Bug#996695: marked as done (buster-pu: package plib/plib_1.8.5-8+deb10u1)

Sat, 26 Mar 2022 05:18:43 -0700 

Your message dated Sat, 26 Mar 2022 12:02:22 +0000
with message-id 
<540de30a27d37c3ff416b94b1adf7ff2a2cab257.ca...@adam-barratt.org.uk>
and subject line Closing requests for updates in 10.12
has caused the Debian Bug report #996695,
regarding buster-pu: package plib/plib_1.8.5-8+deb10u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
996695: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=996695
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian....@packages.debian.org
Usertags: pu

Anton Gladky <gl...@debian.org>
  
Anhänge15:17 (vor 1 Minute)
  
an Debian; Bcc: gladk
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian....@packages.debian.org
Usertags: pu

Dear release team,

the plib versioned 1.8.5-8+deb10u1 is prepared for the bullseye next
stable release.

[ Reason ]
This upload fixes a security issue CVE-2021-38714.

[ Impact ]
It should not have any impact on end users.

[ Tests ]
Salsa-ci is employed to check main package characteristics
https://salsa.debian.org/debian/plib/-/pipelines/303704

[ Risks ]
No risks are known.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
See attached diff. Sanitized values check is implemented.

Best regards

Anton

diff -Nru plib-1.8.5/debian/changelog plib-1.8.5/debian/changelog
--- plib-1.8.5/debian/changelog 2017-07-24 21:24:48.000000000 +0200
+++ plib-1.8.5/debian/changelog 2021-10-17 14:56:13.000000000 +0200
@@ -1,3 +1,10 @@
+plib (1.8.5-8+deb10u1) buster; urgency=medium
+
+  * Prevent integer overflow in ssgLoadTGA() function. CVE-2021-38714
+    (Closes: #992973)
+
+ -- Anton Gladky <gl...@debian.org>  Sun, 17 Oct 2021 14:56:13 +0200
+
 plib (1.8.5-8) unstable; urgency=medium
 
   * QA upload.
diff -Nru plib-1.8.5/debian/.gitlab-ci.yml plib-1.8.5/debian/.gitlab-ci.yml
--- plib-1.8.5/debian/.gitlab-ci.yml    1970-01-01 01:00:00.000000000 +0100
+++ plib-1.8.5/debian/.gitlab-ci.yml    2021-10-17 14:56:13.000000000 +0200
@@ -0,0 +1,7 @@
+include:
+  - 
https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml
+
+variables:
+  RELEASE: 'buster'
+  SALSA_CI_COMPONENTS: 'main contrib non-free'
+  SALSA_CI_DISABLE_REPROTEST: 1
diff -Nru plib-1.8.5/debian/patches/08_CVE-2021-38714.patch 
plib-1.8.5/debian/patches/08_CVE-2021-38714.patch
--- plib-1.8.5/debian/patches/08_CVE-2021-38714.patch   1970-01-01 
01:00:00.000000000 +0100
+++ plib-1.8.5/debian/patches/08_CVE-2021-38714.patch   2021-10-10 
15:14:22.000000000 +0200
@@ -0,0 +1,64 @@
+Description: Prevent integer overflow in ssgLoadTGA() function. CVE-2021-38714
+Author: Anton Gladky <gl...@debian.org>
+Bug-Debian: https://bugs.debian.org/992973
+Last-Update: 2021-10-02
+
+Index: plib/src/ssg/ssgLoadTGA.cxx
+===================================================================
+--- plib.orig/src/ssg/ssgLoadTGA.cxx
++++ plib/src/ssg/ssgLoadTGA.cxx
+@@ -23,6 +23,7 @@
+ 
+ 
+ #include "ssgLocal.h"
++#include <new>
+ 
+ #ifdef SSG_LOAD_TGA_SUPPORTED
+ 
+@@ -103,9 +104,9 @@ bool ssgLoadTGA ( const char *fname, ssg
+ 
+     // image info
+     int type = header[2];
+-    int xsize = get16u(header + 12);
+-    int ysize = get16u(header + 14);
+-    int bits  = header[16];
++    unsigned int xsize = get16u(header + 12);
++    unsigned int ysize = get16u(header + 14);
++    unsigned int bits  = header[16];
+ 
+     /* image types:
+      *
+@@ -169,9 +170,32 @@ bool ssgLoadTGA ( const char *fname, ssg
+     }
+ 
+ 
++    const auto bytes_to_allocate = (bits / 8) * xsize * ysize;
++
++    ulSetError( UL_DEBUG, "bytes_to_allocate=%ld xsize = %ld, ysize = %ld, 
%ld == %ld ", bytes_to_allocate, xsize, ysize, bytes_to_allocate / xsize, 
(ysize * (bits / 8)));
++    
++    if (xsize != 0 && ((ysize * (bits / 8)) != bytes_to_allocate / xsize))
++    {
++      ulSetError( UL_WARNING, "Integer overflow in image size: xsize = %d, 
ysize = %d", xsize, ysize);
++          return false;
++    }
++    else
++    {
++        ulSetError( UL_DEBUG, "ssgLoadTGA: Allocating %ld bytes for the size 
%d x %d", bytes_to_allocate, xsize, ysize );
++    }
++
+     // read image data
+ 
+-    GLubyte *image = new GLubyte [ (bits / 8) * xsize * ysize ];
++    GLubyte *image;
++    try
++    {
++        image = new GLubyte [ bytes_to_allocate ];
++    }
++    catch (const std::bad_alloc&)
++    {
++        ulSetError( UL_WARNING, "ssgLoadTGA:  Allocation of %d bytes 
failed!", bytes_to_allocate);
++          return false;
++    }
+ 
+     if ((type & 8) != 0) 
+     {
diff -Nru plib-1.8.5/debian/patches/series plib-1.8.5/debian/patches/series
--- plib-1.8.5/debian/patches/series    2017-07-24 20:11:17.000000000 +0200
+++ plib-1.8.5/debian/patches/series    2021-10-02 13:24:19.000000000 +0200
@@ -6,3 +6,4 @@
 06_spelling_errors.diff
 05_CVE-2012-4552.diff
 07_dont_break_joystick_system_calibration.diff
+08_CVE-2021-38714.patch

--- End Message ---
--- Begin Message --- 
Package: release.debian.org
Version: 10.12

Hi,

The updates referenced in these requests were included in oldstable as
part of today's 10.12 point release.

Regards,

Adam

--- End Message ---

Reply via email to