Bug#787692: release.debian.org: jessie-pu: package ufraw/0.20-2+deb8u1
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu
I have fixed the security issue below for ufraw. The security team has
marked the issue as no-dsa, but has suggested that it be fixed via
jessie-pu.
Here is an interdiff between the current jessie version and the updated
version:
diff -u ufraw-0.20/dcraw.cc ufraw-0.20/dcraw.cc
--- ufraw-0.20/dcraw.cc
+++ ufraw-0.20/dcraw.cc
@@ -934,8 +934,7 @@
int CLASS ljpeg_start (struct jhead *jh, int info_only)
{
- int c, tag;
- ushort len;
+ int c, tag, len;
uchar data[0x10000];
const uchar *dp;
@@ -946,9 +945,8 @@
do {
fread (data, 2, 2, ifp);
tag = data[0] << 8 | data[1];
- len = (data[2] << 8 | data[3]);
- if (tag <= 0xff00 || len <= 2) return 0;
- len -= 2;
+ len = (data[2] << 8 | data[3]) - 2;
+ if (tag <= 0xff00) return 0;
fread (data, 1, len, ifp);
switch (tag) {
case 0xffc3:
diff -u ufraw-0.20/debian/changelog ufraw-0.20/debian/changelog
--- ufraw-0.20/debian/changelog
+++ ufraw-0.20/debian/changelog
@@ -1,11 +1,3 @@
-ufraw (0.20-2+deb8u1) jessie-security; urgency=high
-
- * dcraw.cc: Apply patch from
- https://bugzilla.redhat.com/attachment.cgi?id=1027072&action=diff to
- prevent buffer overflow in ljpeg_start (Closes: #786783, CVE-2015-3885)
-
- -- Hubert Chathi <uhoreg@debian.org> Tue, 26 May 2015 14:44:00 -0400
-
ufraw (0.20-2) unstable; urgency=low
* ufraw-gimp.c: Apply upstream patch: Only use
On Mon, 25 May 2015 16:40:00 +0200, Salvatore Bonaccorso <carnil@debian.org> said:
> the following vulnerability was published for ufraw.
> CVE-2015-3885[0]: | Integer overflow in the ljpeg_start function in
> dcraw 7.00 and earlier | allows remote attackers to cause a denial of
> service (crash) via a | crafted image, which triggers a buffer
> overflow, related to the len | variable.
-- System Information:
Debian Release: 7.2
APT prefers stable
APT policy: (990, 'stable'), (500, 'oldstable-updates'), (500, 'unstable'), (500, 'testing'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.17-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Reply to: