Bug#946185: stretch-pu: package fig2dev/1:3.2.6a-2+deb9u3

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#946185: stretch-pu: package fig2dev/1:3.2.6a-2+deb9u3
From: Roland Rosenfeld <roland@spinnaker.de>
Date: Wed, 4 Dec 2019 22:52:52 +0100
Message-id: <[🔎] 20191204215252.r5euoyr4xu2i66z5@dinghy.sail.spinnaker.de>
Reply-to: Roland Rosenfeld <roland@spinnaker.de>, 946185@bugs.debian.org

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu

This fixes CVE-2019-19555 in stretch.  Since this is tagged
"unimportant" by the security team on
https://security-tracker.debian.org/tracker/CVE-2019-19555 they won't
publish a DSA, so I tend to send this into the next point release of
buster.

Attached you'll find the diff against 3.2.6a-2+deb9u2.

Greetings
Roland

diff -Nru fig2dev-3.2.6a/debian/changelog fig2dev-3.2.6a/debian/changelog
--- fig2dev-3.2.6a/debian/changelog	2019-07-27 10:22:45.000000000 +0200
+++ fig2dev-3.2.6a/debian/changelog	2019-12-04 22:22:00.000000000 +0100
@@ -1,3 +1,10 @@
+fig2dev (1:3.2.6a-2+deb9u3) stretch; urgency=medium
+
+  * 41_CVE-2019-19555: Allow Fig v2 text strings ending with multiple ^A.
+    This fixes CVE-2019-19555.  Closes (#946176).
+
+ -- Roland Rosenfeld <roland@debian.org>  Wed, 04 Dec 2019 22:22:00 +0100
+
 fig2dev (1:3.2.6a-2+deb9u2) stretch; urgency=medium
 
   * 40_circle_arrowhead: Do not segfault on circle/half circle arrowheads
diff -Nru fig2dev-3.2.6a/debian/patches/41_CVE-2019-19555.patch fig2dev-3.2.6a/debian/patches/41_CVE-2019-19555.patch
--- fig2dev-3.2.6a/debian/patches/41_CVE-2019-19555.patch	1970-01-01 01:00:00.000000000 +0100
+++ fig2dev-3.2.6a/debian/patches/41_CVE-2019-19555.patch	2019-12-04 22:22:00.000000000 +0100
@@ -0,0 +1,27 @@
+From: Thomas Loimer <thomas.loimer@tuwien.ac.at>
+Date:   Wed Dec 4 17:56:04 2019 +0100
+Bug: https://sourceforge.net/p/mcj/tickets/55
+Bug-Debian: https://bugs.debian.org/946176
+Origin: https://sourceforge.net/p/mcj/fig2dev/ci/19db5fe6f77ebad91af4b4ef0defd61bd0bb358f/
+Subject: Allow Fig v2 text strings ending with multiple ^A.
+ This fixes CVE-2019-19555
+
+--- a/fig2dev/read.c
++++ b/fig2dev/read.c
+@@ -3,6 +3,7 @@
+  * Copyright (c) 1991 by Micah Beck
+  * Parts Copyright (c) 1985-1988 by Supoj Sutanthavibul
+  * Parts Copyright (c) 1989-2002 by Brian V. Smith
++ * Parts Copyright (c) 2015-2019 by Thomas Loimer
+  *
+  * Any party obtaining a copy of these files is granted, free of charge, a
+  * full and unrestricted irrevocable, world-wide, paid up, royalty-free,
+@@ -1223,7 +1224,7 @@ read_textobject(FILE *fp)
+ 		If we do not find the CONTROL-A on this line then this must
+ 		be a multi-line text object and we will have to read more. */
+ 
+-	    n = sscanf(buf,"%*d%d%d%lf%d%d%d%lf%d%lf%lf%d%d%[^\1]%[\1]",
++	    n = sscanf(buf,"%*d%d%d%lf%d%d%d%lf%d%lf%lf%d%d%[^\1]%1[\1]",
+ 		&t->type, &t->font, &t->size, &t->pen,
+ 		&t->color, &t->depth, &t->angle,
+ 		&t->flags, &t->height, &t->length,
diff -Nru fig2dev-3.2.6a/debian/patches/series fig2dev-3.2.6a/debian/patches/series
--- fig2dev-3.2.6a/debian/patches/series	2019-07-27 10:22:45.000000000 +0200
+++ fig2dev-3.2.6a/debian/patches/series	2019-12-04 22:22:00.000000000 +0100
@@ -5,3 +5,4 @@
 31_input_sanitizing.patch
 32_fill-style-overflow.patch
 40_circle_arrowhead.patch
+41_CVE-2019-19555.patch

Reply to:

Follow-Ups:
- Processed: Re: Bug#946185: stretch-pu: package fig2dev/1:3.2.6a-2+deb9u3
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#946185: stretch-pu: package fig2dev/1:3.2.6a-2+deb9u3
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Bug#946185: fig2dev 3.2.6a-2+deb9u3 flagged for acceptance
  - From: Adam D Barratt <adam@adam-barratt.org.uk>

Prev by Date: Bug#946184: buster-pu: package fig2dev/1:3.2.7a-5+deb10u2
Next by Date: Bug#946184: buster-pu: package fig2dev/1:3.2.7a-5+deb10u2
Previous by thread: Processed: fig2dev 3.2.7a-5+deb10u2 flagged for acceptance
Next by thread: Processed: Re: Bug#946185: stretch-pu: package fig2dev/1:3.2.6a-2+deb9u3
Index(es):
- Date
- Thread