Bug#774235: marked as done (unblock: tiff/4.0.3-12)

To: Ivo De Decker <ivodd@debian.org>
Subject: Bug#774235: marked as done (unblock: tiff/4.0.3-12)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Tue, 30 Dec 2014 17:00:18 +0000
Message-id: <[🔎] handler.774235.D774235.141995859118790.ackdone@bugs.debian.org>
References: <20141230165613.GA19166@ugent.be> <[🔎] 20141230114442.0217813669.qww314159@soup.appiancorp.com>

Your message dated Tue, 30 Dec 2014 17:56:13 +0100
with message-id <20141230165613.GA19166@ugent.be>
and subject line Re: Bug#774235: unblock: tiff/4.0.3-12
has caused the Debian Bug report #774235,
regarding unblock: tiff/4.0.3-12
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
774235: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774235
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: unblock: tiff/4.0.3-12
From: Jay Berkenbilt <qjb@debian.org>
Date: Tue, 30 Dec 2014 11:44:42 -0500
Message-id: <[🔎] 20141230114442.0217813669.qww314159@soup.appiancorp.com>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package tiff

This is a narrowly targeted fix from upstream for CVE-2014-9330. It
changes only bmp2tiff, one of the tools that is part of libtiff-tools.
Although the bug was not created as RC, other similar bugs that only
affect tools in libtiff-tools have been classified as RC, and this fixes
a security issue with an assigned CVE number, so I think it would be
best if it goes through.

debdiff attached.

unblock tiff/4.0.3-12

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.14-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

diff -Nru tiff-4.0.3/debian/changelog tiff-4.0.3/debian/changelog
--- tiff-4.0.3/debian/changelog	2014-12-23 15:52:13.000000000 -0500
+++ tiff-4.0.3/debian/changelog	2014-12-30 11:32:33.000000000 -0500
@@ -1,3 +1,9 @@
+tiff (4.0.3-12) unstable; urgency=high
+
+  * Fix integer overflow in bmp2tiff. CVE-2014-9330. (Closes: #773987)
+
+ -- Jay Berkenbilt <qjb@debian.org>  Tue, 30 Dec 2014 11:32:04 -0500
+
 tiff (4.0.3-11) unstable; urgency=medium
 
   * Don't crash on JPEG => non-JPEG conversion (Closes: #741451)
diff -Nru tiff-4.0.3/debian/patches/CVE-2014-9330.patch tiff-4.0.3/debian/patches/CVE-2014-9330.patch
--- tiff-4.0.3/debian/patches/CVE-2014-9330.patch	1969-12-31 19:00:00.000000000 -0500
+++ tiff-4.0.3/debian/patches/CVE-2014-9330.patch	2014-12-30 11:32:33.000000000 -0500
@@ -0,0 +1,45 @@
+Description: CVE-2014-9330
+ Integer overflow in bmp2tiff
+Origin: upstream, http://bugzilla.maptools.org/show_bug.cgi?id=2494
+Bug: http://bugzilla.maptools.org/show_bug.cgi?id=2494
+Bug-Debian: http://bugs.debian.org/773987
+
+Index: tiff/tools/bmp2tiff.c
+===================================================================
+--- tiff.orig/tools/bmp2tiff.c
++++ tiff/tools/bmp2tiff.c
+@@ -1,4 +1,4 @@
+-/* $Id: bmp2tiff.c,v 1.23 2010-03-10 18:56:49 bfriesen Exp $
++/* $Id: bmp2tiff.c,v 1.24 2014-12-21 15:15:32 erouault Exp $
+  *
+  * Project:  libtiff tools
+  * Purpose:  Convert Windows BMP files in TIFF.
+@@ -403,6 +403,13 @@ main(int argc, char* argv[])
+ 
+ 		width = info_hdr.iWidth;
+ 		length = (info_hdr.iHeight > 0) ? info_hdr.iHeight : -info_hdr.iHeight;
++        if( width <= 0 || length <= 0 )
++        {
++            TIFFError(infilename,
++                  "Invalid dimensions of BMP file" );
++            close(fd);
++            return -1;
++        }
+ 
+ 		switch (info_hdr.iBitCount)
+ 		{
+@@ -593,6 +600,14 @@ main(int argc, char* argv[])
+ 
+ 			compr_size = file_hdr.iSize - file_hdr.iOffBits;
+ 			uncompr_size = width * length;
++            /* Detect int overflow */
++            if( uncompr_size / width != length )
++            {
++                TIFFError(infilename,
++                    "Invalid dimensions of BMP file" );
++                close(fd);
++                return -1;
++            }
+ 			comprbuf = (unsigned char *) _TIFFmalloc( compr_size );
+ 			if (!comprbuf) {
+ 				TIFFError(infilename,
diff -Nru tiff-4.0.3/debian/patches/series tiff-4.0.3/debian/patches/series
--- tiff-4.0.3/debian/patches/series	2014-12-23 15:52:13.000000000 -0500
+++ tiff-4.0.3/debian/patches/series	2014-12-30 11:32:33.000000000 -0500
@@ -7,3 +7,4 @@
 CVE-2013-4244.patch
 CVE-2013-4243.patch
 jpeg-colorspace.patch
+CVE-2014-9330.patch

--- End Message ---

--- Begin Message ---

To: Jay Berkenbilt <qjb@debian.org>, 774235-done@bugs.debian.org

Subject: Re: Bug#774235: unblock: tiff/4.0.3-12

From: Ivo De Decker <ivodd@debian.org>

Date: Tue, 30 Dec 2014 17:56:13 +0100

Message-id: <20141230165613.GA19166@ugent.be>

In-reply-to: <[🔎] 20141230114442.0217813669.qww314159@soup.appiancorp.com>

References: <[🔎] 20141230114442.0217813669.qww314159@soup.appiancorp.com>
Hi,

On Tue, Dec 30, 2014 at 11:44:42AM -0500, Jay Berkenbilt wrote:
> Please unblock package tiff

Unblocked.

Cheers,

Ivo
--- End Message ---

Reply to:

References:
- Bug#774235: unblock: tiff/4.0.3-12
  - From: Jay Berkenbilt <qjb@debian.org>

Prev by Date: Bug#774113: marked as done (unblock: fonts-android/1:4.4.4r2-6)
Next by Date: Bug#774210: marked as done (unblock: phpmyadmin/4:4.2.12-2)
Previous by thread: Bug#774235: unblock: tiff/4.0.3-12
Next by thread: Bug#774236: unblock: libmspack/0.4-2
Index(es):
- Date
- Thread