Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package lcms2 The new package fixes a grave security bug (#852627), which was submitted just two days ago. Debdiff with one-line change attached. unblock lcms2/2.8-4 Thanks Thomas -- System Information: Debian Release: 9.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
diff -Nru lcms2-2.8/debian/changelog lcms2-2.8/debian/changelog --- lcms2-2.8/debian/changelog 2016-12-18 23:24:18.000000000 +0100 +++ lcms2-2.8/debian/changelog 2017-01-26 11:04:13.000000000 +0100 @@ -1,3 +1,11 @@ +lcms2 (2.8-4) unstable; urgency=medium + + * New patch: debian/patches/fix-CVE-2016-10165.patch. + Fix for CVE-2016-10165. (Closes: #852627) + Thanks to Salvatore Bonaccorso <car...@debian.org> + + -- Thomas Weber <twe...@debian.org> Thu, 26 Jan 2017 11:04:13 +0100 + lcms2 (2.8-3) unstable; urgency=medium * New patch: lcms2-fix-strFrom16-byte-order.patch. diff -Nru lcms2-2.8/debian/patches/fix-CVE-2016-10165.patch lcms2-2.8/debian/patches/fix-CVE-2016-10165.patch --- lcms2-2.8/debian/patches/fix-CVE-2016-10165.patch 1970-01-01 01:00:00.000000000 +0100 +++ lcms2-2.8/debian/patches/fix-CVE-2016-10165.patch 2017-01-26 11:04:13.000000000 +0100 @@ -0,0 +1,17 @@ +Description: Fix for CVE-2016-10165 + Fixes an out-of-bounds read in Type_MLU_Read() +Origin: https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2 +Author: Marti <marti.ma...@tktbrainpower.com> +Applied-upstream: https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2 +Forwarded: not-needed +Bug-Debian: https://bugs.debian.org/852627 +--- a/src/cmstypes.c ++++ b/src/cmstypes.c +@@ -1460,6 +1460,7 @@ + + // Check for overflow + if (Offset < (SizeOfHeader + 8)) goto Error; ++ if ((Offset + Len) > SizeOfTag + 8) goto Error; + + // True begin of the string + BeginOfThisString = Offset - SizeOfHeader - 8; diff -Nru lcms2-2.8/debian/patches/series lcms2-2.8/debian/patches/series --- lcms2-2.8/debian/patches/series 2016-12-18 23:24:18.000000000 +0100 +++ lcms2-2.8/debian/patches/series 2017-01-26 11:04:13.000000000 +0100 @@ -1,3 +1,4 @@ prepare-for-libtoolizing.patch dont-write-uninitialized-memory-for-color-strings.patch lcms2-fix-strFrom16-byte-order.patch +fix-CVE-2016-10165.patch