Your message dated Wed, 07 Mar 2018 21:05:42 +0000 with message-id <e1etgfq-000ekk...@fasolo.debian.org> and subject line Bug#868151: fixed in imlib2 1.5.0-1 has caused the Debian Bug report #868151, regarding imlib2: XPM loader: uninitialized memory read to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 868151: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868151 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: imlib2 Version: 1.4.8-1 loader_xpm.c contains the following code: sscanf(line, "%i %i %i %i", &w, &h, &ncolors, &cpp); if ((ncolors > 32766) || (ncolors < 1)) ...This doesn't check return value from sscanf(), so for some invalid XMP files (such as the attached one), the ncolors variable will remain uninitialized.Found using american fuzzy lop: http://lcamtuf.coredump.cx/afl/ -- Jakub Wilk
--- End Message ---
--- Begin Message ---Source: imlib2 Source-Version: 1.5.0-1 We believe that the bug you reported is fixed in the latest version of imlib2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 868...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Markus Koschany <a...@debian.org> (supplier of updated imlib2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 07 Mar 2018 18:29:16 +0100 Source: imlib2 Binary: libimlib2 libimlib2-dev Architecture: source Version: 1.5.0-1 Distribution: unstable Urgency: medium Maintainer: Markus Koschany <a...@debian.org> Changed-By: Markus Koschany <a...@debian.org> Description: libimlib2 - image loading, rendering, saving library libimlib2-dev - image loading, rendering, saving library (development files) Closes: 773968 868151 Changes: imlib2 (1.5.0-1) unstable; urgency=medium . * New upstream version 1.5.0. * Move the repository to salsa.debian.org. * Drop bug-868177-invalid-free.patch. Applied upstream. * Add FTBFS_X11_SHM_FD.patch and fix FTBFS when HAVE_X11_SHM_FD is not defined. * Add bug-868151.patch. Fix potential use of uninitialized value. Thanks to Jakub Wilk for the report and Kim Woelders for the patch. (Closes: #868151) * Update debian/libimlib2.symbols for new release. * Add bug-773968.patch and fix infinite loop with invalid bmp images. Thanks to Jussi Judin for the report and Kim Woelders for the patch. (Closes: #773968) Checksums-Sha1: 4599dd99f863214c8077f7fc1fa133e3fcaca4d5 2183 imlib2_1.5.0-1.dsc 8ec9c2dd1b216f0d6cf933a47b27d70551acaf90 450808 imlib2_1.5.0.orig.tar.xz d4181b9dfe2363a7f51c1642916590b9832ac450 11320 imlib2_1.5.0-1.debian.tar.xz 6d437d3580d4b3600de74d9e06289ab4ccbc7341 7158 imlib2_1.5.0-1_amd64.buildinfo Checksums-Sha256: d17da932187bc6edf36d918b6d18312b060d2fee81099e018c85454f30a1027c 2183 imlib2_1.5.0-1.dsc 22b445610b23dda5c7e20b232463792bf2d08c50539c0bc29bc83e6dbc2b934d 450808 imlib2_1.5.0.orig.tar.xz 347547878d388fbe17c83b2e80c29bb2ed0dd5ee4f31e36de28bb1f9847e26a9 11320 imlib2_1.5.0-1.debian.tar.xz d21f806efcf4484a80c8829be4f5df08c73a52b29611fa8ed779dac0bdc23731 7158 imlib2_1.5.0-1_amd64.buildinfo Files: 4937e0fdc3745a9a9c09a6d041be002c 2183 libs optional imlib2_1.5.0-1.dsc 09b2328df5417f207cea4eb3d0bb2282 450808 libs optional imlib2_1.5.0.orig.tar.xz 3666805a6c3ea36e2a122435813073ec 11320 libs optional imlib2_1.5.0-1.debian.tar.xz 0f43350579829c2ae7f035c5d1a51a2f 7158 libs optional imlib2_1.5.0-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlqgRhNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkVVAP/RT4RB++KsKBYIgfM5kpjgHa9kRTaNTNSCuF DUfj+Uu0UOl4cxsmOaMZ6TeKJe2HgZadvwJ3m6pNRiOxBkQq2p2WcRGE3y9tyqDm q3+IRBKOVUCyIqA0pCVyyFESmVDDxLKASXtMJDeNbJeIr9MYgfPVWMzjNYrHSY3r CDsNlQGKL6/tvuVbe6cooZ8tjNwzA+zE8U17w5wmJtYmrBrMgYVF7PzxvUP+yU3S NTx32BjVsBKuCedRqizGqyNnHhD/IUa7yzrFQBGYjZufQUQoNUpb4RphV2CSaYug JaTqMMsQexW6X02OOdIAONJEGWcCzaNfGP3MmovX6oON8DYTrQu7OStVGlPfXyap x7g/Yt5f6f+Hg/sCAa5CLbcqSJLuIyFcqrZ+FTXboia48iN5FVwTY4abwa/26g1R VZPRDal6XDFAz75DIMmum8kxJlKAe9YobeQ9T5d1SycucQnkcW+yZ4jJewsfSdOh 413F/G8Z0FI3yX4nszmEDlpt1yR7Bi8+va2z1jpQggbtb1Ejpy0as74o1TBPhPX5 wx6OLA41WHt21SVBeckIsQ6ShjJ7vAQmdbRiy0FnWv5olBef+dETjK4rPV6FVPvW l0EnzZHNRv3eqBf0BU1YpSJenf7jc5dDx6a0k/BS8HIQATRTfXogmDZqaHBFdUFx WhpLGkiU =BXam -----END PGP SIGNATURE-----
--- End Message ---
