Bug#1004268: marked as done (buster-pu: package libextractor/1:1.8-2+deb10u1)

Debian Bug Tracking System Sat, 26 Mar 2022 05:16:31 -0700

Your message dated Sat, 26 Mar 2022 12:02:22 +0000
with message-id 
<540de30a27d37c3ff416b94b1adf7ff2a2cab257.ca...@adam-barratt.org.uk>
and subject line Closing requests for updates in 10.12
has caused the Debian Bug report #1004268,
regarding buster-pu: package libextractor/1:1.8-2+deb10u1
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1004268: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004268
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian....@packages.debian.org
Usertags: pu
X-Debbugs-Cc: Daniel Baumann <daniel.baum...@progress-linux.org>, 
t...@security.debian.org

  * CVE-2019-15531: Invalid read for malformed DVI files.
    (Closes: #935553)

diff -Nru libextractor-1.8/debian/changelog libextractor-1.8/debian/changelog
--- libextractor-1.8/debian/changelog   2018-12-27 20:45:49.000000000 +0200
+++ libextractor-1.8/debian/changelog   2022-01-23 23:10:06.000000000 +0200
@@ -1,3 +1,11 @@
+libextractor (1:1.8-2+deb10u1) buster; urgency=medium
+
+  * Non-maintainer upload.
+  * CVE-2019-15531: Invalid read for malformed DVI files.
+    (Closes: #935553)
+
+ -- Adrian Bunk <b...@debian.org>  Sun, 23 Jan 2022 23:10:06 +0200
+
 libextractor (1:1.8-2) unstable; urgency=high
 
