libxpm: Changes to 'debian-wheezy'

To: debian-x@lists.debian.org
Subject: libxpm: Changes to 'debian-wheezy'
From: Emilio Pozuelo Monfort <pochu@moszumanska.debian.org>
Date: Wed, 25 Jan 2017 17:54:54 +0000
Message-id: <[🔎] E1cWRmY-0007fw-7A@moszumanska.debian.org>

New branch 'debian-wheezy' available with the following commits:
commit b6d4351808219ac8485ed2337ad60ac0a6ef4331
Author: Emilio Pozuelo Monfort <pochu@debian.org>
Date:   Wed Jan 25 18:14:47 2017 +0100

    Release to wheezy-security

commit be426a11b9a34235ea5d8825a44a22f5fefedf2a
Author: Emilio Pozuelo Monfort <pochu@debian.org>
Date:   Wed Jan 25 18:14:27 2017 +0100

    Document cherry-pick

commit 71584b5e2c64b481a61fde2035fdf69706db3c94
Author: Tobias Stoeckmann <tobias@stoeckmann.org>
Date:   Thu Dec 8 17:07:55 2016 +0100

    Avoid OOB write when handling malicious XPM files.
    
    libXpm uses unsigned int to store sizes, which fits size_t on 32 bit
    systems, but leads to issues on 64 bit systems.
    
    On 64 bit systems, it is possible to overflow 32 bit integers while
    parsing XPM extensions in a file.
    
    At first, it looks like a rather unimportant detail, because nobody
    will seriously open a 4 GB file. But unfortunately XPM has support for
    gzip compression out of the box. An attacker can therefore craft a
    compressed file which is merely 4 MB in size, which makes an attack
    much for feasable.
    
    Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
    Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>

Reply to:

Prev by Date: Transmaquina - Búsqueda de Proveedor Grúas Telescópicas y Maquinaria
Next by Date: libxpm: Changes to 'upstream-wheezy'
Previous by thread: Transmaquina - Búsqueda de Proveedor Grúas Telescópicas y Maquinaria
Next by thread: libxpm: Changes to 'upstream-wheezy'
Index(es):
- Date
- Thread