Bug#852770: unblock: lcms2/2.8-4

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#852770: unblock: lcms2/2.8-4
From: Thomas Weber <tweber@debian.org>
Date: Fri, 27 Jan 2017 07:39:56 +0100
Message-id: <[🔎] 20170127063956.4vb2wykkrrjukqbj@t61>
Reply-to: Thomas Weber <tweber@debian.org>, 852770@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package lcms2

The new package fixes a grave security bug (#852627), which was
submitted just two days ago. Debdiff with one-line change attached.

unblock lcms2/2.8-4

Thanks
	Thomas

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

diff -Nru lcms2-2.8/debian/changelog lcms2-2.8/debian/changelog
--- lcms2-2.8/debian/changelog	2016-12-18 23:24:18.000000000 +0100
+++ lcms2-2.8/debian/changelog	2017-01-26 11:04:13.000000000 +0100
@@ -1,3 +1,11 @@
+lcms2 (2.8-4) unstable; urgency=medium
+
+  * New patch: debian/patches/fix-CVE-2016-10165.patch.
+    Fix for CVE-2016-10165. (Closes: #852627)
+    Thanks to Salvatore Bonaccorso <carnil@debian.org> 
+
+ -- Thomas Weber <tweber@debian.org>  Thu, 26 Jan 2017 11:04:13 +0100
+
 lcms2 (2.8-3) unstable; urgency=medium
 
   * New patch: lcms2-fix-strFrom16-byte-order.patch.
diff -Nru lcms2-2.8/debian/patches/fix-CVE-2016-10165.patch lcms2-2.8/debian/patches/fix-CVE-2016-10165.patch
--- lcms2-2.8/debian/patches/fix-CVE-2016-10165.patch	1970-01-01 01:00:00.000000000 +0100
+++ lcms2-2.8/debian/patches/fix-CVE-2016-10165.patch	2017-01-26 11:04:13.000000000 +0100
@@ -0,0 +1,17 @@
+Description: Fix for CVE-2016-10165
+ Fixes an out-of-bounds read in Type_MLU_Read()
+Origin: https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2
+Author: Marti <marti.maria@tktbrainpower.com>
+Applied-upstream: https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2
+Forwarded: not-needed
+Bug-Debian: https://bugs.debian.org/852627
+--- a/src/cmstypes.c
++++ b/src/cmstypes.c
+@@ -1460,6 +1460,7 @@
+ 
+         // Check for overflow
+         if (Offset < (SizeOfHeader + 8)) goto Error;
++        if ((Offset + Len) > SizeOfTag + 8) goto Error;
+ 
+         // True begin of the string
+         BeginOfThisString = Offset - SizeOfHeader - 8;
diff -Nru lcms2-2.8/debian/patches/series lcms2-2.8/debian/patches/series
--- lcms2-2.8/debian/patches/series	2016-12-18 23:24:18.000000000 +0100
+++ lcms2-2.8/debian/patches/series	2017-01-26 11:04:13.000000000 +0100
@@ -1,3 +1,4 @@
 prepare-for-libtoolizing.patch
 dont-write-uninitialized-memory-for-color-strings.patch
 lcms2-fix-strFrom16-byte-order.patch
+fix-CVE-2016-10165.patch

Reply to:

Follow-Ups:
- Bug#852770: marked as done (unblock: lcms2/2.8-4)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Re: Advice on uncontrolled ABI change in quagga 1.1.0
Next by Date: Bug#852770: marked as done (unblock: lcms2/2.8-4)
Previous by thread: Bug#821816: marked as done (Automatic removals changes in [KEY-PACKAGES] for PHP 7.0 transition)
Next by thread: Bug#852770: marked as done (unblock: lcms2/2.8-4)
Index(es):
- Date
- Thread