.com/uclouvain/openjpeg/issues/858 Please adjust the affected versions in the BTS as needed. Regards, Salvatore ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#844555: openjpeg2: CVE-2016-9116
Source: openjpeg2 Version: 2.1.2-1 Severity: important Tags: security upstream Forwarded: https://github.com/uclouvain/openjpeg/issues/859 Hi, the following vulnerability was published for openjpeg2. CVE-2016-9116[0]: | NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in | OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a | crafted j2k file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-9116 [1] https://github.com/uclouvain/openjpeg/issues/859 Please adjust the affected versions in the BTS as needed. Regards, Salvatore ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#844553: openjpeg2: CVE-2016-9114
Source: openjpeg2 Version: 2.1.2-1 Severity: important Tags: security upstream Forwarded: https://github.com/uclouvain/openjpeg/issues/857 Hi, the following vulnerability was published for openjpeg2. CVE-2016-9114[0]: | There is a NULL Pointer Access in function imagetopnm of | convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not | assigned a value after initialization(NULL). Impact is Denial of | Service. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-9114 [1] https://github.com/uclouvain/openjpeg/issues/857 Please adjust the affected versions in the BTS as needed. Regards, Salvatore ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#844557: openjpeg2: CVE-2016-9118
Source: openjpeg2 Version: 2.1.2-1 Severity: important Tags: security upstream Forwarded: https://github.com/uclouvain/openjpeg/issues/861 Hi, the following vulnerability was published for openjpeg2. CVE-2016-9118[0]: | Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of | convert.c:1719 in OpenJPEG 2.1.2. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-9118 [1] https://github.com/uclouvain/openjpeg/issues/861 Please adjust the affected versions in the BTS as needed. Regards, Salvatore ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#844556: openjpeg2: CVE-2016-9117
Source: openjpeg2 Version: 2.1.2-1 Severity: important Tags: security upstream Forwarded: https://github.com/uclouvain/openjpeg/issues/860 Hi, the following vulnerability was published for openjpeg2. CVE-2016-9117[0]: | NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in | OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a | crafted j2k file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-9117 [1] https://github.com/uclouvain/openjpeg/issues/860 Please adjust the affected versions in the BTS as needed. Regards, Salvatore ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#851422: openjpeg2: CVE-2016-9572 CVE-2016-9573
Source: openjpeg2 Version: 2.1.0-2 Severity: grave Tags: security upstream patch Justification: user security hole Forwarded: https://github.com/uclouvain/openjpeg/issues/863 Control: fixed -1 2.1.0-2+deb8u2 Hi, the following vulnerabilities were published for openjpeg2. Filling it as RC severity, since Moritz's DSA for openjpeg2 will contain fixes for those two CVEs, and not having those fixed in stretch would imply a regression. CVE-2016-9572[0] and CVE-2016-9573[1]. There is an upstream issue at [2] with patch[3]. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-9572 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9572 [1] https://security-tracker.debian.org/tracker/CVE-2016-9573 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9573 [2] https://github.com/uclouvain/openjpeg/issues/863 [3] https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d Regards, Salvatore ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#851422: openjpeg2: diff for NMU version 2.1.2-1.1
Control: tags 851422 + pending
Dear maintainer,
I've prepared an NMU for openjpeg2 (versioned as 2.1.2-1.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.
Regards,
Salvatore
diff -Nru openjpeg2-2.1.2/debian/changelog openjpeg2-2.1.2/debian/changelog
--- openjpeg2-2.1.2/debian/changelog 2016-09-29 08:11:30.0 +0200
+++ openjpeg2-2.1.2/debian/changelog 2017-01-22 14:18:13.0 +0100
@@ -1,3 +1,13 @@
+openjpeg2 (2.1.2-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Add CVE-2016-9572_CVE-2016-9573.patch patch.
