--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: jessie-pu: package darktable/1.4.2-1+b3
- From: David Bremner <bremner@debian.org>
- Date: Sun, 25 Sep 2016 22:01:26 -0300
- Message-id: <147485168636.21484.427107310956577348.reportbug@zancas.localnet>
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
This update would fix CVE-2015-3885 / #786792 in stable. The CVE has
previously been classified as not severe enough for a DSA.
- -- System Information:
Debian Release: stretch/sid
APT prefers testing
APT policy: (900, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.6.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
-----BEGIN PGP SIGNATURE-----
iQGcBAEBCAAGBQJX6HNlAAoJEPIClx2kp54sPD8L/RpiaGuf3Qn6Wy7RZboY+5Wp
2m1TKjYzdWUTm46yldmiSuMrvsy39rUR//c+KkJGTAqbCXus5V1sXgFiSGRxiiVt
rMWJd2F3JjdBWbU8uFVTFNj7ihSkV2B6g37tlySbUQaBNZY5y3EkTfMKEo6hL/M+
js/wNIRJkK5+fwIAKyo1kPQR6D3VGps4EJt1xOAoxGC62j3v0J0efgGsuSxVCZNQ
RUqkrkIt3YRgUMrZGJlmLeezOfHI9k3E/1mLKbgqkP+tVF2bMgINbQWvBgDDJsPy
y7As5Pi0I741ekBKfhTx9zrUaXpA2+qu8tEsKJDrSLxsEnAeRGEN2OCtBcHUiLwK
TLRH4Ktq+jVgES3y5eCie3EGCIQTHUxIVeZyQJcFyOlF3z5fepXdIiG2VmPnMsCI
nMkqq3wsgr5rIYovfOCALONmOnV+9DcAsmE7E38WlG7u+79pBbrLY8lSdNx0dNzK
5QuFUQ8pC2qapF3BpufFAGikTiYl3VvyBNSGAvKjoA==
=dFI8
-----END PGP SIGNATURE-----
diff -Nru darktable-1.4.2/debian/changelog darktable-1.4.2/debian/changelog
--- darktable-1.4.2/debian/changelog 2014-05-04 00:43:43.000000000 -0300
+++ darktable-1.4.2/debian/changelog 2016-09-25 21:51:51.000000000 -0300
@@ -1,3 +1,10 @@
+darktable (1.4.2-1+deb8u1) stable; urgency=medium
+
+ * Cherry pick upstream commit 0f809ca5048. Fix for CVE-2015-3885
+ (Closes #786792)
+
+ -- David Bremner <bremner@debian.org> Sun, 25 Sep 2016 21:49:23 -0300
+
darktable (1.4.2-1) unstable; urgency=medium
* New upstream release.
diff -Nru darktable-1.4.2/debian/patches/0001-LibRaw-address-CVE-2015-3885-fix-integer-overflow-in.patch darktable-1.4.2/debian/patches/0001-LibRaw-address-CVE-2015-3885-fix-integer-overflow-in.patch
--- darktable-1.4.2/debian/patches/0001-LibRaw-address-CVE-2015-3885-fix-integer-overflow-in.patch 1969-12-31 20:00:00.000000000 -0400
+++ darktable-1.4.2/debian/patches/0001-LibRaw-address-CVE-2015-3885-fix-integer-overflow-in.patch 2016-09-25 21:52:29.000000000 -0300
@@ -0,0 +1,40 @@
+From b2c17dd163bea76f4817ad726a1e874206969dc1 Mon Sep 17 00:00:00 2001
+From: Roman Lebedev <lebedev.ri@gmail.com>
+Date: Fri, 22 May 2015 13:18:48 +0300
+Subject: [PATCH] LibRaw: address CVE-2015-3885: fix integer overflow in
+ ljpeg_start()
+
+The fix is not tested.
+Based on ufraw.
+
+(cherry picked from commit 0f809ca5048c71080437da543aefbfde65ebf10a)
+---
+ src/external/LibRaw/internal/dcraw_common.cpp | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/src/external/LibRaw/internal/dcraw_common.cpp b/src/external/LibRaw/internal/dcraw_common.cpp
+index 948ef3f..982ecd7 100644
+--- a/src/external/LibRaw/internal/dcraw_common.cpp
++++ b/src/external/LibRaw/internal/dcraw_common.cpp
+@@ -630,7 +630,8 @@ void CLASS canon_compressed_load_raw()
+
+ int CLASS ljpeg_start (struct jhead *jh, int info_only)
+ {
+- int c, tag, len;
++ int c, tag;
++ ushort len;
+ uchar data[0x10000];
+ const uchar *dp;
+
+@@ -641,8 +642,9 @@ int CLASS ljpeg_start (struct jhead *jh, int info_only)
+ do {
+ fread (data, 2, 2, ifp);
+ tag = data[0] << 8 | data[1];
+- len = (data[2] << 8 | data[3]) - 2;
+- if (tag <= 0xff00) return 0;
++ len = (data[2] << 8 | data[3]);
++ if (tag <= 0xff00 || len <= 2) return 0;
++ len -= 2;
+ fread (data, 1, len, ifp);
+ switch (tag) {
+ case 0xffc3:
diff -Nru darktable-1.4.2/debian/patches/series darktable-1.4.2/debian/patches/series
--- darktable-1.4.2/debian/patches/series 1969-12-31 20:00:00.000000000 -0400
+++ darktable-1.4.2/debian/patches/series 2016-09-25 21:52:29.000000000 -0300
@@ -0,0 +1,2 @@
+# exported from git by git-debcherry
+0001-LibRaw-address-CVE-2015-3885-fix-integer-overflow-in.patch
--- End Message ---