Bug#839927: jessie-pu: package rawtherapee/4.2-1+deb8u1
Control: tags -1 + pending On Sat, 2016-10-08 at 21:11 +0100, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Fri, 2016-10-07 at 00:26 +0200, Philip Rinn wrote: > > Sorry, I didn't attach the debdiff, it was only a 'git diff ...' Now I > > attached > > the real debdiff. > > Please go ahead. Uploaded and flagged for acceptance. Regards, Adam
Bug#839927: jessie-pu: package rawtherapee/4.2-1+deb8u1
Control: tags -1 + confirmed On Fri, 2016-10-07 at 00:26 +0200, Philip Rinn wrote: > Sorry, I didn't attach the debdiff, it was only a 'git diff ...' Now I > attached > the real debdiff. Please go ahead. Regards, Adam
Bug#839927: jessie-pu: package rawtherapee/4.2-1+deb8u1
Sorry, I didn't attach the debdiff, it was only a 'git diff ...' Now I attached the real debdiff. Best, Philip diff -Nru rawtherapee-4.2/debian/changelog rawtherapee-4.2/debian/changelog --- rawtherapee-4.2/debian/changelog2015-06-09 20:45:39.0 +0200 +++ rawtherapee-4.2/debian/changelog2016-10-06 12:36:00.0 +0200 @@ -1,3 +1,10 @@ +rawtherapee (4.2-1+deb8u2) jessie; urgency=high + + * Add patch debian/patches/03-fix-overflow-in-dcraw.patch: +- Fix buffer overflow in dcraw (CVE-2015-8366) + + -- Philip Rinn Thu, 06 Oct 2016 12:36:00 +0200 + rawtherapee (4.2-1+deb8u1) jessie; urgency=high * Add patch debian/patches/02-fix_CVE-2015-3885.patch: diff -Nru rawtherapee-4.2/debian/patches/03-fix-overflow-in-dcraw.patch rawtherapee-4.2/debian/patches/03-fix-overflow-in-dcraw.patch --- rawtherapee-4.2/debian/patches/03-fix-overflow-in-dcraw.patch 1970-01-01 01:00:00.0 +0100 +++ rawtherapee-4.2/debian/patches/03-fix-overflow-in-dcraw.patch 2016-10-06 12:35:26.0 +0200 @@ -0,0 +1,18 @@ +Author: Hubert Chathi +Description: Fix buffer overflow in dcraw (CVE-2015-8366) +Origin: https://vcs.uhoreg.ca/git/cgit/debpkg-ufraw/commit/?id=54688b5896b39003becdfee3c803c58c94f14df3 +Last-update: 2016-10-06 +--- a/rtengine/dcraw.cc b/rtengine/dcraw.cc +@@ -3221,7 +3221,10 @@ + diff = diff ? -diff : 0x80; + if (ftell(ifp) + 12 >= seg[1][1]) + diff = 0; +-raw_image[pix] = pred[pix & 1] += diff; ++if(pix>=raw_width*raw_height) ++ derror(); ++else ++ raw_image[pix] = pred[pix & 1] += diff; + if (!(pix & 1) && HOLE(pix / raw_width)) pix += 2; + } + maximum = 0xff; diff -Nru rawtherapee-4.2/debian/patches/series rawtherapee-4.2/debian/patches/series --- rawtherapee-4.2/debian/patches/series 2015-05-14 17:30:07.0 +0200 +++ rawtherapee-4.2/debian/patches/series 2016-10-06 12:35:47.0 +0200 @@ -1,2 +1,3 @@ 01-fix_build_race-condition.patch 02-fix_CVE-2015-3885.patch +03-fix-overflow-in-dcraw.patch signature.asc Description: OpenPGP digital signature
Bug#839927: jessie-pu: package rawtherapee/4.2-1+deb8u1
Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: pu Hi, rawtherapee is affected by the security issue CVE-2015-8366[1]. It's marked no- dsa that's why I want to coordinate the update with you. I attached the debdiff. Best, Philip [1] https://security-tracker.debian.org/tracker/CVE-2015-8366 diff --git a/debian/changelog b/debian/changelog index bbfd8e2..288c1b0 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +rawtherapee (4.2-1+deb8u2) jessie; urgency=high + + * Add patch debian/patches/03-fix-overflow-in-dcraw.patch: +- Fix buffer overflow in dcraw (CVE-2015-8366) + + -- Philip Rinn Thu, 06 Oct 2016 12:36:00 +0200 + rawtherapee (4.2-1+deb8u1) jessie; urgency=high * Add patch debian/patches/02-fix_CVE-2015-3885.patch: diff --git a/debian/patches/03-fix-overflow-in-dcraw.patch b/debian/patches/03-fix-overflow-in-dcraw.patch new file mode 100644 index 000..6f9a282 --- /dev/null +++ b/debian/patches/03-fix-overflow-in-dcraw.patch @@ -0,0 +1,18 @@ +Author: Hubert Chathi +Description: Fix buffer overflow in dcraw (CVE-2015-8366) +Origin: https://vcs.uhoreg.ca/git/cgit/debpkg-ufraw/commit/?id=54688b5896b39003becdfee3c803c58c94f14df3 +Last-update: 2016-10-06 +--- a/rtengine/dcraw.cc b/rtengine/dcraw.cc +@@ -3221,7 +3221,10 @@ + diff = diff ? -diff : 0x80; + if (ftell(ifp) + 12 >= seg[1][1]) + diff = 0; +-raw_image[pix] = pred[pix & 1] += diff; ++if(pix>=raw_width*raw_height) ++ derror(); ++else ++ raw_image[pix] = pred[pix & 1] += diff; + if (!(pix & 1) && HOLE(pix / raw_width)) pix += 2; + } + maximum = 0xff; diff --git a/debian/patches/series b/debian/patches/series index abb467d..4aa855a 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,2 +1,3 @@ 01-fix_build_race-condition.patch 02-fix_CVE-2015-3885.patch +03-fix-overflow-in-dcraw.patch