   * Fix out-of-bounds read vulnerability in common/convert.c (Closes: #917214,
diff -Nru libextractor-1.8/debian/patches/0001-fix-5846.patch 
libextractor-1.8/debian/patches/0001-fix-5846.patch
--- libextractor-1.8/debian/patches/0001-fix-5846.patch 1970-01-01 
02:00:00.000000000 +0200
+++ libextractor-1.8/debian/patches/0001-fix-5846.patch 2022-01-23 
23:09:09.000000000 +0200
@@ -0,0 +1,181 @@
+From aad7a7857b815175e70e2270115a3c8cb0445765 Mon Sep 17 00:00:00 2001
+From: Christian Grothoff <christ...@grothoff.org>
+Date: Fri, 23 Aug 2019 09:35:53 +0200
+Subject: fix #5846
+
+---
+ src/plugins/dvi_extractor.c | 88 +++++++++++++++++++------------------
+ 1 file changed, 45 insertions(+), 43 deletions(-)
+
+diff --git a/src/plugins/dvi_extractor.c b/src/plugins/dvi_extractor.c
+index 268b48c..e3aa450 100644
+--- a/src/plugins/dvi_extractor.c
++++ b/src/plugins/dvi_extractor.c
+@@ -1,6 +1,6 @@
+ /*
+      This file is part of libextractor.
+-     Copyright (C) 2002, 2003, 2004, 2012, 2017 Vidyut Samanta and Christian 
Grothoff
++     Copyright (C) 2002, 2003, 2004, 2012, 2017, 2019 Vidyut Samanta and 
Christian Grothoff
+ 
+      libextractor is free software; you can redistribute it and/or modify
+      it under the terms of the GNU General Public License as published
+@@ -182,6 +182,8 @@ EXTRACTOR_dvi_extract_method (struct 
EXTRACTOR_ExtractContext *ec)
+   size = ec->get_size (ec->cls);
+   if (size > 16 * 1024 * 1024)
+     return; /* too large */
++  if (klen + 15 > size)
++    return; /* malformed klen */
+   if (NULL == (data = malloc ((size_t) size)))
+     return; /* out of memory */
+   memcpy (data, buf, iret);
+@@ -189,16 +191,16 @@ EXTRACTOR_dvi_extract_method (struct 
EXTRACTOR_ExtractContext *ec)
+   while (off < size)
+     {
+       if (0 >= (iret = ec->read (ec->cls, &buf, 16 * 1024)))
+-      {
+-        free (data);
+-        return;
+-      }
++        {
++          free (data);
++          return;
++        }
+       memcpy (&data[off], buf, iret);
+       off += iret;
+     }
+   pos = size - 1;
+   while ( (223 == data[pos]) &&
+-        (pos > 0) )
++          (pos > 0) )
+     pos--;
+   if ( (2 != data[pos]) ||
+        (pos < 40) )
+@@ -225,9 +227,9 @@ EXTRACTOR_dvi_extract_method (struct 
EXTRACTOR_ExtractContext *ec)
+         break;
+       if ( (pos + 45 > size) ||
+          (pos + 45 < pos) )
+-      goto CLEANUP;
++        goto CLEANUP;
+       if (data[pos] != 139)     /* expect 'bop' */
+-      goto CLEANUP;
++        goto CLEANUP;
+       pageCount++;
+       opos = pos;
+       pos = getIntAt (&data[opos + 41]);
+@@ -238,24 +240,24 @@ EXTRACTOR_dvi_extract_method (struct 
EXTRACTOR_ExtractContext *ec)
+     }
+   /* ok, now we believe it's a dvi... */
+   snprintf (pages,
+-          sizeof (pages),
+-          "%u", 
+-          pageCount);
++            sizeof (pages),
++            "%u", 
++            pageCount);
+   if (0 != ec->proc (ec->cls, 
+-                   "dvi",
+-                   EXTRACTOR_METATYPE_PAGE_COUNT,
+-                   EXTRACTOR_METAFORMAT_UTF8,
+-                   "text/plain",
+-                   pages,
+-                   strlen (pages) + 1))
++                     "dvi",
++                     EXTRACTOR_METATYPE_PAGE_COUNT,
++                     EXTRACTOR_METAFORMAT_UTF8,
++                     "text/plain",
++                     pages,
++                     strlen (pages) + 1))
+     goto CLEANUP;
+   if (0 != ec->proc (ec->cls, 
+-                   "dvi",
+-                   EXTRACTOR_METATYPE_MIMETYPE,
+-                   EXTRACTOR_METAFORMAT_UTF8,
+-                   "text/plain",
+-                   "application/x-dvi",
+-                   strlen ("application/x-dvi") + 1))
++                     "dvi",
++                     EXTRACTOR_METATYPE_MIMETYPE,
++                     EXTRACTOR_METAFORMAT_UTF8,
++                     "text/plain",
++                     "application/x-dvi",
++                     strlen ("application/x-dvi") + 1))
+     goto CLEANUP;
+   {
+     char comment[klen + 1];
+@@ -263,18 +265,18 @@ EXTRACTOR_dvi_extract_method (struct 
EXTRACTOR_ExtractContext *ec)
+     comment[klen] = '\0';
+     memcpy (comment, &data[15], klen);
+     if (0 != ec->proc (ec->cls, 
+-                     "dvi",
+-                     EXTRACTOR_METATYPE_COMMENT,
+-                     EXTRACTOR_METAFORMAT_C_STRING,
+-                     "text/plain",
+-                     comment,
+-                     klen + 1))
++                       "dvi",
++                       EXTRACTOR_METATYPE_COMMENT,
++                       EXTRACTOR_METAFORMAT_C_STRING,
++                       "text/plain",
++                       comment,
++                       klen + 1))
+       goto CLEANUP;
+   }
+   /* try to find PDF/ps special */
+   pos = opos;
+   while ( (size >= 100) &&
+-        (pos < size - 100) )
++          (pos < size - 100) )
+     {
+       switch (data[pos])
+         {
+@@ -284,34 +286,34 @@ EXTRACTOR_dvi_extract_method (struct 
EXTRACTOR_ExtractContext *ec)
+           break;
+         case 239:              /* zzz1 */
+           len = data[pos + 1];
+-          if (pos + 2 + len < size)
+-            if (0 != parseZZZ ((const char *) data, pos + 2, len, ec->proc, 
ec->cls))
+-            goto CLEANUP;
++          if ( (pos + 2 + len < size) &&
++               (0 != parseZZZ ((const char *) data, pos + 2, len, ec->proc, 
ec->cls)) )
++              goto CLEANUP;
+           pos += len + 2;
+           break;
+         case 240:              /* zzz2 */
+           len = getShortAt (&data[pos + 1]);
+-          if (pos + 3 + len < size)
+-            if (0 != parseZZZ ((const char *) data, pos + 3, len, ec->proc, 
ec->cls))
+-            goto CLEANUP;
++          if ( (pos + 3 + len < size) &&
++               (0 != parseZZZ ((const char *) data, pos + 3, len, ec->proc, 
ec->cls)) )
++            goto CLEANUP;
+           pos += len + 3;
+           break;
+         case 241:              /* zzz3, who uses that? */
+           len = (getShortAt (&data[pos + 1])) + 65536 * data[pos + 3];
+-          if (pos + 4 + len < size)
+-            if (0 != parseZZZ ((const char *) data, pos + 4, len, ec->proc, 
ec->cls))
+-            goto CLEANUP;
++          if ( (pos + 4 + len < size) &&
++               (0 != parseZZZ ((const char *) data, pos + 4, len, ec->proc, 
ec->cls)) )
++              goto CLEANUP;
+           pos += len + 4;
+           break;
+         case 242:              /* zzz4, hurray! */
+           len = getIntAt (&data[pos + 1]);
+-          if (pos + 1 + len < size)
+-            if (0 != parseZZZ ((const char *) data, pos + 5, len, ec->proc, 
ec->cls))
+-            goto CLEANUP;
++          if ( (pos + 1 + len < size) &&
++               (0 != parseZZZ ((const char *) data, pos + 5, len, ec->proc, 
ec->cls)) )
++            goto CLEANUP;
+           pos += len + 5;
+           break;
+         default:               /* unsupported opcode, abort scan */
+-        goto CLEANUP;
++          goto CLEANUP;
+         }
+     }
+  CLEANUP:
+-- 
+2.20.1
+
diff -Nru libextractor-1.8/debian/patches/series 
libextractor-1.8/debian/patches/series
--- libextractor-1.8/debian/patches/series      2018-12-27 12:24:49.000000000 
+0200
+++ libextractor-1.8/debian/patches/series      2022-01-23 23:09:50.000000000 
+0200
@@ -1,2 +1,3 @@
 CVE-2018-20430.patch
 CVE-2018-20431.patch
+0001-fix-5846.patch

--- End Message ---

--- Begin Message ---

Package: release.debian.org
Version: 10.12

Hi,

The updates referenced in these requests were included in oldstable as
part of today's 10.12 point release.

Regards,

Adam

--- End Message ---

Bug#1004268: marked as done (buster-pu: package libextractor/1:1.8-2+deb10u1)

Reply via email to