Bug#856118: marked as done (unblock: graphicsmagick)

To: Niels Thykier <niels@thykier.net>
Subject: Bug#856118: marked as done (unblock: graphicsmagick)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sat, 25 Feb 2017 13:18:05 +0000
Message-id: <[🔎] handler.856118.D856118.14880284933574.ackdone@bugs.debian.org>
References: <bab748cd-7c98-bfeb-3a37-c2fb85afd274@thykier.net> <[🔎] 1488019491.2637.15.camel@debian.org>

Your message dated Sat, 25 Feb 2017 13:13:00 +0000
with message-id <bab748cd-7c98-bfeb-3a37-c2fb85afd274@thykier.net>
and subject line Re: Bug#856118: unblock: graphicsmagick
has caused the Debian Bug report #856118,
regarding unblock: graphicsmagick
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
856118: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856118
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: unblock: graphicsmagick
From: "Laszlo Boszormenyi (GCS)" <gcs@debian.org>
Date: Sat, 25 Feb 2017 11:44:51 +0100
Message-id: <[🔎] 1488019491.2637.15.camel@debian.org>

Package: release.debian.org
User: release.debian.org@packages.debian.org
Usertags: unblock

Hi Release Team,

Upstream of GraphicsMagick, Bob Friesenhahn reported its vulnerability
when reading (heap buffer overread) CMYKA TIFF files[1].

The fix is small and the debdiff is attached for your convenience.
Please unblock and let it migrate to Stretch.

Thanks,
Laszlo/GCS
[1] http://www.openwall.com/lists/oss-security/2017/02/24/1

diff -Nru graphicsmagick-1.3.25/debian/changelog graphicsmagick-1.3.25/debian/changelog
--- graphicsmagick-1.3.25/debian/changelog	2016-12-25 15:42:18.000000000 +0100
+++ graphicsmagick-1.3.25/debian/changelog	2017-02-24 20:17:41.000000000 +0100
@@ -1,3 +1,9 @@
+graphicsmagick (1.3.25-8) unstable; urgency=high
+
+  * Backport security fix for out of bounds access when reading CMYKA tiff.
+
+ -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Fri, 24 Feb 2017 19:17:41 +0000
+
 graphicsmagick (1.3.25-7) unstable; urgency=medium
 
   * Add hack to build self-tests on mips* architectures.
diff -Nru graphicsmagick-1.3.25/debian/patches/Fix_out_of_bounds_access_when_reading_CMYKA_tiff.patch graphicsmagick-1.3.25/debian/patches/Fix_out_of_bounds_access_when_reading_CMYKA_tiff.patch
--- graphicsmagick-1.3.25/debian/patches/Fix_out_of_bounds_access_when_reading_CMYKA_tiff.patch	1970-01-01 01:00:00.000000000 +0100
+++ graphicsmagick-1.3.25/debian/patches/Fix_out_of_bounds_access_when_reading_CMYKA_tiff.patch	2017-02-24 20:17:41.000000000 +0100
@@ -0,0 +1,70 @@
+# HG changeset patch
+# User Bob Friesenhahn <bfriesen@GraphicsMagick.org>
+# Date 1487905610 21600
+#      Thu Feb 23 21:06:50 2017 -0600
+# Node ID 6156b4c2992d855ece6079653b3b93c3229fc4b8
+# Parent  0392c4305a4369984ec8069055acc470c0a73647
+Fix out of bounds access when reading CMYKA tiff which claims wrong samples/pixel.
+
+diff -r 0392c4305a43 -r 6156b4c2992d ChangeLog
+--- a/ChangeLog	Sun Jan 29 10:04:57 2017 -0600
++++ b/ChangeLog	Thu Feb 23 21:06:50 2017 -0600
+@@ -1,3 +1,10 @@
++2017-02-23  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
++
++	* coders/tiff.c (QuantumTransferMode): Fix out of bounds
++	read/write when reading CMYKA TIFF which claims to have only 2
++	samples per pixel.  Problem was reported via email on February 15,
++	2017 by Valon Chu.
++
+ 2016-10-21 Glenn Randers-Pehrson  <glennrp@simple.dallas.tx.us>
+ 
+ 	*coders/png.c (ReadOneJNGImage): Enforce spec requirement that the
+diff -r 0392c4305a43 -r 6156b4c2992d coders/tiff.c
+--- a/coders/tiff.c	Sun Jan 29 10:04:57 2017 -0600
++++ b/coders/tiff.c	Thu Feb 23 21:06:50 2017 -0600
+@@ -1230,8 +1230,8 @@
+                   case 0:
+                     if (samples_per_pixel == 1)
+                       *quantum_type=GrayQuantum;
+-                      else
+-                        *quantum_type=RedQuantum;
++                    else
++                      *quantum_type=RedQuantum;
+                     break;
+                   case 1:
+                     *quantum_type=GreenQuantum;
+@@ -1411,12 +1411,12 @@
+               }
+             else
+               {
+-                if (image->matte)
++                if (image->matte && samples_per_pixel >= 5)
+                   {
+                     *quantum_type=CMYKAQuantum;
+                     *quantum_samples=5;
+                   }
+-                else
++                else if (samples_per_pixel >= 4)
+                   {
+                     *quantum_type=CMYKQuantum;
+                     *quantum_samples=4;
+diff -r 0392c4305a43 -r 6156b4c2992d www/Changelog.html
+--- a/www/Changelog.html	Sun Jan 29 10:04:57 2017 -0600
++++ b/www/Changelog.html	Thu Feb 23 21:06:50 2017 -0600
+@@ -35,6 +35,15 @@
+ <div class="document">
+ 
+ 
++<p>2017-02-23  Bob Friesenhahn  &lt;<a class="reference external" href="mailto:bfriesen&#37;&#52;&#48;simple&#46;dallas&#46;tx&#46;us";>bfriesen<span>&#64;</span>simple<span>&#46;</span>dallas<span>&#46;</span>tx<span>&#46;</span>us</a>&gt;</p>
++<blockquote>
++<ul class="simple">
++<li>coders/tiff.c (QuantumTransferMode): Fix out of bounds
++read/write when reading CMYKA TIFF which claims to have only 2
++samples per pixel.  Problem was reported via email on February 15,
++2017 by Valon Chu.</li>
++</ul>
++</blockquote>
+ <p>2016-10-21 Glenn Randers-Pehrson  &lt;<a class="reference external" href="mailto:glennrp&#37;&#52;&#48;simple&#46;dallas&#46;tx&#46;us";>glennrp<span>&#64;</span>simple<span>&#46;</span>dallas<span>&#46;</span>tx<span>&#46;</span>us</a>&gt;</p>
+ <blockquote>
+ <p>*coders/png.c (ReadOneJNGImage): Enforce spec requirement that the
diff -Nru graphicsmagick-1.3.25/debian/patches/series graphicsmagick-1.3.25/debian/patches/series
--- graphicsmagick-1.3.25/debian/patches/series	2016-12-25 15:42:18.000000000 +0100
+++ graphicsmagick-1.3.25/debian/patches/series	2017-02-24 20:17:41.000000000 +0100
@@ -8,3 +8,4 @@
 CVE-2016-8684.patch
 CVE-2016-9830.patch
 mips_link_fix.patch
+Fix_out_of_bounds_access_when_reading_CMYKA_tiff.patch

--- End Message ---

--- Begin Message ---

To: "Laszlo Boszormenyi (GCS)" <gcs@debian.org>, 856118-done@bugs.debian.org

Subject: Re: Bug#856118: unblock: graphicsmagick

From: Niels Thykier <niels@thykier.net>

Date: Sat, 25 Feb 2017 13:13:00 +0000

Message-id: <bab748cd-7c98-bfeb-3a37-c2fb85afd274@thykier.net>

In-reply-to: <[🔎] 1488019491.2637.15.camel@debian.org>

References: <[🔎] 1488019491.2637.15.camel@debian.org>
Laszlo Boszormenyi (GCS):
> Package: release.debian.org
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Hi Release Team,
> 
> Upstream of GraphicsMagick, Bob Friesenhahn reported its vulnerability
> when reading (heap buffer overread) CMYKA TIFF files[1].
> 
> The fix is small and the debdiff is attached for your convenience.
> Please unblock and let it migrate to Stretch.
> 
> Thanks,
> Laszlo/GCS
> [1] http://www.openwall.com/lists/oss-security/2017/02/24/1
> 

Unblocked, thanks.

~Niels
--- End Message ---

Reply to:

References:
- Bug#856118: unblock: graphicsmagick
  - From: "Laszlo Boszormenyi (GCS)" <gcs@debian.org>

Prev by Date: Bug#856071: marked as done (unblock repo/1.12.37-2)
Next by Date: Processed: Re: design-desktop-animation: please drop dependency on pencil2d
Previous by thread: Bug#856118: unblock: graphicsmagick
Next by thread: Bug#856119: unblock: qpid-python
Index(es):
- Date
- Thread