+CVE-2016-9572: NULL pointer dereference in input decoding
+CVE-2016-9573: Heap out-of-bounds read due to insufficient check in
+imagetopnm(). (Closes: #851422)
+
+ -- Salvatore Bonaccorso Sun, 22 Jan 2017 14:18:13 +0100
+
openjpeg2 (2.1.2-1) unstable; urgency=medium
* New upstream. Closes: #839120
diff -Nru openjpeg2-2.1.2/debian/patches/CVE-2016-9572_CVE-2016-9573.patch openjpeg2-2.1.2/debian/patches/CVE-2016-9572_CVE-2016-9573.patch
--- openjpeg2-2.1.2/debian/patches/CVE-2016-9572_CVE-2016-9573.patch 1970-01-01 01:00:00.0 +0100
+++ openjpeg2-2.1.2/debian/patches/CVE-2016-9572_CVE-2016-9573.patch 2017-01-22 14:18:13.0 +0100
@@ -0,0 +1,222 @@
+From 7b28bd2b723df6be09fe7791eba33147c1c47d0d Mon Sep 17 00:00:00 2001
+From: szukw000
+Date: Mon, 28 Nov 2016 21:57:20 +0100
+Subject: [PATCH] Changes for issues #863 and #862
+
+---
+ src/bin/jp2/convert.c| 59 +++-
+ src/bin/jp2/convertbmp.c | 29 +-
+ src/bin/jp2/opj_decompress.c | 2 +-
+ src/lib/openjp2/j2k.c| 11 ++---
+ 4 files changed, 90 insertions(+), 11 deletions(-)
+
+diff --git a/src/bin/jp2/convert.c b/src/bin/jp2/convert.c
+index deee4f6..6a3f65b 100644
+--- a/src/bin/jp2/convert.c
b/src/bin/jp2/convert.c
+@@ -906,7 +906,8 @@ int imagetotga(opj_image_t * image, const char *outfile) {
+ for (i = 0; i < image->numcomps-1; i++) {
+ if ((image->comps[0].dx != image->comps[i+1].dx)
+ ||(image->comps[0].dy != image->comps[i+1].dy)
+-||(image->comps[0].prec != image->comps[i+1].prec)) {
++||(image->comps[0].prec != image->comps[i+1].prec)
++||(image->comps[0].sgnd != image->comps[i+1].sgnd)) {
+ fclose(fdest);
+ fprintf(stderr, "Unable to create a tga file with such J2K image charateristics.");
+ return 1;
+@@ -1743,7 +1744,7 @@ int imagetopnm(opj_image_t * image, const char *outfile, int force_split)
+ int *red, *green, *blue, *alpha;
+ int wr, hr, max;
+ int i;
+-unsigned int compno, ncomp;
++unsigned int compno, ncomp, ui;
+ int adjustR, adjustG, adjustB, adjustA;
+ int fails, two, want_gray, has_alpha, triple;
+ int prec, v;
+@@ -1768,6 +1769,27 @@ int imagetopnm(opj_image_t * image, const char *outfile, int force_split)
+
+ if(want_gray) ncomp = 1;
+
++for (ui = 1; ui < ncomp; ++ui) {
++if (image->comps[0].dx != image->comps[ui].dx) {
++break;
++}
++if (image->comps[0].dy != image->comps[ui].dy) {
++break;
++}
++if (image->comps[0].prec != image->comps[ui].prec) {
++break;
++}
++if (image->comps[0].sgnd != image->comps[ui].sgnd) {
++break;
++}
++}
++if (ui != ncomp) {
++fprintf(stderr,"imagetopnm: All components\nshall have "
++ "the same subsampling, same bit depth, same sign.\n"
++ "Aborting\n");
++return 1;
++}
++
+ if ((force_split == 0) &&
+ (ncomp == 2 /* GRAYA */
+ || (ncomp > 2 /* RGB, RGBA */
+@@ -2126,7 +2148,7 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL
+ {
+ FILE *rawFile = NULL;
+ size_t res;
+-unsigned int compno;
++unsigned int compno, numcomps;
+ int w, h, fails;
+ int line, row, curr, mask;
+ int *ptr;
+@@ -2139,6 +2161,31 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL
+ return 1;
+ }
+
++numcomps = image->numcomps;
++
++if (numcomps > 4) {
++numcomps = 4;
++}
++for (compno = 1; compno < numcomps; ++compno) {
++if (image->comps[0].dx != image->comps[compno].dx) {
++break;
++}
++if (image->comps[0].dy != image->comps[compno].dy) {
++break;
++}
++if (image->comps[0].prec != image->comps[compno].prec) {
++break;
++}
++if (image->comps[0].sgnd != image->comps[compno].sgnd) {
++break;
++}
++}
++if (compno != numcomps) {
++fprintf(stderr,"imagetoraw_common: All components shall have the same subsampling, same
[Pkg-phototools-devel] Bug#859714: lepton: CVE-2017-7448
Source: lepton Version: 1.2.1-2 Severity: important Tags: security upstream patch Forwarded: https://github.com/dropbox/lepton/issues/86 Hi, the following vulnerability was published for lepton. CVE-2017-7448[0]: | The allocate_channel_framebuffer function in uncompressed_components.hh | in Dropbox Lepton 1.2.1 allows remote attackers to cause a denial of | service (divide-by-zero error and application crash) via a malformed | JPEG image. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-7448 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7448 [1] https://github.com/dropbox/lepton/issues/86 Please adjust the affected versions in the BTS as needed. Regards, Salvatore -- System Information: Debian Release: 9.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=UTF-8) (ignored: LC_ALL set to C.UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#860367: feh: CVE-2017-7875
