Your message dated Sun, 2 Jun 2019 09:36:16 +0200 with message-id <c38981bf-6f26-fc8d-e38e-52b6386a17ad@debian.org> and subject line Re: Bug#929855: unblock: libheif/1.3.2-2 has caused the Debian Bug report #929855, regarding unblock: libheif/1.3.2-2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 929855: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929855 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: unblock: libheif/1.3.2-2
- From: Reinhard Tartler <siretart@tauware.de>
- Date: Sat, 01 Jun 2019 18:07:55 -0400
- Message-id: <[🔎] 155942687583.26273.14756983428373690166.reportbug@kaby.tauware.de>
Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock Please unblock package libheif to address CVE-2019-11471, aka #928210 in Debian/buster. unblock libheif/1.3.2-2 debdiff follows: diff --git a/debian/changelog b/debian/changelog index 9452979..23246df 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +libheif (1.3.2-2) unstable; urgency=medium + + * Team Upload + + [ Dylan Aïssi ] + * Add patch to fix CVE-2019-11471, Closes: #928210 + + -- Reinhard Tartler <siretart@tauware.de> Sat, 01 Jun 2019 17:56:05 -0400 + libheif (1.3.2-1) unstable; urgency=medium * Imported Upstream version 1.3.2 diff --git a/debian/patches/CVE-2019-11471.patch b/debian/patches/CVE-2019-11471.patch new file mode 100644 index 0000000..767bb45 --- /dev/null +++ b/debian/patches/CVE-2019-11471.patch @@ -0,0 +1,60 @@ +Author: Joachim Bauch <bauch at struktur.de> +Description: Fix CVE-2019-11471 + Detect and handle recursive image references. + Detect non-existing referenced alpha images. + Detect non-existing referenced depth images. +Origin: upstream, https://github.com/strukturag/libheif/commit/e89fbbe0705a4b8e755f148fd4c4c84007295d16 + https://github.com/strukturag/libheif/commit/995a4283d8ed2d0d2c1ceb1a577b993df2f0e014 + https://github.com/strukturag/libheif/commit/5a9b7f7564e158c6339f6d78a77de23720b15afd +Bug: https://github.com/strukturag/libheif/issues/123 + https://github.com/strukturag/libheif/issues/125 +Bug-Debian: https://bugs.debian.org/928210 + +--- a/libheif/heif_context.cc ++++ b/libheif/heif_context.cc +@@ -520,6 +520,11 @@ + "Thumbnail references another thumbnail"); + } + ++ if (image.get() == master_iter->second.get()) { ++ return Error(heif_error_Invalid_input, ++ heif_suberror_Nonexisting_item_referenced, ++ "Recursive thumbnail image detected"); ++ } + master_iter->second->add_thumbnail(image); + + remove_top_level_image(image); +@@ -566,6 +571,16 @@ + image->set_is_alpha_channel_of(refs[0]); + + auto master_iter = m_all_images.find(refs[0]); ++ if (master_iter == m_all_images.end()) { ++ return Error(heif_error_Invalid_input, ++ heif_suberror_Nonexisting_item_referenced, ++ "Non-existing alpha image referenced"); ++ } ++ if (image.get() == master_iter->second.get()) { ++ return Error(heif_error_Invalid_input, ++ heif_suberror_Nonexisting_item_referenced, ++ "Recursive alpha image detected"); ++ } + master_iter->second->set_alpha_channel(image); + } + +@@ -576,6 +591,16 @@ + image->set_is_depth_channel_of(refs[0]); + + auto master_iter = m_all_images.find(refs[0]); ++ if (master_iter == m_all_images.end()) { ++ return Error(heif_error_Invalid_input, ++ heif_suberror_Nonexisting_item_referenced, ++ "Non-existing depth image referenced"); ++ } ++ if (image.get() == master_iter->second.get()) { ++ return Error(heif_error_Invalid_input, ++ heif_suberror_Nonexisting_item_referenced, ++ "Recursive depth image detected"); ++ } + master_iter->second->set_depth_channel(image); + + auto subtypes = auxC_property->get_subtypes(); diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..acd8abf --- /dev/null +++ b/debian/patches/series @@ -0,0 +1 @@ +CVE-2019-11471.patch -- System Information: Debian Release: 10.0 APT prefers testing APT policy: (500, 'testing'), (50, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
- To: Reinhard Tartler <siretart@tauware.de>, 929855-done@bugs.debian.org
- Subject: Re: Bug#929855: unblock: libheif/1.3.2-2
- From: Paul Gevers <elbrus@debian.org>
- Date: Sun, 2 Jun 2019 09:36:16 +0200
- Message-id: <c38981bf-6f26-fc8d-e38e-52b6386a17ad@debian.org>
- In-reply-to: <[🔎] 155942687583.26273.14756983428373690166.reportbug@kaby.tauware.de>
- References: <[🔎] 155942687583.26273.14756983428373690166.reportbug@kaby.tauware.de>
Hi Reinhard, On 02-06-2019 00:07, Reinhard Tartler wrote: > Please unblock package libheif to address CVE-2019-11471, aka #928210 in Debian/buster. > > unblock libheif/1.3.2-2 Unblocked, thanks. PaulAttachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---