Bug#988325: unblock: htmldoc/1.9.11-3
Control: tags -1 confirmed moreinfo
On 2021-05-10 16:53:54, Håvard Flaget Aasen wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> X-Debbugs-Cc: haavard_aasen@yahoo.no
>
> Please unblock package htmldoc
Please go ahead and remove the moreinfo tag once the new version is
available in unstable.
Cheers
>
> The bug #984765 [0] is only of severity normal, but it got a CVE number some days
> ago, it has been deemed unimportant by the security team.
>
> The patch is cherry-picked from upstream.
>
> [ Reason ]
> buffer-overflow caused by integer-overflow in image_load_gif(), which is
> CVE-2021-20308 [1]
>
> [ Impact ]
> Probably quite small.
>
> [ Tests ]
> None.
>
> [ Risks ]
> Small risk.
>
> [ Checklist ]
> [x] all changes are documented in the d/changelog
> [x] I reviewed all changes and I approve them
> [x] attach debdiff against the package in testing
>
> unblock htmldoc/1.9.11-3
>
> Regards,
> Håvard
>
> [0] https://bugs.debian.org/#984765
> [1] https://security-tracker.debian.org/tracker/CVE-2021-20308
> diff -Nru htmldoc-1.9.11/debian/changelog htmldoc-1.9.11/debian/changelog
> --- htmldoc-1.9.11/debian/changelog 2021-02-08 15:46:44.000000000 +0100
> +++ htmldoc-1.9.11/debian/changelog 2021-05-10 16:10:41.000000000 +0200
> @@ -1,3 +1,10 @@
> +htmldoc (1.9.11-3) unstable; urgency=medium
> +
> + * Add patch to mitigate buffer-overflow caused by integer-overflow in
> + image_load_gif() Closes: 984765 and fixes CVE-2021-20308
> +
> + -- Håvard Flaget Aasen <haavard_aasen@yahoo.no> Mon, 10 May 2021 16:10:41 +0200
> +
> htmldoc (1.9.11-2) unstable; urgency=medium
>
> * Update build-dependency to libfltk1.3-dev Closes: #982276
> diff -Nru htmldoc-1.9.11/debian/patches/Fix-crash-bug-with-bad-GIFs-Issue-423.patch htmldoc-1.9.11/debian/patches/Fix-crash-bug-with-bad-GIFs-Issue-423.patch
> --- htmldoc-1.9.11/debian/patches/Fix-crash-bug-with-bad-GIFs-Issue-423.patch 1970-01-01 01:00:00.000000000 +0100
> +++ htmldoc-1.9.11/debian/patches/Fix-crash-bug-with-bad-GIFs-Issue-423.patch 2021-05-10 16:10:41.000000000 +0200
> @@ -0,0 +1,27 @@
> +From: Michael R Sweet <michael.r.sweet@gmail.com>
> +Date: Wed, 31 Mar 2021 20:18:00 -0400
> +Subject: Fix crash bug with bad GIFs (Issue #423)
> +
> +CVE-2021-20308
> +
> +Origin: upstream, https://github.com/michaelrsweet/htmldoc/commit/6a8322a718b2ba5c440bd33e6f26d9e281c39654
> +Bug: https://github.com/michaelrsweet/htmldoc/issues/423
> +Bug-Debian: https://bugs.debian.org/#984765
> +---
> + htmldoc/image.cxx | 3 +++
> + 1 file changed, 3 insertions(+)
> +
> +diff --git a/htmldoc/image.cxx b/htmldoc/image.cxx
> +index 68d6b92..8f53050 100644
> +--- a/htmldoc/image.cxx
> ++++ b/htmldoc/image.cxx
> +@@ -1245,6 +1245,9 @@ image_load_gif(image_t *img, /* I - Image pointer */
> + img->height = (buf[9] << 8) | buf[8];
> + ncolors = 2 << (buf[10] & 0x07);
> +
> ++ if (img->width <= 0 || img->width > 32767 || img->height <= 0 || img->height > 32767)
> ++ return (-1);
> ++
> + // If we are writing an encrypted PDF file, bump the use count so we create
> + // an image object (Acrobat 6 bug workaround)
> + if (Encryption)
> diff -Nru htmldoc-1.9.11/debian/patches/series htmldoc-1.9.11/debian/patches/series
> --- htmldoc-1.9.11/debian/patches/series 2021-02-08 14:38:12.000000000 +0100
> +++ htmldoc-1.9.11/debian/patches/series 2021-05-10 16:10:41.000000000 +0200
> @@ -5,3 +5,4 @@
> autoheader_support.patch
> disable_libz.patch
> remove-os-check.patch
> +Fix-crash-bug-with-bad-GIFs-Issue-423.patch
--
Sebastian Ramacher
Reply to: