[freeimage] 01/03: Fix integer overflow in the ljpeg_start function CVE-2015-3885. (Closes: #786790)
Anton Gladky
gladk at moszumanska.debian.org
Mon Jan 18 07:35:40 UTC 2016
This is an automated email from the git hooks/post-receive script.
gladk pushed a commit to branch debian/wheezy
in repository freeimage.
commit 50f1388749a47cefafbcbe275a345c14a239cf92
Author: Anton Gladky <gladk at debian.org>
Date: Thu Oct 29 23:14:50 2015 +0100
Fix integer overflow in the ljpeg_start function CVE-2015-3885. (Closes: #786790)
---
.../fix_Integer_overflow_in_ljpeg_start.patch | 34 ++++++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 35 insertions(+)
diff --git a/debian/patches/fix_Integer_overflow_in_ljpeg_start.patch b/debian/patches/fix_Integer_overflow_in_ljpeg_start.patch
new file mode 100644
index 0000000..3b84e80
--- /dev/null
+++ b/debian/patches/fix_Integer_overflow_in_ljpeg_start.patch
@@ -0,0 +1,34 @@
+Description: Fix integer overflow in the ljpeg_start function in dcraw
+Author: Alex Tutubalin <lexa at lexa.ru>
+Bug-Debian: https://bugs.debian.org/786790
+Origin: https://github.com/LibRaw/LibRaw/commit/4606c28f494a750892c5c1ac7903e62dd1c6fdb5
+ https://github.com/rawstudio/rawstudio/commit/983bda1f0fa5fa86884381208274198a620f006e
+Bug: https://security-tracker.debian.org/tracker/CVE-2015-3885
+Bug: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3885
+Reviewed-By: Anton Gladky <gladk at debian.org>
+Last-Update: 2015-10-29
+
+--- freeimage-3.15.4.orig/Source/LibRawLite/dcraw/dcraw.c
++++ freeimage-3.15.4/Source/LibRawLite/dcraw/dcraw.c
+@@ -768,7 +768,8 @@ struct jhead {
+
+ int CLASS ljpeg_start (struct jhead *jh, int info_only)
+ {
+- int c, tag, len;
++ int c, tag;
++ ushort len;
+ uchar data[0x10000];
+ const uchar *dp;
+
+--- freeimage-3.15.4.orig/Source/LibRawLite/internal/dcraw_common.cpp
++++ freeimage-3.15.4/Source/LibRawLite/internal/dcraw_common.cpp
+@@ -630,7 +630,8 @@ void CLASS canon_compressed_load_raw()
+
+ int CLASS ljpeg_start (struct jhead *jh, int info_only)
+ {
+- int c, tag, len;
++ int c, tag;
++ ushort len;
+ uchar data[0x10000];
+ const uchar *dp;
+
diff --git a/debian/patches/series b/debian/patches/series
index e1c085c..7506280 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@ disable_embedded_libraries.patch
fix_ftbfs_amd64.patch
makefile_modifications.patch
fix_integer_overflow.patch
+fix_Integer_overflow_in_ljpeg_start.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-science/packages/freeimage.git
More information about the debian-science-commits
mailing list