Bug#996695: buster-pu: package plib/plib_1.8.5-8+deb10u1
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu
Anton Gladky <gladk@debian.org>
Anhänge15:17 (vor 1 Minute)
an Debian; Bcc: gladk
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu
Dear release team,
the plib versioned 1.8.5-8+deb10u1 is prepared for the bullseye next
stable release.
[ Reason ]
This upload fixes a security issue CVE-2021-38714.
[ Impact ]
It should not have any impact on end users.
[ Tests ]
Salsa-ci is employed to check main package characteristics
https://salsa.debian.org/debian/plib/-/pipelines/303704
[ Risks ]
No risks are known.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
See attached diff. Sanitized values check is implemented.
Best regards
Anton
diff -Nru plib-1.8.5/debian/changelog plib-1.8.5/debian/changelog
--- plib-1.8.5/debian/changelog 2017-07-24 21:24:48.000000000 +0200
+++ plib-1.8.5/debian/changelog 2021-10-17 14:56:13.000000000 +0200
@@ -1,3 +1,10 @@
+plib (1.8.5-8+deb10u1) buster; urgency=medium
+
+ * Prevent integer overflow in ssgLoadTGA() function. CVE-2021-38714
+ (Closes: #992973)
+
+ -- Anton Gladky <gladk@debian.org> Sun, 17 Oct 2021 14:56:13 +0200
+
plib (1.8.5-8) unstable; urgency=medium
* QA upload.
diff -Nru plib-1.8.5/debian/.gitlab-ci.yml plib-1.8.5/debian/.gitlab-ci.yml
--- plib-1.8.5/debian/.gitlab-ci.yml 1970-01-01 01:00:00.000000000 +0100
+++ plib-1.8.5/debian/.gitlab-ci.yml 2021-10-17 14:56:13.000000000 +0200
@@ -0,0 +1,7 @@
+include:
+ - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml
+
+variables:
+ RELEASE: 'buster'
+ SALSA_CI_COMPONENTS: 'main contrib non-free'
+ SALSA_CI_DISABLE_REPROTEST: 1
diff -Nru plib-1.8.5/debian/patches/08_CVE-2021-38714.patch plib-1.8.5/debian/patches/08_CVE-2021-38714.patch
--- plib-1.8.5/debian/patches/08_CVE-2021-38714.patch 1970-01-01 01:00:00.000000000 +0100
+++ plib-1.8.5/debian/patches/08_CVE-2021-38714.patch 2021-10-10 15:14:22.000000000 +0200
@@ -0,0 +1,64 @@
+Description: Prevent integer overflow in ssgLoadTGA() function. CVE-2021-38714
+Author: Anton Gladky <gladk@debian.org>
+Bug-Debian: https://bugs.debian.org/992973
+Last-Update: 2021-10-02
+
+Index: plib/src/ssg/ssgLoadTGA.cxx
+===================================================================
+--- plib.orig/src/ssg/ssgLoadTGA.cxx
++++ plib/src/ssg/ssgLoadTGA.cxx
+@@ -23,6 +23,7 @@
+
+
+ #include "ssgLocal.h"
++#include <new>
+
+ #ifdef SSG_LOAD_TGA_SUPPORTED
+
+@@ -103,9 +104,9 @@ bool ssgLoadTGA ( const char *fname, ssg
+
+ // image info
+ int type = header[2];
+- int xsize = get16u(header + 12);
+- int ysize = get16u(header + 14);
+- int bits = header[16];
++ unsigned int xsize = get16u(header + 12);
++ unsigned int ysize = get16u(header + 14);
++ unsigned int bits = header[16];
+
+ /* image types:
+ *
+@@ -169,9 +170,32 @@ bool ssgLoadTGA ( const char *fname, ssg
+ }
+
+
++ const auto bytes_to_allocate = (bits / 8) * xsize * ysize;
++
++ ulSetError( UL_DEBUG, "bytes_to_allocate=%ld xsize = %ld, ysize = %ld, %ld == %ld ", bytes_to_allocate, xsize, ysize, bytes_to_allocate / xsize, (ysize * (bits / 8)));
++
++ if (xsize != 0 && ((ysize * (bits / 8)) != bytes_to_allocate / xsize))
++ {
++ ulSetError( UL_WARNING, "Integer overflow in image size: xsize = %d, ysize = %d", xsize, ysize);
++ return false;
++ }
++ else
++ {
++ ulSetError( UL_DEBUG, "ssgLoadTGA: Allocating %ld bytes for the size %d x %d", bytes_to_allocate, xsize, ysize );
++ }
++
+ // read image data
+
+- GLubyte *image = new GLubyte [ (bits / 8) * xsize * ysize ];
++ GLubyte *image;
++ try
++ {
++ image = new GLubyte [ bytes_to_allocate ];
++ }
++ catch (const std::bad_alloc&)
++ {
++ ulSetError( UL_WARNING, "ssgLoadTGA: Allocation of %d bytes failed!", bytes_to_allocate);
++ return false;
++ }
+
+ if ((type & 8) != 0)
+ {
diff -Nru plib-1.8.5/debian/patches/series plib-1.8.5/debian/patches/series
--- plib-1.8.5/debian/patches/series 2017-07-24 20:11:17.000000000 +0200
+++ plib-1.8.5/debian/patches/series 2021-10-02 13:24:19.000000000 +0200
@@ -6,3 +6,4 @@
06_spelling_errors.diff
05_CVE-2012-4552.diff
07_dont_break_joystick_system_calibration.diff
+08_CVE-2021-38714.patch
Reply to: