Please allow cups 1.3.8-1lenny4 into testing (CVE-2008-5286)

To: debian-release@lists.debian.org
Cc: security@debian.org
Subject: Please allow cups 1.3.8-1lenny4 into testing (CVE-2008-5286)
From: Martin Pitt <mpitt@debian.org>
Date: Mon, 1 Dec 2008 17:42:30 -0800
Message-id: <[🔎] 20081202014230.GH6485@piware.de>
Mail-followup-to: Martin Pitt <mpitt@debian.org>, debian-release@lists.debian.org, security@debian.org

Hello release team,

I just uploaded a new cups which fixes a security bug, adds a CVE to
the 1.3.8-1 changelog, and nothing else. Please allow it into testing.

Steffen Joeris kindly took the task to provide an upload for
etch-security.

Thanks,

Martin

-- 
Martin Pitt                        | http://www.piware.de
Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)

diff -u cups-1.3.8/debian/changelog cups-1.3.8/debian/changelog
--- cups-1.3.8/debian/changelog
+++ cups-1.3.8/debian/changelog
@@ -1,3 +1,11 @@
+cups (1.3.8-1lenny4) unstable; urgency=high
+
+  * High urgency due to security bug fix.
+  * Add png-image-int-overflow.dpatch: Fix integer overflow in the PNG image
+    reader (Closes: #507183, STR #2974, CVE-2008-5286)
+
+ -- Martin Pitt <mpitt@debian.org>  Mon, 01 Dec 2008 17:33:18 -0800
+
 cups (1.3.8-1lenny3) unstable; urgency=medium
 
   * Urgency medium because of RC bug fix.
@@ -67,6 +75,7 @@
 
   * New upstream release: some 20 bug fixes, no new features (see
     http://www.cups.org/articles.php?L562 for details).
+    - Fixes remote DoS through RSS subscriptions. (CVE-2008-5184)
   * Dropped patches, accepted upstream:
     - empty_option_value_crash.dpatch
     - CVE-2008-1722.dpatch
diff -u cups-1.3.8/debian/patches/00list cups-1.3.8/debian/patches/00list
--- cups-1.3.8/debian/patches/00list
+++ cups-1.3.8/debian/patches/00list
@@ -10,6 +10,7 @@
 freebsd.dpatch
 hpgl-regression.dpatch
 runloop-backchannel-eof-spin.dpatch
+png-image-int-overflow.dpatch
 
 # patches sent upstream
 pidfile.dpatch
only in patch2:
unchanged:
--- cups-1.3.8.orig/debian/patches/png-image-int-overflow.dpatch
+++ cups-1.3.8/debian/patches/png-image-int-overflow.dpatch
@@ -0,0 +1,28 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## png-image-int-overflow.dpatch by Martin Pitt <mpitt@debian.org>
+##
+## DP: Fix integer overflow in the PNG image reader.
+## DP: (Debian #507183, STR #2974)
+
+@DPATCH@
+diff -urNad trunk~/filter/image-png.c trunk/filter/image-png.c
+--- trunk~/filter/image-png.c	2008-07-12 00:48:49.000000000 +0200
++++ trunk/filter/image-png.c	2008-12-01 08:32:01.000000000 +0100
+@@ -178,7 +178,7 @@
+     {
+       bufsize = img->xsize * img->ysize;
+ 
+-      if ((bufsize / img->ysize) != img->xsize)
++      if ((bufsize / img->xsize) != img->ysize)
+       {
+ 	fprintf(stderr, "DEBUG: PNG image dimensions (%ux%u) too large!\n",
+ 		(unsigned)width, (unsigned)height);
+@@ -190,7 +190,7 @@
+     {
+       bufsize = img->xsize * img->ysize * 3;
+ 
+-      if ((bufsize / (img->ysize * 3)) != img->xsize)
++      if ((bufsize / (img->xsize * 3)) != img->ysize)
+       {
+ 	fprintf(stderr, "DEBUG: PNG image dimensions (%ux%u) too large!\n",
+ 		(unsigned)width, (unsigned)height);

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: Please allow cups 1.3.8-1lenny4 into testing (CVE-2008-5286)
  - From: Adeodato Simó <dato@net.com.org.es>

Prev by Date: Re: Request for freeze exception: apt-cacher-ng
Next by Date: Re: jabber-irc and python-xmpp blocked by freeze
Previous by thread: Re: Request for freeze exception: apt-cacher-ng
Next by thread: Re: Please allow cups 1.3.8-1lenny4 into testing (CVE-2008-5286)
Index(es):
- Date
- Thread