[Pkg-fonts-devel] Bug#605537: marked as done (CVE-2010-4259: fontforge: buffer overflow when parsing CHARSET_REGISTRY header of .BDF files)
Your message dated Tue, 07 Dec 2010 08:47:25 +0000
with message-id <E1PPtCn-0006jY-9t@franck.debian.org>
and subject line Bug#605537: fixed in fontforge 0.0.20100501-4
has caused the Debian Bug report #605537,
regarding CVE-2010-4259: fontforge: buffer overflow when parsing CHARSET_REGISTRY header of .BDF files
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
605537: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605537
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: fontforge: buffer overflow when opening .BDF files
- From: Ulrik Persson <ddefrostt@gmail.com>
- Date: Wed, 1 Dec 2010 00:17:39 +0100
- Message-id: <AANLkTinkZVKzwKA=OdVxX0s0FP1MZNGaurWyVLk2fd=S@mail.gmail.com>
Subject: fontforge: buffer overflow when opening .BDF files
Package: fontforge
Version: 0.0.20100501-2
Severity: important
Tags: security
Hello,
I have found a buffer overflow in fontforge when opening .BDF files. It is
a stack-based buffer overflow with full control over EIP, and it occurs
when parsing too long "CHARSET_REGISTRY" lines.
To reproduce, start fontforge with the attached example file as a parameter,
or start fontforge and then open the same file in the graphical interface.
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages fontforge depends on:
ii libc6 2.11.2-7 Embedded GNU C Library: Shared lib
ii libcairo2 1.8.10-6 The Cairo 2D vector graphics libra
ii libfontconfig1 2.8.0-2.1 generic font configuration library
ii libfontforge1 0.0.20100501-2 font editor - runtime library
ii libfreetype6 2.4.2-2.1 FreeType 2 font engine, shared lib
ii libgdraw4 0.0.20100501-2 font editor - runtime graphics and
ii libgif4 4.1.6-9 library for GIF images (library)
ii libglib2.0-0 2.24.2-1 The GLib library of C routines
ii libice6 2:1.0.6-2 X11 Inter-Client Exchange library
ii libjpeg62 6b1-1 The Independent JPEG Group's JPEG
ii libpango1.0-0 1.28.3-1 Layout and rendering of internatio
ii libpng12-0 1.2.44-1 PNG library - runtime
ii libpython2.6 2.6.6-6 Shared Python runtime library (ver
ii libsm6 2:1.1.1-1 X11 Session Management library
ii libspiro0 20071029-2 a library for curve design
ii libtiff4 3.9.4-5 Tag Image File Format (TIFF) libra
ii libuninameslist0 0.0.20091231-1 a library of Unicode annotation da
ii libx11-6 2:1.3.3-4 X11 client-side library
ii libxft2 2.1.14-2 FreeType-based font drawing librar
ii libxml2 2.7.8.dfsg-1 GNOME XML library
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
fontforge recommends no packages.
Versions of packages fontforge suggests:
pn autotrace <none> (no description available)
pn fontforge-doc <none> (no description available)
pn fontforge-extras <none> (no description available)
pn potrace <none> (no description available)
pn python-fontforge <none> (no description available)
-- no debconf information
--
Ulrik | Underground Stockholm | http://underground-stockholm.com/
STARTFONT 2.1
FONT -gnu-unifont-medium-r-normal--16-160-75-75-c-80-iso10646-1
SIZE 16 75 75
CHARSET_REGISTRY AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
FONTBOUNDINGBOX 16 16 0 -2
STARTPROPERTIES 2
FONT_ASCENT 14
FONT_DESCENT 2
ENDPROPERTIES
CHARS 1
STARTCHAR U+0041
ENCODING 65
SWIDTH 500 0
DWIDTH 8 0
BBX 8 16 0 -2
BITMAP
00
00
00
00
18
24
24
42
42
7E
42
42
42
42
00
00
ENDCHAR
ENDFONT
--- End Message ---
--- Begin Message ---
Source: fontforge
Source-Version: 0.0.20100501-4
We believe that the bug you reported is fixed in the latest version of
fontforge, which is due to be installed in the Debian FTP archive:
fontforge-nox_0.0.20100501-4_amd64.deb
to main/f/fontforge/fontforge-nox_0.0.20100501-4_amd64.deb
fontforge_0.0.20100501-4.debian.tar.gz
to main/f/fontforge/fontforge_0.0.20100501-4.debian.tar.gz
fontforge_0.0.20100501-4.dsc
to main/f/fontforge/fontforge_0.0.20100501-4.dsc
fontforge_0.0.20100501-4_amd64.deb
to main/f/fontforge/fontforge_0.0.20100501-4_amd64.deb
libfontforge-dev_0.0.20100501-4_amd64.deb
to main/f/fontforge/libfontforge-dev_0.0.20100501-4_amd64.deb
libfontforge1_0.0.20100501-4_amd64.deb
to main/f/fontforge/libfontforge1_0.0.20100501-4_amd64.deb
libgdraw4_0.0.20100501-4_amd64.deb
to main/f/fontforge/libgdraw4_0.0.20100501-4_amd64.deb
python-fontforge_0.0.20100501-4_amd64.deb
to main/f/fontforge/python-fontforge_0.0.20100501-4_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 605537@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Rogério Brito <rbrito@ime.usp.br> (supplier of updated fontforge package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 07 Dec 2010 04:12:04 -0200
Source: fontforge
Binary: fontforge fontforge-nox libfontforge-dev libfontforge1 libgdraw4 python-fontforge
Architecture: source amd64
Version: 0.0.20100501-4
Distribution: unstable
Urgency: high
Maintainer: Debian Fonts Task Force <pkg-fonts-devel@lists.alioth.debian.org>
Changed-By: Rogério Brito <rbrito@ime.usp.br>
Description:
fontforge - font editor
fontforge-nox - font editor - non-X version
libfontforge-dev - font editor - runtime library (development files)
libfontforge1 - font editor - runtime library
libgdraw4 - font editor - runtime graphics and widget library
python-fontforge - font editor - Python bindings
Closes: 605537
Changes:
fontforge (0.0.20100501-4) unstable; urgency=high
.
* Urgency high due to a security fix.
* debian/patches:
+ grab patch from https://bugzilla.redhat.com/attachment.cgi?id=464658
Fixes: CVE-2010-4259, Closes: #605537.
Checksums-Sha1:
fdf3a18842bc7ca5ec4f103aa9ccc47a25a3f39b 1797 fontforge_0.0.20100501-4.dsc
6ab4b5dfbdfa34b88060c122dec1f5ef1136acc2 22141 fontforge_0.0.20100501-4.debian.tar.gz
237dbd55e6d5db0a01e96e2fa49437e9bc2c8361 2333084 fontforge_0.0.20100501-4_amd64.deb
adacadf26bda6fdafd8052180f6da0b1b82ff978 1253486 fontforge-nox_0.0.20100501-4_amd64.deb
c49481ef9012be8180fc6e4cd95baf0782508e3b 132804 libfontforge-dev_0.0.20100501-4_amd64.deb
7c3c17840513bf413c21360a71dc254a94acb639 2567048 libfontforge1_0.0.20100501-4_amd64.deb
14e2f80511a3194cfb1276783f66e209502618f0 374322 libgdraw4_0.0.20100501-4_amd64.deb
dea1b190e67a293f91642afbe8bf365430b7b118 15184 python-fontforge_0.0.20100501-4_amd64.deb
Checksums-Sha256:
54e78381ab10965bd681a5ffdca3b45e04a7eb9b593fbbcfa2f99f04e146168b 1797 fontforge_0.0.20100501-4.dsc
2b42cea0c37a054c491b49b9ce09e1850cecaca299449d70ff58dcdadf464454 22141 fontforge_0.0.20100501-4.debian.tar.gz
1a2830d77aa2376d920608dea75c27faf03d515c2ca79ad5e92f2dc0c97f7d86 2333084 fontforge_0.0.20100501-4_amd64.deb
628cd04cc3a2da379b7ec01ff11bc4044beb9dec704a8e4cf2652e01ae7d598e 1253486 fontforge-nox_0.0.20100501-4_amd64.deb
8cfb7c25e9c99b56d61044b7c45b3f34d90125c3e6acf1bc74ffdfff5fe8b06c 132804 libfontforge-dev_0.0.20100501-4_amd64.deb
33ac1568c58c745b4b181f1e5a1127a70c0eb42badaeb303717c0d865be75494 2567048 libfontforge1_0.0.20100501-4_amd64.deb
c80908c716643da97eb0a0a35b1219724acc9f1a1a9e62a44a1aa6368fdff3d0 374322 libgdraw4_0.0.20100501-4_amd64.deb
79b2e865da6f42c6f13b6a2f1b29a536bba1973d6ddf5db5db2e152859a370bb 15184 python-fontforge_0.0.20100501-4_amd64.deb
Files:
e24d4fcb6d2de9812e66d9c1c0275b17 1797 fonts optional fontforge_0.0.20100501-4.dsc
84e58e353367da534f95ef314c890439 22141 fonts optional fontforge_0.0.20100501-4.debian.tar.gz
216551bc0c7c00981c65a16df6cbea88 2333084 fonts optional fontforge_0.0.20100501-4_amd64.deb
d6a069f2176b6c6bc904512adedd2065 1253486 fonts optional fontforge-nox_0.0.20100501-4_amd64.deb
cb5aea07afe46cf4888e43cb2a70ca7b 132804 libdevel optional libfontforge-dev_0.0.20100501-4_amd64.deb
5202f12b44bdb1300d0a1e514dd79cc1 2567048 libs optional libfontforge1_0.0.20100501-4_amd64.deb
2cc952fafae917210ff7c25668bbb808 374322 libs optional libgdraw4_0.0.20100501-4_amd64.deb
66afd3abb0749397b51e38f2d16490e0 15184 python optional python-fontforge_0.0.20100501-4_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkz965UACgkQCFqbMnwsrrh+ywCfZUZ/IZQ/FTqpoaT4D75274to
V70An38TaiX53HtdE+/Zv/0xRtfasjZ9
=uWVa
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: