Bug#863877: unblock: pngquant/2.5.0-2

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#863877: unblock: pngquant/2.5.0-2
From: Andreas Tille <tille@debian.org>
Date: Thu, 01 Jun 2017 13:16:11 +0200
Message-id: <[🔎] 20170601111611.18120.7524.reportbug@mail.an3as.eu>
Reply-to: Andreas Tille <tille@debian.org>, 863877@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package pngquant

Fixes CVE-2016-5735

Thanks for your work as release team

      Andreas.


unblock pngquant/2.5.0-2

-- System Information:
Debian Release: 8.8
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

diff -Nru pngquant-2.5.0/debian/changelog pngquant-2.5.0/debian/changelog
--- pngquant-2.5.0/debian/changelog	2015-07-27 09:54:49.000000000 +0200
+++ pngquant-2.5.0/debian/changelog	2017-06-01 10:05:51.000000000 +0200
@@ -1,3 +1,11 @@
+pngquant (2.5.0-2) unstable; urgency=medium
+
+  * Fix CVE-2016-5735 (Thanks for the patch to Emilio Pozuelo
+    Monfort <pochu@debian.org>)
+    Closes: 863469
+
+ -- Andreas Tille <tille@debian.org>  Thu, 01 Jun 2017 10:05:51 +0200
+
 pngquant (2.5.0-1) unstable; urgency=medium
 
   * New upstream version
diff -Nru pngquant-2.5.0/debian/patches/CVE-2016-5735.patch pngquant-2.5.0/debian/patches/CVE-2016-5735.patch
--- pngquant-2.5.0/debian/patches/CVE-2016-5735.patch	1970-01-01 01:00:00.000000000 +0100
+++ pngquant-2.5.0/debian/patches/CVE-2016-5735.patch	2017-06-01 10:05:51.000000000 +0200
@@ -0,0 +1,20 @@
+Author: Emilio Pozuelo Monfort <pochu@debian.org>
+Last-Update: Wed, 31 May 2017 22:44:53 +0200
+Bug-Debian: https://bugs.debian.org/863469
+Description: CVE-2016-5735
+
+--- a/rwpng.c
++++ b/rwpng.c
+@@ -278,6 +278,12 @@ pngquant_error rwpng_read_image24_libpng
+ 
+     rowbytes = png_get_rowbytes(png_ptr, info_ptr);
+ 
++    // For overflow safety reject images that won't fit in 32-bit
++    if (rowbytes > INT_MAX/mainprog_ptr->height) {
++        png_destroy_read_struct(&png_ptr, &info_ptr, NULL);
++        return PNG_OUT_OF_MEMORY_ERROR;  /* not quite true, but whatever */
++    }
++
+     if ((mainprog_ptr->rgba_data = malloc(rowbytes*mainprog_ptr->height)) == NULL) {
+         fprintf(stderr, "pngquant readpng:  unable to allocate image data\n");
+         png_destroy_read_struct(&png_ptr, &info_ptr, NULL);
diff -Nru pngquant-2.5.0/debian/patches/series pngquant-2.5.0/debian/patches/series
--- pngquant-2.5.0/debian/patches/series	1970-01-01 01:00:00.000000000 +0100
+++ pngquant-2.5.0/debian/patches/series	2017-05-31 22:08:30.000000000 +0200
@@ -0,0 +1 @@
+CVE-2016-5735.patch

Reply to:

Follow-Ups:
- Bug#863877: marked as done (unblock: pngquant/2.5.0-2)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#863838: unblock: debian-edu-install/1.926
Next by Date: Bug#863895: unblock: squid3/3.5.23-3.1 (pre-approval)
Previous by thread: Bug#863519: unblock blockdiag/1.5.3+dfsg-2
Next by thread: Bug#863877: marked as done (unblock: pngquant/2.5.0-2)
Index(es):
- Date
- Thread