--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package pngquant
Fixes CVE-2016-5735
Thanks for your work as release team
Andreas.
unblock pngquant/2.5.0-2
-- System Information:
Debian Release: 8.8
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru pngquant-2.5.0/debian/changelog pngquant-2.5.0/debian/changelog
--- pngquant-2.5.0/debian/changelog 2015-07-27 09:54:49.000000000 +0200
+++ pngquant-2.5.0/debian/changelog 2017-06-01 10:05:51.000000000 +0200
@@ -1,3 +1,11 @@
+pngquant (2.5.0-2) unstable; urgency=medium
+
+ * Fix CVE-2016-5735 (Thanks for the patch to Emilio Pozuelo
+ Monfort <pochu@debian.org>)
+ Closes: 863469
+
+ -- Andreas Tille <tille@debian.org> Thu, 01 Jun 2017 10:05:51 +0200
+
pngquant (2.5.0-1) unstable; urgency=medium
* New upstream version
diff -Nru pngquant-2.5.0/debian/patches/CVE-2016-5735.patch pngquant-2.5.0/debian/patches/CVE-2016-5735.patch
--- pngquant-2.5.0/debian/patches/CVE-2016-5735.patch 1970-01-01 01:00:00.000000000 +0100
+++ pngquant-2.5.0/debian/patches/CVE-2016-5735.patch 2017-06-01 10:05:51.000000000 +0200
@@ -0,0 +1,20 @@
+Author: Emilio Pozuelo Monfort <pochu@debian.org>
+Last-Update: Wed, 31 May 2017 22:44:53 +0200
+Bug-Debian: https://bugs.debian.org/863469
+Description: CVE-2016-5735
+
+--- a/rwpng.c
++++ b/rwpng.c
+@@ -278,6 +278,12 @@ pngquant_error rwpng_read_image24_libpng
+
+ rowbytes = png_get_rowbytes(png_ptr, info_ptr);
+
++ // For overflow safety reject images that won't fit in 32-bit
++ if (rowbytes > INT_MAX/mainprog_ptr->height) {
++ png_destroy_read_struct(&png_ptr, &info_ptr, NULL);
++ return PNG_OUT_OF_MEMORY_ERROR; /* not quite true, but whatever */
++ }
++
+ if ((mainprog_ptr->rgba_data = malloc(rowbytes*mainprog_ptr->height)) == NULL) {
+ fprintf(stderr, "pngquant readpng: unable to allocate image data\n");
+ png_destroy_read_struct(&png_ptr, &info_ptr, NULL);
diff -Nru pngquant-2.5.0/debian/patches/series pngquant-2.5.0/debian/patches/series
--- pngquant-2.5.0/debian/patches/series 1970-01-01 01:00:00.000000000 +0100
+++ pngquant-2.5.0/debian/patches/series 2017-05-31 22:08:30.000000000 +0200
@@ -0,0 +1 @@
+CVE-2016-5735.patch
--- End Message ---