Bug#812363: wheezy-pu: package giflib/4.1.6-10+deb7u1

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#812363: wheezy-pu: package giflib/4.1.6-10+deb7u1
From: Guido Günther <agx@sigxcpu.org>
Date: Fri, 22 Jan 2016 19:50:30 +0100
Message-id: <[🔎] 20160122185030.GB2537@bogon.m.sigxcpu.org>
Reply-to: Guido Günther <agx@sigxcpu.org>, 812363@bugs.debian.org

Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian.org@packages.debian.org
Usertags: pu

Hi,
I'd like to fix CVE-2015-7555 via wheezy-pu since the bug is fixed in
Squeeze LTS and we try to not introduce new security issues when people
upgrade (the Debian security team marked this CVE as no-dsa).

Please find the debdiff attached.
Cheers,
 -- Guido

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'stable-updates'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.1.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

diff --git a/debian/changelog b/debian/changelog
index 727ea97..f728114 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+giflib (4.1.6-10+deb7u1) oldstable-security; urgency=medium
+
+  * Non-maintainer upload by the LTS Security Team.
+  * CVE-2015-7555: bail out if Width > SWidth.
+    Cherry-picked upstream commit 179510be300bf11115e37528d79619b53c884a63
+    (Closes: #808704)
+
+ -- Guido Günther <agx@sigxcpu.org>  Fri, 22 Jan 2016 19:03:38 +0100
+
 giflib (4.1.6-10) unstable; urgency=low
 
   * Fixing fprintf issues by YunQiang Su.
diff --git a/debian/patches/CVE-2015-7555-bail-out-if-Width-SWidth.patch b/debian/patches/CVE-2015-7555-bail-out-if-Width-SWidth.patch
new file mode 100644
index 0000000..e660bea
--- /dev/null
+++ b/debian/patches/CVE-2015-7555-bail-out-if-Width-SWidth.patch
@@ -0,0 +1,22 @@
+From: "Eric S. Raymond" <esr@thyrsus.com>
+Date: Tue, 5 Jan 2016 23:01:45 -0500
+Subject: CVE-2015-7555: bail out if Width > SWidth
+
+Cherry-picked upstream commit 179510be300bf11115e37528d79619b53c884a63
+---
+ util/giffix.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/util/giffix.c b/util/giffix.c
+index 247305e..408d429 100644
+--- a/util/giffix.c
++++ b/util/giffix.c
+@@ -137,6 +137,8 @@ int main(int argc, char **argv)
+ 		Height = GifFileIn->Image.Height;
+ 		GifQprintf("\n%s: Image %d at (%d, %d) [%dx%d]:     ",
+ 		    PROGRAM_NAME, ++ImageNum, Col, Row, Width, Height);
++		if (Width > GifFileIn->SWidth)
++		    GIF_EXIT("Image is wider than total");
+ 
+ 		/* Put the image descriptor to out file: */
+ 		if (EGifPutImageDesc(GifFileOut, Col, Row, Width, Height,
diff --git a/debian/patches/series b/debian/patches/series
index 3bcfb21..e297c1f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@
 02-doc_fixes.patch
 03-spelling_fixes.patch
 04-fprintf_format_error.patch
+CVE-2015-7555-bail-out-if-Width-SWidth.patch

Reply to:

Follow-Ups:
- Bug#812363: wheezy-pu: package giflib/4.1.6-10+deb7u1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Processed: Re: Bug#812363: wheezy-pu: package giflib/4.1.6-10+deb7u1
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Processed: Re: Bug#812363: wheezy-pu: package giflib/4.1.6-10+deb7u1
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#812362: jessie-pu: package giflib/4.1.6-11+deb8u1
Next by Date: Bug#812389: nmu: gst-plugins-good1.0_1.7.1-1
Previous by thread: Processed: Re: Bug#812362: jessie-pu: package giflib/4.1.6-11+deb8u1
Next by thread: Bug#812363: wheezy-pu: package giflib/4.1.6-10+deb7u1
Index(es):
- Date
- Thread