Hi Bartosz,
On Sun, Mar 29, 2015 at 09:56:41PM +0200, Moritz Muehlenhoff wrote:
> On Thu, Mar 26, 2015 at 09:24:39AM +0100, Tomasz Buchert wrote:
> > Hi,
> > there is 1.12 available (but the patch above solves
> > the problem as well).
>
> This has been assigned CVE-2013-7437.
>
> Bartosz, can y
On Thu, Mar 26, 2015 at 09:24:39AM +0100, Tomasz Buchert wrote:
> Hi,
> there is 1.12 available (but the patch above solves
> the problem as well).
This has been assigned CVE-2013-7437.
Bartosz, can you please upload a fixed package to unstable?
Cheers,
Moritz
--
To UNSUBSCRIBE, email
Hi,
there is 1.12 available (but the patch above solves
the problem as well).
Tomasz
signature.asc
Description: Digital signature
Hey Peter,
I'm fine with your version of patch and noone else had objections so I
believe we can patch it your way.
Did you fix it upstream? I'm still seeing 1.11 as the latest release.
I can patch it only for Debian but I believe we should have it fixed for
every other distros / ways of distribu
Here's the patch that I am planning to apply upstream. Please comment
if you see anything wrong with it.
While the general idea is similar to Tomasz's patch, I've solved the
details a bit differently.
* I prefer to use ssize_t instead of unsigned long long int for memory
manipulations. Since s
I contacted upstream and he's willing to fix it in a different way.
He said that he should be able to work on it later this week.
regards
Bartek
W dniu 3/17/2015 o 8:24 AM, Tomasz Buchert pisze:
> Hi all, Moritz - did you take a look at my patch? I'd really like
> to have a second opinion on that
Hi all,
Moritz - did you take a look at my patch? I'd really like to have a
second opinion on that since it is fairly large for an NMU.
I attach NMU patch. Shall I upload it to DELAYED/5 or something like
that?
Cheers,
Tomasz
diff -Nru potrace-1.11/debian/changelog potrace-1.11/debian/changelog
-
On Tue, Feb 17, 2015 at 10:02:37PM +0100, Moritz Muehlenhoff wrote:
> Package: potrace
> Version: 1.11-2
> Severity: grave
> Tags: security
>
> Hi,
> please see https://bugzilla.redhat.com/show_bug.cgi?id=955808
> Could you report this upstream?
>
> A CVE ID has been requested, but not yet assign
Hi again (!),
I figured out that this will not work on architectures where
sizeof(long int) != 8 and/or sizeof(size_t) != 8, i386 for example.
The *next* patch makes sure that numbers passed to malloc() are not
overflowing size_t, and also uses *unsigned long long int* everywhere
which is guarant
Hi again,
here is slightly better patch.
Cheers,
Tomasz
From: Tomasz Buchert
Date: Sun, 1 Mar 2015 20:27:29 +0100
Subject: Fix multiple integer overflows.
Dimensions of a BMP file are signed, 4-byte integers. Therefore
the size of the image may be bigger than range of (int). This is fixed
in bi
On 17/02/15 22:02, Moritz Muehlenhoff wrote:
> Package: potrace
> Version: 1.11-2
> Severity: grave
> Tags: security
>
> Hi,
> please see https://bugzilla.redhat.com/show_bug.cgi?id=955808
> Could you report this upstream?
>
> A CVE ID has been requested, but not yet assigned:
> http://www.openwa
Package: potrace
Version: 1.11-2
Severity: grave
Tags: security
Hi,
please see https://bugzilla.redhat.com/show_bug.cgi?id=955808
Could you report this upstream?
A CVE ID has been requested, but not yet assigned:
http://www.openwall.com/lists/oss-security/2015/02/06/12
Cheers,
Moritz
-
12 matches
Mail list logo
