Bug#988325: unblock: htmldoc/1.9.11-3
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: haavard_aasen@yahoo.no
Please unblock package htmldoc
The bug #984765 [0] is only of severity normal, but it got a CVE number some days
ago, it has been deemed unimportant by the security team.
The patch is cherry-picked from upstream.
[ Reason ]
buffer-overflow caused by integer-overflow in image_load_gif(), which is
CVE-2021-20308 [1]
[ Impact ]
Probably quite small.
[ Tests ]
None.
[ Risks ]
Small risk.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
unblock htmldoc/1.9.11-3
Regards,
Håvard
[0] https://bugs.debian.org/#984765
[1] https://security-tracker.debian.org/tracker/CVE-2021-20308
diff -Nru htmldoc-1.9.11/debian/changelog htmldoc-1.9.11/debian/changelog
--- htmldoc-1.9.11/debian/changelog 2021-02-08 15:46:44.000000000 +0100
+++ htmldoc-1.9.11/debian/changelog 2021-05-10 16:10:41.000000000 +0200
@@ -1,3 +1,10 @@
+htmldoc (1.9.11-3) unstable; urgency=medium
+
+ * Add patch to mitigate buffer-overflow caused by integer-overflow in
+ image_load_gif() Closes: 984765 and fixes CVE-2021-20308
+
+ -- Håvard Flaget Aasen <haavard_aasen@yahoo.no> Mon, 10 May 2021 16:10:41 +0200
+
htmldoc (1.9.11-2) unstable; urgency=medium
* Update build-dependency to libfltk1.3-dev Closes: #982276
diff -Nru htmldoc-1.9.11/debian/patches/Fix-crash-bug-with-bad-GIFs-Issue-423.patch htmldoc-1.9.11/debian/patches/Fix-crash-bug-with-bad-GIFs-Issue-423.patch
--- htmldoc-1.9.11/debian/patches/Fix-crash-bug-with-bad-GIFs-Issue-423.patch 1970-01-01 01:00:00.000000000 +0100
+++ htmldoc-1.9.11/debian/patches/Fix-crash-bug-with-bad-GIFs-Issue-423.patch 2021-05-10 16:10:41.000000000 +0200
@@ -0,0 +1,27 @@
+From: Michael R Sweet <michael.r.sweet@gmail.com>
+Date: Wed, 31 Mar 2021 20:18:00 -0400
+Subject: Fix crash bug with bad GIFs (Issue #423)
+
+CVE-2021-20308
+
+Origin: upstream, https://github.com/michaelrsweet/htmldoc/commit/6a8322a718b2ba5c440bd33e6f26d9e281c39654
+Bug: https://github.com/michaelrsweet/htmldoc/issues/423
+Bug-Debian: https://bugs.debian.org/#984765
+---
+ htmldoc/image.cxx | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/htmldoc/image.cxx b/htmldoc/image.cxx
+index 68d6b92..8f53050 100644
+--- a/htmldoc/image.cxx
++++ b/htmldoc/image.cxx
+@@ -1245,6 +1245,9 @@ image_load_gif(image_t *img, /* I - Image pointer */
+ img->height = (buf[9] << 8) | buf[8];
+ ncolors = 2 << (buf[10] & 0x07);
+
++ if (img->width <= 0 || img->width > 32767 || img->height <= 0 || img->height > 32767)
++ return (-1);
++
+ // If we are writing an encrypted PDF file, bump the use count so we create
+ // an image object (Acrobat 6 bug workaround)
+ if (Encryption)
diff -Nru htmldoc-1.9.11/debian/patches/series htmldoc-1.9.11/debian/patches/series
--- htmldoc-1.9.11/debian/patches/series 2021-02-08 14:38:12.000000000 +0100
+++ htmldoc-1.9.11/debian/patches/series 2021-05-10 16:10:41.000000000 +0200
@@ -5,3 +5,4 @@
autoheader_support.patch
disable_libz.patch
remove-os-check.patch
+Fix-crash-bug-with-bad-GIFs-Issue-423.patch
Reply to: