Bug#787692: release.debian.org: jessie-pu: package ufraw/0.20-2+deb8u1

Wed, 03 Jun 2015 20:36:58 -0700 

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian....@packages.debian.org
Usertags: pu

I have fixed the security issue below for ufraw.  The security team has
marked the issue as no-dsa, but has suggested that it be fixed via
jessie-pu.

Here is an interdiff between the current jessie version and the updated
version:

diff -u ufraw-0.20/dcraw.cc ufraw-0.20/dcraw.cc
--- ufraw-0.20/dcraw.cc
+++ ufraw-0.20/dcraw.cc
@@ -934,8 +934,7 @@
 
 int CLASS ljpeg_start (struct jhead *jh, int info_only)
 {
-  int c, tag;
-  ushort len;
+  int c, tag, len;
   uchar data[0x10000];
   const uchar *dp;
 
@@ -946,9 +945,8 @@
   do {
     fread (data, 2, 2, ifp);
     tag =  data[0] << 8 | data[1];
-    len = (data[2] << 8 | data[3]);
-    if (tag <= 0xff00 || len <= 2) return 0;
-    len -= 2;
+    len = (data[2] << 8 | data[3]) - 2;
+    if (tag <= 0xff00) return 0;
     fread (data, 1, len, ifp);
     switch (tag) {
       case 0xffc3:
diff -u ufraw-0.20/debian/changelog ufraw-0.20/debian/changelog
--- ufraw-0.20/debian/changelog
+++ ufraw-0.20/debian/changelog
@@ -1,11 +1,3 @@
-ufraw (0.20-2+deb8u1) jessie-security; urgency=high
-
-  * dcraw.cc: Apply patch from
-    https://bugzilla.redhat.com/attachment.cgi?id=1027072&action=diff to
-    prevent buffer overflow in ljpeg_start (Closes: #786783, CVE-2015-3885)
-
- -- Hubert Chathi <uho...@debian.org>  Tue, 26 May 2015 14:44:00 -0400
-
 ufraw (0.20-2) unstable; urgency=low
 
   * ufraw-gimp.c: Apply upstream patch: Only use


On Mon, 25 May 2015 16:40:00 +0200, Salvatore Bonaccorso <car...@debian.org> 
said:

> the following vulnerability was published for ufraw.

> CVE-2015-3885[0]: | Integer overflow in the ljpeg_start function in
> dcraw 7.00 and earlier | allows remote attackers to cause a denial of
> service (crash) via a | crafted image, which triggers a buffer
> overflow, related to the len | variable.


-- System Information:
Debian Release: 7.2
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'oldstable-updates'), (500, 'unstable'), 
(500, 'testing'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.17-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/87h9qow4q6....@desiato.home.uhoreg.ca

Reply via email to