Bug#987376: marked as done (buster-pu: package leptonlib/1.76.0-1)

Debian Bug Tracking System Sat, 26 Mar 2022 05:18:21 -0700

Your message dated Sat, 26 Mar 2022 12:02:22 +0000
with message-id 
<540de30a27d37c3ff416b94b1adf7ff2a2cab257.ca...@adam-barratt.org.uk>
and subject line Closing requests for updates in 10.12
has caused the Debian Bug report #987376,
regarding buster-pu: package leptonlib/1.76.0-1
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
987376: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987376
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian....@packages.debian.org
Usertags: pu

The attached debdiff for leptonlib fixes five CVEs in Buster:
 - CVE-2020-36277
 - CVE-2020-36278
 - CVE-2020-36279
 - CVE-2020-36280
 - CVE-2020-36281

According to Moritz, they should have been marked as no-dsa by thesecurity team.


The fix has been uploaded to Jessie long time ago and nobody complained up

to now. It already made it to unstable and will soon migrate to testing.So Buster is the only release that is missing the patches.


  Thorsten

diff -Nru leptonlib-1.76.0/debian/changelog leptonlib-1.76.0/debian/changelog
--- leptonlib-1.76.0/debian/changelog   2018-05-10 21:47:10.000000000 +0200
+++ leptonlib-1.76.0/debian/changelog   2021-04-18 10:03:02.000000000 +0200
@@ -1,3 +1,24 @@
+leptonlib (1.76.0-1+deb10u1) buster; urgency=medium
+
+  * Non-maintainer upload by the LTS Team.
+    (Closes: #985089)
+  * CVE-2020-36277
+    denial of service (application crash) via an incorrect left
+    shift in pixConvert2To8 in pixconv.c
+  * CVE-2020-36278
+    heap-based buffer over-read in findNextBorderPixel in ccbord.c
+  * CVE-2020-36279
+    heap-based buffer over-read in rasteropGeneralLow, related to
+    adaptmap_reg.c and adaptmap.c
+  * CVE-2020-36280
+    heap-based buffer over-read in pixReadFromTiffStream, related
+    to tiffio.c.
+  * CVE-2020-36281
+    heap-based buffer over-read in pixFewColorsOctcubeQuantMixed
+    in colorquant1.c
+
+ -- Thorsten Alteholz <deb...@alteholz.de>  Sun, 18 Apr 2021 10:03:02 +0200
+
 leptonlib (1.76.0-1) unstable; urgency=medium
 
   * New upstream release
diff -Nru leptonlib-1.76.0/debian/patches/CVE-2020-36277.patch 
leptonlib-1.76.0/debian/patches/CVE-2020-36277.patch
--- leptonlib-1.76.0/debian/patches/CVE-2020-36277.patch        1970-01-01 
01:00:00.000000000 +0100
+++ leptonlib-1.76.0/debian/patches/CVE-2020-36277.patch        2021-04-18 
10:03:02.000000000 +0200
@@ -0,0 +1,39 @@
+Index: leptonlib-1.76.0/src/sel1.c
+===================================================================
+--- leptonlib-1.76.0.orig/src/sel1.c   2021-03-30 18:09:15.527294113 +0200
++++ leptonlib-1.76.0/src/sel1.c        2021-03-30 18:10:04.324105823 +0200
+@@ -1408,7 +1408,7 @@
+ SEL  *
+ selReadStream(FILE  *fp)
+ {
+-char    *selname;
++char     selname[256];
+ char     linebuf[L_BUFSIZE];
+ l_int32  sy, sx, cy, cx, i, j, version, ignore;
+ SEL     *sel;
+@@ -1425,17 +1425,14 @@
+ 
+     if (fgets(linebuf, L_BUFSIZE, fp) == NULL)
+         return (SEL *)ERROR_PTR("error reading into linebuf", procName, NULL);
+-    selname = stringNew(linebuf);
+     sscanf(linebuf, "  ------  %200s  ------", selname);
+ 
+     if (fscanf(fp, "  sy = %d, sx = %d, cy = %d, cx = %d\n",
+             &sy, &sx, &cy, &cx) != 4) {
+-        LEPT_FREE(selname);
+         return (SEL *)ERROR_PTR("dimensions not read", procName, NULL);
+     }
+ 
+     if ((sel = selCreate(sy, sx, selname)) == NULL) {
+-        LEPT_FREE(selname);
+         return (SEL *)ERROR_PTR("sel not made", procName, NULL);
+     }
+     selSetOrigin(sel, cy, cx);
+@@ -1448,7 +1445,6 @@
+     }
+     ignore = fscanf(fp, "\n");
+ 
+-    LEPT_FREE(selname);
+     return sel;
+ }
+ 
diff -Nru leptonlib-1.76.0/debian/patches/CVE-2020-36278.patch 
leptonlib-1.76.0/debian/patches/CVE-2020-36278.patch
--- leptonlib-1.76.0/debian/patches/CVE-2020-36278.patch        1970-01-01 
01:00:00.000000000 +0100
+++ leptonlib-1.76.0/debian/patches/CVE-2020-36278.patch        2021-04-18 
10:03:02.000000000 +0200
@@ -0,0 +1,13 @@
+Index: leptonlib-1.76.0/src/ccbord.c
+===================================================================
+--- leptonlib-1.76.0.orig/src/ccbord.c 2021-03-30 18:10:14.856275465 +0200
++++ leptonlib-1.76.0/src/ccbord.c      2021-03-30 18:10:14.848275336 +0200
+@@ -1077,6 +1077,8 @@
+         pos = (qpos + i) % 8;
+         npx = px + xpostab[pos];
+         npy = py + ypostab[pos];
++        if (npx < 0 || npx >= w || npy < 0 || npy >= h)
++            continue;
+         line = data + npy * wpl;
+         val = GET_DATA_BIT(line, npx);
+         if (val) {
diff -Nru leptonlib-1.76.0/debian/patches/CVE-2020-36279.patch 
leptonlib-1.76.0/debian/patches/CVE-2020-36279.patch
--- leptonlib-1.76.0/debian/patches/CVE-2020-36279.patch        1970-01-01 
01:00:00.000000000 +0100
+++ leptonlib-1.76.0/debian/patches/CVE-2020-36279.patch        2021-04-18 
10:03:02.000000000 +0200
@@ -0,0 +1,90 @@
+Index: leptonlib-1.76.0/prog/adaptmap_reg.c
+===================================================================
+--- leptonlib-1.76.0.orig/prog/adaptmap_reg.c  2021-03-30 18:10:19.724353961 
+0200
++++ leptonlib-1.76.0/prog/adaptmap_reg.c       2021-03-30 18:10:19.716353832 
+0200
+@@ -53,7 +53,7 @@
+ l_int32       w, h;
+ PIX          *pixs, *pixg, *pixim, *pixgm, *pixmi, *pix1, *pix2;
+ PIX          *pixmr, *pixmg, *pixmb, *pixmri, *pixmgi, *pixmbi;
+-PIXA         *pixa;
++PIXA         *pixa, *pixa2;
+ L_REGPARAMS  *rp;
+ 
+     if (regTestSetup(argc, argv, &rp))
+@@ -155,10 +155,31 @@
+     pixaAddPix(pixa, pix2, L_INSERT);
+     pixDestroy(&pixim);
+ 
++        /* Check pixFillMapHoles() */
++    pixa2 = pixaCreate(3);
++    pix1 = pixRead("weasel8.png");  /* use this as the map */
++    pixGammaTRC(pix1, pix1, 1.0, 0, 270);  /* darken white pixels */
++    pixaAddPix(pixa2, pix1, L_COPY);
++    pixGetDimensions(pix1, &w, &h, NULL);
++    pixRasterop(pix1, 0, 0, 5, h, PIX_SET, NULL, 0, 0);  /* add white holes */
++    pixRasterop(pix1, 20, 0, 2, h, PIX_SET, NULL, 0, 0);
++    pixRasterop(pix1, 40, 0, 3, h, PIX_SET, NULL, 0, 0);
++    pixRasterop(pix1, 0, 0, w, 3, PIX_SET, NULL, 0, 0);
++    pixRasterop(pix1, 0, 15, w, 3, PIX_SET, NULL, 0, 0);
++    pixRasterop(pix1, 0, 35, w, 2, PIX_SET, NULL, 0, 0);
++    pixaAddPix(pixa2, pix1, L_COPY);
++    pixFillMapHoles(pix1, w, h, L_FILL_WHITE);
++    pixaAddPix(pixa2, pix1, L_INSERT);
++    pix2 = pixaDisplayTiledInColumns(pixa2, 3, 1.0, 20, 1);
++    regTestWritePixAndCheck(rp, pix2, IFF_PNG);  /* 14 */
++    pixDisplayWithTitle(pix2, 50, 850, NULL, rp->display);
++    pixaDestroy(&pixa2);
++    pixDestroy(&pix2);
++    
+         /* Display results */
+     pix1 = pixaDisplayTiledAndScaled(pixa, 32, 400, 4, 0, 20, 2);
+     pixWrite("/tmp/lept/adapt/results.jpg", pix1, IFF_JFIF_JPEG);
+-    pixDisplayWithTitle(pix1, 100, 0, NULL, rp->display);
++    pixDisplayWithTitle(pix1, 50, 0, NULL, rp->display);
+     pixDestroy(&pix1);
+     pixaDestroy(&pixa);
+ 
+Index: leptonlib-1.76.0/src/adaptmap.c
+===================================================================
+--- leptonlib-1.76.0.orig/src/adaptmap.c       2021-03-30 18:10:19.724353961 
+0200
++++ leptonlib-1.76.0/src/adaptmap.c    2021-03-30 18:10:19.716353832 +0200
+@@ -1458,7 +1458,6 @@
+ l_int32   w, h, y, nmiss, goodcol, i, j, found, ival, valtest;
+ l_uint32  val, lastval;
+ NUMA     *na;  /* indicates if there is any data in the column */
+-PIX      *pixt;
+ 
+     PROCNAME("pixFillMapHoles");
+ 
+@@ -1510,7 +1509,6 @@
+ 
+     /* ---------- Fill in missing columns by replication ----------- */
+     if (nmiss > 0) {  /* replicate columns */
+-        pixt = pixCopy(NULL, pix);
+             /* Find the first good column */
+         goodcol = 0;
+         for (j = 0; j < w; j++) {
+@@ -1521,20 +1519,16 @@
+             }
+         }
+         if (goodcol > 0) {  /* copy cols backward */
+-            for (j = goodcol - 1; j >= 0; j--) {
+-                pixRasterop(pix, j, 0, 1, h, PIX_SRC, pixt, j + 1, 0);
+-                pixRasterop(pixt, j, 0, 1, h, PIX_SRC, pix, j, 0);
+-            }
++            for (j = goodcol - 1; j >= 0; j--)
++                pixRasterop(pix, j, 0, 1, h, PIX_SRC, pix, j + 1, 0);
+         }
+         for (j = goodcol + 1; j < w; j++) {   /* copy cols forward */
+             numaGetIValue(na, j, &ival);
+             if (ival == 0) {
+                     /* Copy the column to the left of j */
+-                pixRasterop(pix, j, 0, 1, h, PIX_SRC, pixt, j - 1, 0);
+-                pixRasterop(pixt, j, 0, 1, h, PIX_SRC, pix, j, 0);
++                pixRasterop(pix, j, 0, 1, h, PIX_SRC, pix, j - 1, 0);
+             }
+         }
+-        pixDestroy(&pixt);
+     }
+     if (w > nx) {  /* replicate the last column */
+         for (i = 0; i < h; i++) {
diff -Nru leptonlib-1.76.0/debian/patches/CVE-2020-36280.patch 
leptonlib-1.76.0/debian/patches/CVE-2020-36280.patch
--- leptonlib-1.76.0/debian/patches/CVE-2020-36280.patch        1970-01-01 
01:00:00.000000000 +0100
+++ leptonlib-1.76.0/debian/patches/CVE-2020-36280.patch        2021-04-18 
10:03:02.000000000 +0200
@@ -0,0 +1,22 @@
+Index: leptonlib-1.76.0/prog/dewarptest1.c
+===================================================================
+--- leptonlib-1.76.0.orig/prog/dewarptest1.c   2021-03-30 18:10:48.612820876 
+0200
++++ leptonlib-1.76.0/prog/dewarptest1.c        2021-03-30 18:10:48.604820746 
+0200
+@@ -48,6 +48,8 @@
+ 
+     setLeptDebugOK(1);
+     lept_mkdir("lept/model");
++    lept_rmdir("lept/dewmod");
++    lept_mkdir("lept/dewmod");
+ 
+ /*    pixs = pixRead("1555.007.jpg"); */
+     pixs = pixRead("cat.035.jpg");
+@@ -156,8 +158,6 @@
+                       "/tmp/lept/dewarptest1.pdf");
+     fprintf(stderr, "pdf file made: /tmp/lept/model/dewarptest1.pdf\n");
+ 
+-    lept_rmdir("lept/dewmod");
+-    lept_rmdir("lept/dewtest");
+     pixDestroy(&pixs);
+     pixDestroy(&pixn);
+     pixDestroy(&pixg);
diff -Nru leptonlib-1.76.0/debian/patches/CVE-2020-36281.patch 
leptonlib-1.76.0/debian/patches/CVE-2020-36281.patch
--- leptonlib-1.76.0/debian/patches/CVE-2020-36281.patch        1970-01-01 
01:00:00.000000000 +0100
+++ leptonlib-1.76.0/debian/patches/CVE-2020-36281.patch        2021-04-18 
10:03:02.000000000 +0200
@@ -0,0 +1,25 @@
+Index: leptonlib-1.76.0/src/colorquant1.c
+===================================================================
+--- leptonlib-1.76.0.orig/src/colorquant1.c    2021-03-30 18:13:27.799426670 
+0200
++++ leptonlib-1.76.0/src/colorquant1.c 2021-03-30 18:13:27.795426605 +0200
+@@ -3308,7 +3308,7 @@
+ l_int32    rval, gval, bval, val, minval, maxval;
+ l_int32   *lut;
+ l_uint32  *datac, *datam, *datad, *linec, *linem, *lined;
+-PIX       *pixc, *pixm, *pixg, *pixd;
++PIX       *pix1, *pixc, *pixm, *pixg, *pixd;
+ PIXCMAP   *cmap, *cmapd;
+ 
+     PROCNAME("pixFewColorsOctcubeQuantMixed");
+@@ -3325,8 +3325,10 @@
+     if (maxspan <= 2) maxspan = 15;
+ 
+         /* Start with a simple fixed octcube quantizer. */
+-    if ((pixc = pixFewColorsOctcubeQuant1(pixs, level)) == NULL)
++    if ((pix1 = pixFewColorsOctcubeQuant1(pixs, level)) == NULL)
+         return (PIX *)ERROR_PTR("too many colors", procName, NULL);
++    pixc = pixConvertTo8(pix1, 1);  /* must be 8 bpp */
++    pixDestroy(&pix1);
+ 
+         /* Identify and save color entries in the colormap.  Set up a LUT
+          * that returns -1 for any gray pixel. */
diff -Nru leptonlib-1.76.0/debian/patches/series 
leptonlib-1.76.0/debian/patches/series
--- leptonlib-1.76.0/debian/patches/series      2018-05-10 21:47:10.000000000 
+0200
+++ leptonlib-1.76.0/debian/patches/series      2021-04-18 10:03:02.000000000 
+0200
@@ -1 +1,5 @@
-
+CVE-2020-36277.patch
+CVE-2020-36278.patch
+CVE-2020-36279.patch
+CVE-2020-36281.patch
+CVE-2020-36280.patch

--- End Message ---

--- Begin Message ---

Package: release.debian.org
Version: 10.12

Hi,

The updates referenced in these requests were included in oldstable as
part of today's 10.12 point release.

Regards,

Adam

--- End Message ---

Bug#987376: marked as done (buster-pu: package leptonlib/1.76.0-1)

Reply via email to