Bug#1068514: bullseye-pu: package imlib2/1.7.1-2
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: imlib2@packages.debian.org, apo@debian.org
Control: affects -1 + src:imlib2
[ Reason ]
Fixing CVE-2024-25447, CVE-2024-25448 and CVE-2024-25450 in bullseye.
[ Impact ]
CVE remain unfixed in bullseye while they are already fixed in stable
and newer distributions.
[ Tests ]
Code changes are trivial
[ Risks ]
Code changes are trivial and are already present in bookworm. No
regressions have been reported.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
A variable in the tgaflip function was multiplied with the height and not
the width which can cause a heap buffer overflow.
diff -Nru imlib2-1.7.1/debian/changelog imlib2-1.7.1/debian/changelog
--- imlib2-1.7.1/debian/changelog 2021-01-23 22:00:25.000000000 +0100
+++ imlib2-1.7.1/debian/changelog 2024-04-06 22:40:50.000000000 +0200
@@ -1,3 +1,11 @@
+imlib2 (1.7.1-2+deb11u1) bullseye; urgency=medium
+
+ * Fix CVE-2024-25447 and CVE-2024-25448 and CVE-2024-25450.
+ A heap-buffer overflow vulnerability was discovered in imlib2 when using
+ the tgaflip function in loader_tga.c
+
+ -- Markus Koschany <apo@debian.org> Sat, 06 Apr 2024 22:40:50 +0200
+
imlib2 (1.7.1-2) unstable; urgency=medium
* Drop obsolete libltdl3-dev dependency.
diff -Nru imlib2-1.7.1/debian/patches/CVE-2024-25447-and-CVE-2024-25448-and-CVE-2024-25450.patch imlib2-1.7.1/debian/patches/CVE-2024-25447-and-CVE-2024-25448-and-CVE-2024-25450.patch
--- imlib2-1.7.1/debian/patches/CVE-2024-25447-and-CVE-2024-25448-and-CVE-2024-25450.patch 1970-01-01 01:00:00.000000000 +0100
+++ imlib2-1.7.1/debian/patches/CVE-2024-25447-and-CVE-2024-25448-and-CVE-2024-25450.patch 2024-04-06 22:40:50.000000000 +0200
@@ -0,0 +1,26 @@
+From: Markus Koschany <apo@debian.org>
+Date: Fri, 5 Apr 2024 16:29:27 +0200
+Subject: CVE-2024-25447 and CVE-2024-25448 and CVE-2024-25450
+
+Origin: https://git.enlightenment.org/old/legacy-imlib2/commit/e9c09deb08047c9e902ce37144e82b6edb8aedb6
+---
+ src/modules/loaders/loader_tga.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/modules/loaders/loader_tga.c b/src/modules/loaders/loader_tga.c
+index e9729b0..ae96a3b 100644
+--- a/src/modules/loaders/loader_tga.c
++++ b/src/modules/loaders/loader_tga.c
+@@ -595,9 +595,9 @@ tgaflip(DATA32 * in, int w, int h, int fliph, int flipv)
+ x2 = fliph ? w - 1 : 0;
+ for (x = 0; x < nx; x++, x2 += dx)
+ {
+- tmp = in[y * h + x];
+- in[y * h + x] = in[y2 * h + x2];
+- in[y2 * h + x2] = tmp;
++ tmp = in[y * w + x];
++ in[y * w + x] = in[y2 * w + x2];
++ in[y2 * w + x2] = tmp;
+ }
+ }
+ }
diff -Nru imlib2-1.7.1/debian/patches/series imlib2-1.7.1/debian/patches/series
--- imlib2-1.7.1/debian/patches/series 2021-01-23 22:00:25.000000000 +0100
+++ imlib2-1.7.1/debian/patches/series 2024-04-06 22:40:50.000000000 +0200
@@ -1 +1,2 @@
01_removed-data-dir.patch
+CVE-2024-25447-and-CVE-2024-25448-and-CVE-2024-25450.patch
Reply to: