Your message dated Sat, 26 Mar 2022 12:02:22 +0000
with message-id
<540de30a27d37c3ff416b94b1adf7ff2a2cab257.ca...@adam-barratt.org.uk>
and subject line Closing requests for updates in 10.12
has caused the Debian Bug report #998042,
regarding buster-pu: package jbig2dec/0.16-1+deb10u1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
998042: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998042
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian....@packages.debian.org
Usertags: pu
The attached debdiff for jbig2dec fixes CVE-2020-12268 in Buster.
This CVE is marked as no-dsa by the security team.
The patch just adds some checks to prevent an overflow, so the risk
should be small. The testsuite of the package showed no errors.
Thorsten
diff -Nru jbig2dec-0.16/debian/changelog jbig2dec-0.16/debian/changelog
--- jbig2dec-0.16/debian/changelog 2019-04-07 17:52:08.000000000 +0200
+++ jbig2dec-0.16/debian/changelog 2021-10-24 19:03:02.000000000 +0200
@@ -1,3 +1,12 @@
+jbig2dec (0.16-1+deb10u1) buster; urgency=high
+
+ * Team upload (printing and LTS)
+ * CVE-2020-12268
+ avoid overflow with extreme values of x,y,w,h in function
+ jbig2_image_compose()
+
+ -- Thorsten Alteholz <deb...@alteholz.de> Sun, 24 Oct 2021 19:03:02 +0200
+
jbig2dec (0.16-1) unstable; urgency=high
[ upstream ]
diff -Nru jbig2dec-0.16/debian/patches/CVE-2020-12268.patch
jbig2dec-0.16/debian/patches/CVE-2020-12268.patch
--- jbig2dec-0.16/debian/patches/CVE-2020-12268.patch 1970-01-01
01:00:00.000000000 +0100
+++ jbig2dec-0.16/debian/patches/CVE-2020-12268.patch 2021-10-24
19:03:02.000000000 +0200
@@ -0,0 +1,41 @@
+commit 0726320a4b55078e9d8deb590e477d598b3da66e
+Author: Robin Watts <robin.wa...@artifex.com>
+Date: Mon Jan 27 10:12:24 2020 -0800
+
+ Fix OSS-Fuzz issue 20332: buffer overflow in jbig2_image_compose.
+
+ With extreme values of x/y/w/h we can get overflow. Test for this
+ and exit safely.
+
+ Thanks for OSS-Fuzz for reporting.
+
+Index: jbig2dec-0.16/jbig2_image.c
+===================================================================
+--- jbig2dec-0.16.orig/jbig2_image.c 2021-10-25 15:53:32.254308657 +0200
++++ jbig2dec-0.16/jbig2_image.c 2021-10-25 16:10:42.074548650 +0200
+@@ -33,6 +33,9 @@
+ #if !defined (INT32_MAX)
+ #define INT32_MAX 0x7fffffff
+ #endif
++#if !defined (UINT32_MAX)
++#define UINT32_MAX 0xffffffffu
++#endif
+
+ /* allocate a Jbig2Image structure and its associated bitmap */
+ Jbig2Image *
+@@ -258,6 +261,15 @@
+ if (src == NULL)
+ return 0;
+
++ if ((UINT32_MAX - src->width < (x > 0 ? x : -x)) ||
++ (UINT32_MAX - src->height < (y > 0 ? y : -y)))
++ {
++#ifdef JBIG2_DEBUG
++ jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, -1, "overflow in
compose_image");
++#endif
++ return 0;
++ }
++
+ /* The optimized code for the OR operator below doesn't
+ handle the source image partially placed outside the
+ destination (above and/or to the left). The affected
diff -Nru jbig2dec-0.16/debian/patches/series
jbig2dec-0.16/debian/patches/series
--- jbig2dec-0.16/debian/patches/series 2019-03-25 09:49:08.000000000 +0100
+++ jbig2dec-0.16/debian/patches/series 2021-10-24 19:03:02.000000000 +0200
@@ -1,3 +1,5 @@
1001_ignore_python_test.patch
1004_extract_infile_from_autogen-sh.patch
2001_disable_memento.patch
+
+CVE-2020-12268.patch
--- End Message ---
--- Begin Message ---
Package: release.debian.org
Version: 10.12
Hi,
The updates referenced in these requests were included in oldstable as
part of today's 10.12 point release.
Regards,
Adam
--- End Message ---
