Hi Mattia, I prepared a new security update for libpodofo in Wheezy. You indicated that you would like to review the patches. Please find attached the debdiff between the current version in Wheezy and the latest update. Regards, Markus
diff -Nru libpodofo-0.9.0/debian/changelog libpodofo-0.9.0/debian/changelog
--- libpodofo-0.9.0/debian/changelog 2017-04-29 20:35:06.000000000 +0200
+++ libpodofo-0.9.0/debian/changelog 2017-05-30 13:34:15.000000000 +0200
@@ -1,3 +1,14 @@
+libpodofo (0.9.0-1.1+deb7u2) wheezy-security; urgency=high
+
+ * Non-maintainer upload by the LTS team.
+ * Fix CVE-2017-6840, CVE-2017-6842, CVE-2017-6843, CVE-2017-6847,
+ CVE-2017-6848, CVE-2017-7378, CVE-2017-7380, CVE-2017-7381, CVE-2017-7382
+ and CVE-2017-7383.
+ Remote attackers could cause a denial of service (application crash) or
+ other unspecified impact via crafted PDF documents.
+
+ -- Markus Koschany <apo@debian.org> Tue, 30 May 2017 13:34:15 +0200
+
libpodofo (0.9.0-1.1+deb7u1) wheezy-security; urgency=high
* Non-maintainer upload by the LTS team.
diff -Nru libpodofo-0.9.0/debian/patches/CVE-2017-6840.patch libpodofo-0.9.0/debian/patches/CVE-2017-6840.patch
--- libpodofo-0.9.0/debian/patches/CVE-2017-6840.patch 1970-01-01 01:00:00.000000000 +0100
+++ libpodofo-0.9.0/debian/patches/CVE-2017-6840.patch 2017-05-30 13:34:15.000000000 +0200
@@ -0,0 +1,31 @@
+From: Markus Koschany <apo@debian.org>
+Date: Mon, 29 May 2017 21:14:12 +0200
+Subject: CVE-2017-6840
+
+This patch also fixes CVE-2017-6842 and CVE-2017-6843
+
+Bug-Debian: https://bugs.debian.org/861557
+Origin: http://sourceforge.net/p/podofo/code/1844
+Origin: http://sourceforge.net/p/podofo/code/1845
+---
+ tools/podofocolor/colorchanger.cpp | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/tools/podofocolor/colorchanger.cpp b/tools/podofocolor/colorchanger.cpp
+index 121f91e..9e9e35e 100644
+--- a/tools/podofocolor/colorchanger.cpp
++++ b/tools/podofocolor/colorchanger.cpp
+@@ -181,6 +181,13 @@ void ColorChanger::ReplaceColorsInPage( PdfCanvas* pPage )
+ int nNumArgs = pInfo->nNumArguments;
+ EPdfColorSpace eColorSpace;
+
++ if( pInfo->nNumArguments > 0 && args.size() != static_cast<size_t>( pInfo->nNumArguments ) )
++ {
++ std::ostringstream oss;
++ oss << "Expected " << pInfo->nNumArguments << " argument(s) for keyword '" << pszKeyword << "', but " << args.size() << " given instead.";
++ PODOFO_RAISE_ERROR_INFO( ePdfError_InvalidContentStream, oss.str().c_str() );
++ }
++
+ switch( pInfo->eKeywordType )
+ {
+ case eKeyword_GraphicsStack_Push:
diff -Nru libpodofo-0.9.0/debian/patches/CVE-2017-6847.patch libpodofo-0.9.0/debian/patches/CVE-2017-6847.patch
--- libpodofo-0.9.0/debian/patches/CVE-2017-6847.patch 1970-01-01 01:00:00.000000000 +0100
+++ libpodofo-0.9.0/debian/patches/CVE-2017-6847.patch 2017-05-30 13:34:15.000000000 +0200
@@ -0,0 +1,28 @@
+From: Markus Koschany <apo@debian.org>
+Date: Tue, 30 May 2017 12:52:53 +0200
+Subject: CVE-2017-6847
+
+This patch also fixes CVE-2017-6848.
+
+Bug-Debian: https://bugs.debian.org/861564
+Origin: http://sourceforge.net/p/podofo/code/1846
+---
+ src/doc/PdfXObject.cpp | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/doc/PdfXObject.cpp b/src/doc/PdfXObject.cpp
+index 211fb7f..b563698 100644
+--- a/src/doc/PdfXObject.cpp
++++ b/src/doc/PdfXObject.cpp
+@@ -158,8 +158,10 @@ PdfXObject::PdfXObject( PdfObject* pObject )
+
+ m_pResources = pObject->GetIndirectKey( "Resources" );
+ m_Identifier = PdfName( out.str().c_str() );
+- m_rRect = PdfRect( this->GetObject()->GetIndirectKey( "BBox" )->GetArray() );
+ m_Reference = this->GetObject()->Reference();
++
++ if( this->GetObject()->GetIndirectKey( "BBox" ) )
++ m_rRect = PdfRect( this->GetObject()->GetIndirectKey( "BBox" )->GetArray() );
+ }
+
+ void PdfXObject::InitXObject( const PdfRect & rRect, const char* pszPrefix )
diff -Nru libpodofo-0.9.0/debian/patches/CVE-2017-7378.patch libpodofo-0.9.0/debian/patches/CVE-2017-7378.patch
--- libpodofo-0.9.0/debian/patches/CVE-2017-7378.patch 1970-01-01 01:00:00.000000000 +0100
+++ libpodofo-0.9.0/debian/patches/CVE-2017-7378.patch 2017-05-30 13:34:15.000000000 +0200
@@ -0,0 +1,44 @@
+From: Markus Koschany <apo@debian.org>
+Date: Tue, 30 May 2017 12:56:49 +0200
+Subject: CVE-2017-7378
+
+Bug-Debian: https://bugs.debian.org/859330
+Origin: http://sourceforge.net/p/podofo/code/1847
+---
+ src/doc/PdfPainter.cpp | 15 +++++++++++++--
+ 1 file changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/src/doc/PdfPainter.cpp b/src/doc/PdfPainter.cpp
+index 642259d..6241b13 100644
+--- a/src/doc/PdfPainter.cpp
++++ b/src/doc/PdfPainter.cpp
+@@ -1711,16 +1711,27 @@ PdfString PdfPainter::ExpandTabs( const PdfString & rsString, pdf_long lStringLe
+ const pdf_utf16be cTab = 0x0900;
+ const pdf_utf16be cSpace = 0x2000;
+
++ if( lStringLen == -1 )
++ lStringLen = rsString.GetCharacterLength();
++
++ if (lStringLen > rsString.GetCharacterLength())
++ {
++ PdfError::DebugMessage( "Requested to expand tabs in string of %" PDF_FORMAT_INT64 " chars, while it has only %" PDF_FORMAT_INT64 "; correcting the value\n",
++ static_cast<pdf_int64>( lStringLen ), static_cast<pdf_int64>(rsString.GetCharacterLength() ) );
++
++ lStringLen = rsString.GetCharacterLength();
++ }
++
+ // count the number of tabs in the string
+ if( bUnicode )
+ {
+- for( i=0;i<=lStringLen;i++ )
++ for( i=0;i<lStringLen;i++ )
+ if( rsString.GetUnicode()[i] == cTab )
+ ++nTabCnt;
+ }
+ else
+ {
+- for( i=0;i<=lStringLen;i++ )
++ for( i=0;i<lStringLen;i++ )
+ if( rsString.GetString()[i] == '\t' )
+ ++nTabCnt;
+ }
diff -Nru libpodofo-0.9.0/debian/patches/CVE-2017-7380.patch libpodofo-0.9.0/debian/patches/CVE-2017-7380.patch
--- libpodofo-0.9.0/debian/patches/CVE-2017-7380.patch 1970-01-01 01:00:00.000000000 +0100
+++ libpodofo-0.9.0/debian/patches/CVE-2017-7380.patch 2017-05-30 13:34:15.000000000 +0200
@@ -0,0 +1,25 @@
+From: Markus Koschany <apo@debian.org>
+Date: Tue, 30 May 2017 13:01:53 +0200
+Subject: CVE-2017-7380
+
+This patch also fixes CVE-2017-7381, CVE-2017-7382 and CVE-2017-7383.
+
+Bug-Debian: https://bugs.debian.org/859329
+Origin: http://sourceforge.net/p/podofo/code/1848
+---
+ src/doc/PdfPage.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/doc/PdfPage.cpp b/src/doc/PdfPage.cpp
+index 23aa3c3..c00e5c9 100644
+--- a/src/doc/PdfPage.cpp
++++ b/src/doc/PdfPage.cpp
+@@ -601,7 +601,7 @@ PdfObject* PdfPage::GetFromResources( const PdfName & rType, const PdfName & rKe
+ // OC 15.08.2010 BugFix: Ghostscript creates here sometimes an indirect reference to a directory
+ // PdfObject* pType = m_pResources->GetDictionary().GetKey( rType );
+ PdfObject* pType = m_pResources->GetIndirectKey( rType );
+- if( pType->IsDictionary() && pType->GetDictionary().HasKey( rKey ) )
++ if( pType && pType->IsDictionary() && pType->GetDictionary().HasKey( rKey ) )
+ {
+ const PdfReference & ref = pType->GetDictionary().GetKey( rKey )->GetReference();
+ return this->GetObject()->GetOwner()->GetObject( ref );
diff -Nru libpodofo-0.9.0/debian/patches/series libpodofo-0.9.0/debian/patches/series
--- libpodofo-0.9.0/debian/patches/series 2017-04-29 20:35:06.000000000 +0200
+++ libpodofo-0.9.0/debian/patches/series 2017-05-30 13:34:15.000000000 +0200
@@ -7,3 +7,7 @@
CVE-2017-5854.patch
CVE-2017-5886.patch
CVE-2017-7379.patch
+CVE-2017-6840.patch
+CVE-2017-6847.patch
+CVE-2017-7378.patch
+CVE-2017-7380.patch
Attachment:
signature.asc
Description: OpenPGP digital signature