Source: feh Version: 2.12-1 Severity: normal Tags: upstream security patch fixed-upstream Hi, the following vulnerability was published for fehl. CVE-2017-7875[0]: | In wallpaper.c in feh before v2.18.3, if a malicious client pretends to | be the E17 window manager, it is possible to trigger an out-of-boundary | heap write while receiving an IPC message. An integer overflow leads to | a buffer overflow and/or a double free. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-7875 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7875 [1] https://github.com/derf/feh/commit/f7a547b7ef8fc8ebdeaa4c28515c9d72e592fb6d Please adjust the affected versions in the BTS as needed. Regards, Salvatore ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#862446: lepton: CVE-2017-8891
Source: lepton Version: 1.2.1-2 Severity: important Tags: upstream security Forwarded: https://github.com/dropbox/lepton/issues/87 Hi, the following vulnerability was published for lepton. CVE-2017-8891[0]: | Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a | malformed lepton file because the code does not ensure setup of a | correct number of threads. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-8891 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8891 [1] https://github.com/dropbox/lepton/issues/87 Regards, Salvatore ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#873022: libexif: CVE-2016-6328: Integer overflow in parsing MNOTE entry data of the input file
Source: libexif Version: 0.6.21-2 Severity: important Tags: security patch upstream Hi, the following vulnerability was published for libexif. CVE-2016-6328[0]: |Integer overflow in parsing MNOTE entry data of the input file If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-6328 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6328 [1] http://libexif.cvs.sourceforge.net/viewvc/libexif/libexif/libexif/pentax/mnote-pentax-entry.c?r1=1.26&r2=1.27 Regards, Salvatore ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#874113: openjpeg2: CVE-2016-10504: Heap-based buffer over-write in in opj_mqc_byteout function of mqc.c
Source: openjpeg2 Version: 2.1.2-1.1 Severity: important Tags: security upstream patch Forwarded: https://github.com/uclouvain/openjpeg/issues/835 Hi, the following vulnerability was published for openjpeg2. CVE-2016-10504[0]: | Heap-based buffer overflow vulnerability in the opj_mqc_byteout | function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to | cause a denial of service (application crash) via a crafted bmp file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-10504 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10504 [1] https://github.com/uclouvain/openjpeg/issues/835 [2] https://github.com/uclouvain/openjpeg/commit/397f62c0a838e15d667ef50e27d5d011d2c79c04 Please adjust the affected versions in the BTS as needed, only 2.1.2 has been verified so far. Regards, Salvatore ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#874115: openjpeg2: CVE-2017-14041: Stack-based buffer over-write in pgxtoimage function in bin/jp2/convert.c
Source: openjpeg2 Version: 2.1.0-2 Severity: grave Tags: upstream patch security Forwarded: https://github.com/uclouvain/openjpeg/issues/997 Hi, the following vulnerability was published for openjpeg2. CVE-2017-14041[0]: | A stack-based buffer overflow was discovered in the pgxtoimage function | in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an | out-of-bounds write, which may lead to remote denial of service or | possibly remote code execution. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-14041 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14041 [1] https://github.com/uclouvain/openjpeg/issues/997 [2] https://github.com/uclouvain/openjpeg/commit/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9 Regards, Salvatore ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#874117: openjpeg2: CVE-2017-14040: invalid memory write in tgatoimage
Source: openjpeg2 Version: 2.1.0-2 Severity: important Tags: patch security upstream Forwarded: https://github.com/uclouvain/openjpeg/issues/995 Hi, the following vulnerability was published for openjpeg2. CVE-2017-14040[0]: | An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG | 2.2.0, triggering a crash in the tgatoimage function. The vulnerability | may lead to remote denial of service or possibly unspecified other | impact. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-14040 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14040 [1] https://github.com/uclouvain/openjpeg/issues/995 [2] https://github.com/uclouvain/openjpeg/commit/2cd30c2b06ce332dede81cccad8b334cde997281 Regards, Salvatore ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#874118: openjpeg2: CVE-2017-14039: Heap-based buffer overflow in opj_t2_encode_packet function in lib/openjp2/t2.c
Source: openjpeg2 Version: 2.1.0-2 Severity: important Tags: patch upstream security Forwarded: https://github.com/uclouvain/openjpeg/issues/992 Hi, the following vulnerability was published for openjpeg2. CVE-2017-14039[0]: | A heap-based buffer overflow was discovered in the opj_t2_encode_packet | function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability | causes an out-of-bounds write, which may lead to remote denial of | service or possibly unspecified other impact. The issue is covered by [3], so trying to reproduce the issue leads to an assertion failure up to the version in sid instead. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-14039 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14039 [1] https://github.com/uclouvain/openjpeg/issues/992 [2] https://github.com/uclouvain/openjpeg/commit/c535531f03369623b9b833ef41952c62257b507e [3] https://github.com/uclouvain/openjpeg/commit/4241ae6fbbf1de9658764a80944dc8108f2b4154 Please adjust the affected versions in the BTS as needed. Regards, Salvatore ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#874430: openjpeg2: CVE-2017-14151: heap-based buffer overflow in opj_mqc_flush
Source: openjpeg2 Version: 2.1.2-1.3 Severity: grave Tags: security upstream patch Forwarded: https://github.com/uclouvain/openjpeg/issues/982 Hi, the following vulnerability was published for openjpeg2. CVE-2017-14151[0]: | An off-by-one error was discovered in | opj_tcd_code_block_enc_allocate_data in lib/openjp2/tcd.c in OpenJPEG | 2.2.0. The vulnerability causes an out-of-bounds write, which may lead | to remote denial of service (heap-based buffer overflow affecting | opj_mqc_flush in lib/openjp2/mqc.c and opj_t1_encode_cblk in | lib/openjp2/t1.c) or possibly remote code execution. Verifiable with an ASAN build of openjpeg2. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-14151 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14151 [1] https://github.com/uclouvain/openjpeg/issues/982 [2] https://blogs.gentoo.org/ago/2017/08/16/openjpeg-heap-based-buffer-overflow-in-opj_mqc_flush-mqc-c/ Please adjust the affected versions in the BTS as needed. Regards, Salvatore ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#874431: openjpeg2: CVE-2017-14152: heap-based buffer overflow in opj_write_bytes_LE
Source: openjpeg2 Version: 2.1.2-1.3 Severity: grave Tags: upstream patch security Forwarded: https://github.com/uclouvain/openjpeg/issues/985 Hi, the following vulnerability was published for openjpeg2. CVE-2017-14152[0]: | A mishandled zero case was discovered in opj_j2k_set_cinema_parameters | in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an | out-of-bounds write, which may lead to remote denial of service | (heap-based buffer overflow affecting opj_write_bytes_LE in | lib/openjp2/cio.c and opj_j2k_write_sot in lib/openjp2/j2k.c) or | possibly remote code execution. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-14152 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14152 [1] https://github.com/uclouvain/openjpeg/issues/985 Please adjust the affected versions in the BTS as needed. Regards, Salvatore ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#874431: openjpeg2: CVE-2017-14152: heap-based buffer overflow in opj_write_bytes_LE
On Wed, Sep 06, 2017 at 06:58:36AM +0200, Salvatore Bonaccorso wrote: > Source: openjpeg2 > Version: 2.1.2-1.3 > Severity: grave > Tags: upstream patch security > Forwarded: https://github.com/uclouvain/openjpeg/issues/985 > > Hi, > > the following vulnerability was published for openjpeg2. > > CVE-2017-14152[0]: > | A mishandled zero case was discovered in opj_j2k_set_cinema_parameters > | in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an > | out-of-bounds write, which may lead to remote denial of service > | (heap-based buffer overflow affecting opj_write_bytes_LE in > | lib/openjp2/cio.c and opj_j2k_write_sot in lib/openjp2/j2k.c) or > | possibly remote code execution. > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2017-14152 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14152 > [1] https://github.com/uclouvain/openjpeg/issues/985 When fixing this issue make sure to apply the complete fix to not open openjpeg2 to CVE-2017-14164. Applying both https://github.com/uclouvain/openjpeg/commit/4241ae6fbbf1de9658764a80944dc8108f2b4154 and https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a should completely resolve CVE-2017-14152 (double check!). Regards, Salvatore ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#876466: libexif: CVE-2017-7544: Out-of-bounds heap read in exif_data_save_data_entry function
Source: libexif Version: 0.6.21-2 Severity: important Tags: security patch upstream Forwarded: https://sourceforge.net/p/libexif/bugs/130/ Hi, the following vulnerability was published for libexif. CVE-2017-7544[0]: | libexif through 0.6.21 is vulnerable to out-of-bounds heap read | vulnerability in exif_data_save_data_entry function in | libexif/exif-data.c caused by improper length computation of the | allocated data of an ExifMnote entry which can cause denial-of-service | or possibly information disclosure. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-7544 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7544 [1] https://sourceforge.net/p/libexif/bugs/130/ The attched report in the upstream bug is password protected, but there is a produced patch by Marcus Meissner in the upstream bug. Regards, Salvatore ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#876535: openjpeg2: Incoorporate lost changelogs (and possibly changes) for NMUs 2.1.2-1.1, 2.1.2-1.2 and 2.1.2-1.3
Source: openjpeg2 Version: 2.2.0-1 Severity: normal Hi Mathieu, There was an update for openjpeg2 not incoorporating the NMU changelog for 2.1.2-1.1, 2.1.2-1.2 and 2.1.2-1.3. Please consider incorporating those again (and double check no change was lost, I guess not that all should in meanwhile be included in 2.2.0, but for #851422 I'm unsure if it was fully covered, see the respective upstream issues which only partially landed in 2.2.0). Specifically there were some CVEs addressed, which are hopefully still be fixed in 2.2.0-1, the FTBFS defintively seems so. cut-cut-cut-cut-cut-cut- diff -Nru openjpeg2-2.1.2/debian/changelog openjpeg2-2.2.0/debian/changelog --- openjpeg2-2.1.2/debian/changelog2017-08-12 15:54:38.0 +0200 +++ openjpeg2-2.2.0/debian/changelog2017-09-22 21:51:36.0 +0200 @@ -1,26 +1,13 @@ -openjpeg2 (2.1.2-1.3) unstable; urgency=medium +openjpeg2 (2.2.0-1) unstable; urgency=medium - * Fix FTFBS (Closes: #871905) + * New upstream release. Closes: #872041 + * Fix CVE-2016-9113. Closes: #844552 + * Fix CVE-2016-9114. Closes: #844553 + * Fix CVE-2016-9115. Closes: #844554 + * Fix CVE-2016-9116. Closes: #844555 + * Fix CVE-2016-9117. Closes: #844556 - -- Moritz Muehlenhoff Sat, 12 Aug 2017 15:54:38 +0200 - -openjpeg2 (2.1.2-1.2) unstable; urgency=medium - - * Non-maintainer upload - * Fix CVE-2016-1626, CVE-2016-1628, CVE-2016-5152, CVE-2016-9112 and -CVE-2016-9118.patch - - -- Moritz Muehlenhoff Fri, 11 Aug 2017 22:17:07 +0200 - -openjpeg2 (2.1.2-1.1) unstable; urgency=medium - - * Non-maintainer upload. - * Add CVE-2016-9572_CVE-2016-9573.patch patch. -CVE-2016-9572: NULL pointer dereference in input decoding -CVE-2016-9573: Heap out-of-bounds read due to insufficient check in -imagetopnm(). (Closes: #851422) - - -- Salvatore Bonaccorso Sun, 22 Jan 2017 14:18:13 +0100 + -- Mathieu Malaterre Fri, 22 Sep 2017 21:51:36 +0200 openjpeg2 (2.1.2-1) unstable; urgency=medium cut-cut-cut-cut-cut-cut- Thanks for your time, double-checking and working on openjpeg2! Regards, Salvatore ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#876535: openjpeg2: Incoorporate lost changelogs (and possibly changes) for NMUs 2.1.2-1.1, 2.1.2-1.2 and 2.1.2-1.3
Hi Mathieu, On Mon, Sep 25, 2017 at 10:12:31AM +0200, Mathieu Malaterre wrote: > Control: tags -1 pending > > Hi Salvatore, > > On Sat, Sep 23, 2017 at 1:59 PM, Salvatore Bonaccorso > wrote: > > Source: openjpeg2 > > Version: 2.2.0-1 > > Severity: normal > > > > Hi Mathieu, > > > > There was an update for openjpeg2 not incoorporating the NMU changelog > > for 2.1.2-1.1, 2.1.2-1.2 and 2.1.2-1.3. Please consider incorporating > > those again (and double check no change was lost, I guess not that all > > should in meanwhile be included in 2.2.0, but for #851422 I'm unsure > > if it was fully covered, see the respective upstream issues which only > > partially landed in 2.2.0). > > > > Specifically there were some CVEs addressed, which are hopefully still > > be fixed in 2.2.0-1, the FTBFS defintively seems so. > > > > cut-cut-cut-cut-cut-cut- > > diff -Nru openjpeg2-2.1.2/debian/changelog openjpeg2-2.2.0/debian/changelog > > --- openjpeg2-2.1.2/debian/changelog2017-08-12 15:54:38.0 +0200 > > +++ openjpeg2-2.2.0/debian/changelog2017-09-22 21:51:36.0 +0200 > > @@ -1,26 +1,13 @@ > > -openjpeg2 (2.1.2-1.3) unstable; urgency=medium > > +openjpeg2 (2.2.0-1) unstable; urgency=medium > > > > - * Fix FTFBS (Closes: #871905) > > + * New upstream release. Closes: #872041 > > + * Fix CVE-2016-9113. Closes: #844552 > > + * Fix CVE-2016-9114. Closes: #844553 > > + * Fix CVE-2016-9115. Closes: #844554 > > + * Fix CVE-2016-9116. Closes: #844555 > > + * Fix CVE-2016-9117. Closes: #844556 > > > > - -- Moritz Muehlenhoff Sat, 12 Aug 2017 15:54:38 +0200 > > - > > -openjpeg2 (2.1.2-1.2) unstable; urgency=medium > > - > > - * Non-maintainer upload > > - * Fix CVE-2016-1626, CVE-2016-1628, CVE-2016-5152, CVE-2016-9112 and > > -CVE-2016-9118.patch > > - > > - -- Moritz Muehlenhoff Fri, 11 Aug 2017 22:17:07 +0200 > > - > > -openjpeg2 (2.1.2-1.1) unstable; urgency=medium > > - > > - * Non-maintainer upload. > > - * Add CVE-2016-9572_CVE-2016-9573.patch patch. > > -CVE-2016-9572: NULL pointer dereference in input decoding > > -CVE-2016-9573: Heap out-of-bounds read due to insufficient check in > > -imagetopnm(). (Closes: #851422) > > - > > - -- Salvatore Bonaccorso Sun, 22 Jan 2017 14:18:13 > > +0100 > > + -- Mathieu Malaterre Fri, 22 Sep 2017 21:51:36 +0200 > > > > openjpeg2 (2.1.2-1) unstable; urgency=medium > > cut-cut-cut-cut-cut-cut- > > > > Thanks for your time, double-checking and working on openjpeg2! > > Wow ! That was bad :( Thanks for catching my mistake. Thanks a lot for looking that quickly into this! And thanks for reopening the bugs regarding the 2.2.0-1 stanza, which are still under investigation/not yet fixed. Regards, Salvatore ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#877352: openexr:CVE-2017-12596
Source: openexr Version: 2.2.0-11.1 Severity: important Tags: upstream security Forwarded: https://github.com/openexr/openexr/issues/238 Hi, the following vulnerability was published for openexr, filling this bug to track the upstream issue at [1]. CVE-2017-12596[0]: | In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read | in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled | execution; it may result in denial of service or possibly unspecified | other impact. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-12596 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12596 [1] https://github.com/openexr/openexr/issues/238 Please adjust the affected versions in the BTS as needed. Regards, Salvatore ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#878551: openexr: CVE-2017-14988
Source: openexr Version: 2.2.0-11 Severity: important Tags: security upstream Forwarded: https://github.com/openexr/openexr/issues/248 Hi, the following vulnerability was published for openexr. CVE-2017-14988[0]: | Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote | attackers to cause a denial of service (excessive memory allocation) | via a crafted file that is accessed with the ImfOpenInputFile function | in IlmImf/ImfCRgbaFile.cpp. At the time of writing this bug report there is no upstream fix yet. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-14988 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14988 [1] https://github.com/openexr/openexr/issues/248 Please adjust the affected versions in the BTS as needed, only 2.2.0 has been checked so far. Regards, Salvatore ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#874118: CVE-2017-14039: Heap-based buffer overflow in opj_t2_encode_packet function in lib/openjp2/t2.c
Hello Mathieu, On Mon, Oct 16, 2017 at 06:12:30PM +0200, Mathieu Malaterre wrote: > Control: severity -1 important > > While I understand the this generic heap based buffer overflow ought > to be fixed in Debian stable, I fail to see why it is marked as > affecting stretch. [...] In my initial report I wrote: "The issue is covered by [3], so trying to reproduce the issue leads to an assertion failure up to the version in sid instead." My point was, yes if you try to reproduce with current version you will reach the assertion, because it's yet covered by the missing commit 4241ae6fbbf1de9658764a80944dc8108f2b4154. Applying that as well shows the underlying issue. Hope this helps! Regards, Salvatore ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#882032: optipng: CVE-2017-1000229: Integer Overflow Bug while parsing TIFF input file
Source: optipng Version: 0.7.6-1 Severity: important Tags: security upstream Forwarded: https://sourceforge.net/p/optipng/bugs/65/ Hi, the following vulnerability was published for optipng. CVE-2017-1000229[0]: | Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 | allows an attacker to remotely execute code or cause denial of | service. With the poc.tiff on upstream bug: ==9473== Memcheck, a memory error detector ==9473== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==9473== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info ==9473== Command: optipng poc.tiff ==9473== ** Processing: poc.tiff ==9473== Invalid write of size 4 ==9473==at 0x109C53: read_ulong_values (tiffread.c:131) ==9473==by 0x117504: minitiff_read_info (tiffread.c:358) ==9473==by 0x114B07: pngx_read_tiff (pngxrtif.c:85) ==9473==by 0x11272C: pngx_read_image (pngxread.c:130) ==9473==by 0x10CABF: opng_read_file (optim.c:939) ==9473==by 0x10DE99: opng_optimize_impl (optim.c:1503) ==9473==by 0x10EC28: opng_optimize (optim.c:1853) ==9473==by 0x10A30E: process_files (optipng.c:941) ==9473==by 0x10A30E: main (optipng.c:975) ==9473== Address 0x4aa56cc is 0 bytes after a block of size 4 alloc'd ==9473==at 0x482E2BC: malloc (vg_replace_malloc.c:299) ==9473==by 0x1174CA: minitiff_read_info (tiffread.c:353) ==9473==by 0x114B07: pngx_read_tiff (pngxrtif.c:85) ==9473==by 0x11272C: pngx_read_image (pngxread.c:130) ==9473==by 0x10CABF: opng_read_file (optim.c:939) ==9473==by 0x10DE99: opng_optimize_impl (optim.c:1503) ==9473==by 0x10EC28: opng_optimize (optim.c:1853) ==9473==by 0x10A30E: process_files (optipng.c:941) ==9473==by 0x10A30E: main (optipng.c:975) ==9473== Error: Error reading TIFF file ** Status report 1 file(s) have been processed. 1 error(s) have been encountered. ==9473== ==9473== HEAP SUMMARY: ==9473== in use at exit: 4 bytes in 1 blocks ==9473== total heap usage: 5 allocs, 4 frees, 5,600 bytes allocated ==9473== ==9473== LEAK SUMMARY: ==9473==definitely lost: 4 bytes in 1 blocks ==9473==indirectly lost: 0 bytes in 0 blocks ==9473== possibly lost: 0 bytes in 0 blocks ==9473==still reachable: 0 bytes in 0 blocks ==9473== suppressed: 0 bytes in 0 blocks ==9473== Rerun with --leak-check=full to see details of leaked memory ==9473== ==9473== For counts of detected and suppressed errors, rerun with: -v ==9473== ERROR SUMMARY: 262143 errors from 1 contexts (suppressed: 0 from 0) If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-1000229 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000229 Please adjust the affected versions in the BTS as needed. Regards, Salvatore ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#878839: optipng: diff for NMU version 0.7.6-1.1
Control: tags 878839 + patch
Control: tags 878839 + pending
Control: tags 882032 + pending
Dear maintainer,
I've prepared an NMU for optipng (versioned as 0.7.6-1.1) and
uploaded it to DELAYED/5. Please feel free to tell me if I
should delay it longer.
Regards,
Salvatore
diff -Nru optipng-0.7.6/debian/changelog optipng-0.7.6/debian/changelog
--- optipng-0.7.6/debian/changelog 2016-04-08 23:13:43.0 +0200
+++ optipng-0.7.6/debian/changelog 2017-12-07 20:43:29.0 +0100
@@ -1,3 +1,13 @@
+optipng (0.7.6-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Prevent integer overflow in minitiff_read_info() (CVE-2017-1000229)
+(Closes: #882032)
+ * gifread: Detect indirect circular dependencies in LZW tables
+(CVE-2017-16938) (Closes: #878839)
+
+ -- Salvatore Bonaccorso Thu, 07 Dec 2017 20:43:29 +0100
+
optipng (0.7.6-1) unstable; urgency=medium
* New upstream release
diff -Nru optipng-0.7.6/debian/patches/CVE-2017-1000229 optipng-0.7.6/debian/patches/CVE-2017-1000229
--- optipng-0.7.6/debian/patches/CVE-2017-1000229 1970-01-01 01:00:00.0 +0100
+++ optipng-0.7.6/debian/patches/CVE-2017-1000229 2017-12-07 20:43:29.0 +0100
@@ -0,0 +1,25 @@
+From 77ac8e9fd9b2c1aeec3951e2bb50f7cc2c1e92d2 Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping
+Date: Sun, 19 Nov 2017 16:04:26 +0100
+Subject: [PATCH] Prevent integer overflow (bug #65, CVE-2017-1000229)
+
+---
+ src/minitiff/tiffread.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/minitiff/tiffread.c b/src/minitiff/tiffread.c
+index b4910ec..5f9b376 100644
+--- a/src/minitiff/tiffread.c
b/src/minitiff/tiffread.c
+@@ -350,6 +350,8 @@ minitiff_read_info(struct minitiff_info *tiff_ptr, FILE *fp)
+ count = tiff_ptr->strip_offsets_count;
+ if (count == 0 || count > tiff_ptr->height)
+ goto err_invalid;
++if (count > (size_t)-1 / sizeof(long))
++goto err_memory;
+ tiff_ptr->strip_offsets = (long *)malloc(count * sizeof(long));
+ if (tiff_ptr->strip_offsets == NULL)
+ goto err_memory;
+--
+2.14.2
+
diff -Nru optipng-0.7.6/debian/patches/CVE-2017-16938 optipng-0.7.6/debian/patches/CVE-2017-16938
--- optipng-0.7.6/debian/patches/CVE-2017-16938 1970-01-01 01:00:00.0 +0100
+++ optipng-0.7.6/debian/patches/CVE-2017-16938 2017-12-07 20:43:29.0 +0100
@@ -0,0 +1,23 @@
+From e05fb81a20541833a2d62ce08552b18c0920b9a1 Mon Sep 17 00:00:00 2001
+From: Cosmin Truta
+Date: Sat, 25 Nov 2017 23:17:46 -0500
+Subject: [PATCH] gifread: Detect indirect circular dependencies in LZW tables
+
+---
+ src/gifread/gifread.c | 4 +++-
+ src/gifread/gifread.h | 2 +-
+ 2 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/gifread/gifread.c b/src/gifread/gifread.c
+index 0123456789abcdef..0123456789abcdef 100644
+--- a/src/gifread/gifread.c
b/src/gifread/gifread.c
+@@ -499,6 +499,8 @@ static int LZWReadByte(int init_flag, int input_code_size, FILE *stream)
+ *sp++ = table[1][code];
+ if (code == table[0][code])
+ GIFError("GIF/LZW error: circular table entry");
++if ((size_t)(sp - stack) >= sizeof(stack) / sizeof(stack[0]))
++GIFError("GIF/LZW error: circular table");
+ code = table[0][code];
+ }
+
diff -Nru optipng-0.7.6/debian/patches/series optipng-0.7.6/debian/patches/series
--- optipng-0.7.6/debian/patches/series 2016-04-08 22:43:41.0 +0200
+++ optipng-0.7.6/debian/patches/series 2017-12-07 20:43:29.0 +0100
@@ -1 +1,3 @@
fix_typo_in_manpage
+CVE-2017-1000229
+CVE-2017-16938
___
Pkg-phototools-devel mailing list
Pkg-phototools-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#878839: optipng: moved to delayed/0
Hi Emmanuel I perfectly realize it's not conforming to the NMU rules, so if that made you unhappy I apologies for it. I moved the optipng upload from delayed/5 to delayed/0 since was planing a security update, and the point release happening this weekend would imply stretch-version < sid-version. So opted for moving the upload faster. Regards, Salvatore ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#884738: openjpeg2: CVE-2017-17480: stack-based buffer overflow in pgxtovolume function in jp3d/convert.c
Source: openjpeg2 Version: 2.1.0-1 Severity: grave Tags: security upstream Forwarded: https://github.com/uclouvain/openjpeg/issues/1044 Hi, the following vulnerability was published for openjpeg2. CVE-2017-17480[0]: | In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the | pgxtovolume function in jp3d/convert.c. The vulnerability causes an | out-of-bounds write, which may lead to remote denial of service or | possibly remote code execution. Note there is as well the CVE-2017-17479 assignment, for the jpwl/convert.c part. But AFAICS the Debian packagagins has overall BUILD_JPWL:BOOL=OFF, so that one can be considered unimportant since only present as in the source, but not in the resulting binary packages. Though if upstream fixes the both issues, then fixes could be applied. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-17480 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17480 [1] https://github.com/uclouvain/openjpeg/issues/1044 Regards, Salvatore ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#888533: openjpeg2: CVE-2018-5785: integer overflow in opj_j2k_setup_encoder function in openjp2/j2k.c
Source: openjpeg2 Version: 2.3.0-1 Severity: important Tags: security upstream Forwarded: https://github.com/uclouvain/openjpeg/issues/1057 Hi, the following vulnerability was published for openjpeg2. CVE-2018-5785[0]: | In OpenJPEG 2.3.0, there is an integer overflow caused by an | out-of-bounds left shift in the opj_j2k_setup_encoder function | (openjp2/j2k.c). Remote attackers could leverage this vulnerability to | cause a denial of service via a crafted bmp file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-5785 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5785 [1] https://github.com/uclouvain/openjpeg/issues/1057 [2] https://bugzilla.redhat.com/show_bug.cgi?id=1537758#c2 Please adjust the affected versions in the BTS as needed. Regards, Salvatore ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#888532: openjpeg2: CVE-2018-5727: nteger overflow in opj_t1_encode_cblks in src/lib/openjp2/t1.c
Source: openjpeg2 Version: 2.3.0-1 Severity: important Tags: security upstream Forwarded: https://github.com/uclouvain/openjpeg/issues/1053 Hi, the following vulnerability was published for openjpeg2. CVE-2018-5727[0]: | In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the | opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could | leverage this vulnerability to cause a denial of service via a crafted | bmp file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-5727 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5727 [1] https://github.com/uclouvain/openjpeg/issues/1053 [2] https://bugzilla.redhat.com/show_bug.cgi?id=1536552#c2 Please adjust the affected versions in the BTS as needed. Regards, Salvatore ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#889683: openjpeg2: CVE-2018-6616: Excessive Iteration in opj_t1_encode_cblks
Source: openjpeg2 Version: 2.3.0-1 Severity: important Tags: security upstream Forwarded: https://github.com/uclouvain/openjpeg/issues/1059 Hi, the following vulnerability was published for openjpeg2. CVE-2018-6616[0]: | In OpenJPEG 2.3.0, there is excessive iteration in the | opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could | leverage this vulnerability to cause a denial of service via a crafted | bmp file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-6616 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6616 [1] https://github.com/uclouvain/openjpeg/issues/1059 Please adjust the affected versions in the BTS as needed. Regards, Salvatore ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
