Re: Patch proposal for CVE-2017-6960 in Wheezy (/Jessie)
Hi Hugo
I have reviewed your code and it looks good to me. I do not know this
library very well however so may have overlooked something. But the
checks looks ok.
What I'm not sure of is the break statement, but I guess you have
control over that part.
Have you tested that the solution work against some test image that
breaked it in earlier version?
Have you done any form of regression test?
Best regards
// Ola
On 25 May 2017 at 17:01, Hugo Lefeuvre <hle@debian.org> wrote:
> Hi,
>
> I have prepared a patch for apng2gif 1.5.
>
> Testing did not reveal any problem, but I'm sure it can still be
> improved.
>
> Could anybody take a look at it ?
>
> Debdiff for wheezy is in attachment (a test package for wheezy is also
> available here[0]).
>
> This patch should also fix the issue in Jessie, but I did not test it.
> I can build a test package if needed.
>
> Cheers,
> Hugo
>
> [0] https://people.debian.org/~hle/lts/apng2gif_1.5-1+deb7u1_amd64.changes
>
> --
> Hugo Lefeuvre (hle) | www.owl.eu.com
> 4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E
--
--- Inguza Technology AB --- MSc in Information Technology ----
/ ola@inguza.com Folkebogatan 26 \
| opal@debian.org 654 68 KARLSTAD |
| http://inguza.com/ Mobile: +46 (0)70-332 1551 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------
Reply to: