Hello release team, I just uploaded a new cups which fixes a security bug, adds a CVE to the 1.3.8-1 changelog, and nothing else. Please allow it into testing. Steffen Joeris kindly took the task to provide an upload for etch-security. Thanks, Martin -- Martin Pitt | http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)
diff -u cups-1.3.8/debian/changelog cups-1.3.8/debian/changelog --- cups-1.3.8/debian/changelog +++ cups-1.3.8/debian/changelog @@ -1,3 +1,11 @@ +cups (1.3.8-1lenny4) unstable; urgency=high + + * High urgency due to security bug fix. + * Add png-image-int-overflow.dpatch: Fix integer overflow in the PNG image + reader (Closes: #507183, STR #2974, CVE-2008-5286) + + -- Martin Pitt <mpitt@debian.org> Mon, 01 Dec 2008 17:33:18 -0800 + cups (1.3.8-1lenny3) unstable; urgency=medium * Urgency medium because of RC bug fix. @@ -67,6 +75,7 @@ * New upstream release: some 20 bug fixes, no new features (see http://www.cups.org/articles.php?L562 for details). + - Fixes remote DoS through RSS subscriptions. (CVE-2008-5184) * Dropped patches, accepted upstream: - empty_option_value_crash.dpatch - CVE-2008-1722.dpatch diff -u cups-1.3.8/debian/patches/00list cups-1.3.8/debian/patches/00list --- cups-1.3.8/debian/patches/00list +++ cups-1.3.8/debian/patches/00list @@ -10,6 +10,7 @@ freebsd.dpatch hpgl-regression.dpatch runloop-backchannel-eof-spin.dpatch +png-image-int-overflow.dpatch # patches sent upstream pidfile.dpatch only in patch2: unchanged: --- cups-1.3.8.orig/debian/patches/png-image-int-overflow.dpatch +++ cups-1.3.8/debian/patches/png-image-int-overflow.dpatch @@ -0,0 +1,28 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## png-image-int-overflow.dpatch by Martin Pitt <mpitt@debian.org> +## +## DP: Fix integer overflow in the PNG image reader. +## DP: (Debian #507183, STR #2974) + +@DPATCH@ +diff -urNad trunk~/filter/image-png.c trunk/filter/image-png.c +--- trunk~/filter/image-png.c 2008-07-12 00:48:49.000000000 +0200 ++++ trunk/filter/image-png.c 2008-12-01 08:32:01.000000000 +0100 +@@ -178,7 +178,7 @@ + { + bufsize = img->xsize * img->ysize; + +- if ((bufsize / img->ysize) != img->xsize) ++ if ((bufsize / img->xsize) != img->ysize) + { + fprintf(stderr, "DEBUG: PNG image dimensions (%ux%u) too large!\n", + (unsigned)width, (unsigned)height); +@@ -190,7 +190,7 @@ + { + bufsize = img->xsize * img->ysize * 3; + +- if ((bufsize / (img->ysize * 3)) != img->xsize) ++ if ((bufsize / (img->xsize * 3)) != img->ysize) + { + fprintf(stderr, "DEBUG: PNG image dimensions (%ux%u) too large!\n", + (unsigned)width, (unsigned)height);
Attachment:
signature.asc
Description: Digital signature