Bug#856118: unblock: graphicsmagick

Laszlo Boszormenyi (GCS) Sat, 25 Feb 2017 02:48:32 -0800

Package: release.debian.org
User: release.debian....@packages.debian.org
Usertags: unblock


Hi Release Team,

Upstream of GraphicsMagick, Bob Friesenhahn reported its vulnerability
when reading (heap buffer overread) CMYKA TIFF files[1].

The fix is small and the debdiff is attached for your convenience.
Please unblock and let it migrate to Stretch.

Thanks,
Laszlo/GCS
[1] http://www.openwall.com/lists/oss-security/2017/02/24/1

diff -Nru graphicsmagick-1.3.25/debian/changelog graphicsmagick-1.3.25/debian/changelog
--- graphicsmagick-1.3.25/debian/changelog	2016-12-25 15:42:18.000000000 +0100
+++ graphicsmagick-1.3.25/debian/changelog	2017-02-24 20:17:41.000000000 +0100
@@ -1,3 +1,9 @@
+graphicsmagick (1.3.25-8) unstable; urgency=high
+
+  * Backport security fix for out of bounds access when reading CMYKA tiff.
+
+ -- Laszlo Boszormenyi (GCS) <g...@debian.org>  Fri, 24 Feb 2017 19:17:41 +0000
+
 graphicsmagick (1.3.25-7) unstable; urgency=medium
 
   * Add hack to build self-tests on mips* architectures.
diff -Nru graphicsmagick-1.3.25/debian/patches/Fix_out_of_bounds_access_when_reading_CMYKA_tiff.patch graphicsmagick-1.3.25/debian/patches/Fix_out_of_bounds_access_when_reading_CMYKA_tiff.patch
--- graphicsmagick-1.3.25/debian/patches/Fix_out_of_bounds_access_when_reading_CMYKA_tiff.patch	1970-01-01 01:00:00.000000000 +0100
+++ graphicsmagick-1.3.25/debian/patches/Fix_out_of_bounds_access_when_reading_CMYKA_tiff.patch	2017-02-24 20:17:41.000000000 +0100
@@ -0,0 +1,70 @@
+# HG changeset patch
+# User Bob Friesenhahn <bfrie...@graphicsmagick.org>
+# Date 1487905610 21600
+#      Thu Feb 23 21:06:50 2017 -0600
+# Node ID 6156b4c2992d855ece6079653b3b93c3229fc4b8
+# Parent  0392c4305a4369984ec8069055acc470c0a73647
+Fix out of bounds access when reading CMYKA tiff which claims wrong samples/pixel.
+
+diff -r 0392c4305a43 -r 6156b4c2992d ChangeLog
+--- a/ChangeLog	Sun Jan 29 10:04:57 2017 -0600
++++ b/ChangeLog	Thu Feb 23 21:06:50 2017 -0600
+@@ -1,3 +1,10 @@
++2017-02-23  Bob Friesenhahn  <bfrie...@simple.dallas.tx.us>
++
++	* coders/tiff.c (QuantumTransferMode): Fix out of bounds
++	read/write when reading CMYKA TIFF which claims to have only 2
++	samples per pixel.  Problem was reported via email on February 15,
++	2017 by Valon Chu.
++
+ 2016-10-21 Glenn Randers-Pehrson  <glen...@simple.dallas.tx.us>
+ 
+ 	*coders/png.c (ReadOneJNGImage): Enforce spec requirement that the
+diff -r 0392c4305a43 -r 6156b4c2992d coders/tiff.c
+--- a/coders/tiff.c	Sun Jan 29 10:04:57 2017 -0600
++++ b/coders/tiff.c	Thu Feb 23 21:06:50 2017 -0600
+@@ -1230,8 +1230,8 @@
+                   case 0:
+                     if (samples_per_pixel == 1)
+                       *quantum_type=GrayQuantum;
+-                      else
+-                        *quantum_type=RedQuantum;
++                    else
++                      *quantum_type=RedQuantum;
+                     break;
+                   case 1:
+                     *quantum_type=GreenQuantum;
+@@ -1411,12 +1411,12 @@
+               }
+             else
+               {
+-                if (image->matte)
++                if (image->matte && samples_per_pixel >= 5)
+                   {
+                     *quantum_type=CMYKAQuantum;
+                     *quantum_samples=5;
+                   }
+-                else
++                else if (samples_per_pixel >= 4)
+                   {
+                     *quantum_type=CMYKQuantum;
+                     *quantum_samples=4;
+diff -r 0392c4305a43 -r 6156b4c2992d www/Changelog.html
+--- a/www/Changelog.html	Sun Jan 29 10:04:57 2017 -0600
++++ b/www/Changelog.html	Thu Feb 23 21:06:50 2017 -0600
+@@ -35,6 +35,15 @@
+ <div class="document">
+ 
+ 
++<p>2017-02-23  Bob Friesenhahn  &lt;<a class="reference external" href="mailto:bfriesen&#37;&#52;&#48;simple&#46;dallas&#46;tx&#46;us">bfriesen<span>&#64;</span>simple<span>&#46;</span>dallas<span>&#46;</span>tx<span>&#46;</span>us</a>&gt;</p>
++<blockquote>
++<ul class="simple">
++<li>coders/tiff.c (QuantumTransferMode): Fix out of bounds
++read/write when reading CMYKA TIFF which claims to have only 2
++samples per pixel.  Problem was reported via email on February 15,
++2017 by Valon Chu.</li>
++</ul>
++</blockquote>
+ <p>2016-10-21 Glenn Randers-Pehrson  &lt;<a class="reference external" href="mailto:glennrp&#37;&#52;&#48;simple&#46;dallas&#46;tx&#46;us">glennrp<span>&#64;</span>simple<span>&#46;</span>dallas<span>&#46;</span>tx<span>&#46;</span>us</a>&gt;</p>
+ <blockquote>
+ <p>*coders/png.c (ReadOneJNGImage): Enforce spec requirement that the
diff -Nru graphicsmagick-1.3.25/debian/patches/series graphicsmagick-1.3.25/debian/patches/series
--- graphicsmagick-1.3.25/debian/patches/series	2016-12-25 15:42:18.000000000 +0100
+++ graphicsmagick-1.3.25/debian/patches/series	2017-02-24 20:17:41.000000000 +0100
@@ -8,3 +8,4 @@
 CVE-2016-8684.patch
 CVE-2016-9830.patch
 mips_link_fix.patch
+Fix_out_of_bounds_access_when_reading_CMYKA_tiff.patch

Bug#856118: unblock: graphicsmagick

Reply via email to