Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
Anton Gladky
Anhänge15:17 (vor 1 Minute)
an Debian; Bcc: gladk
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
Dear release team,
the plib versioned 1.8.5-8+deb10u1 is prepared for the bullseye next
stable release.
[ Reason ]
This upload fixes a security issue CVE-2021-38714.
[ Impact ]
It should not have any impact on end users.
[ Tests ]
Salsa-ci is employed to check main package characteristics
https://salsa.debian.org/debian/plib/-/pipelines/303704
[ Risks ]
No risks are known.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
See attached diff. Sanitized values check is implemented.
Best regards
Anton
diff -Nru plib-1.8.5/debian/changelog plib-1.8.5/debian/changelog
--- plib-1.8.5/debian/changelog 2017-07-24 21:24:48.0 +0200
+++ plib-1.8.5/debian/changelog 2021-10-17 14:56:13.0 +0200
@@ -1,3 +1,10 @@
+plib (1.8.5-8+deb10u1) buster; urgency=medium
+
+ * Prevent integer overflow in ssgLoadTGA() function. CVE-2021-38714
+(Closes: #992973)
+
+ -- Anton Gladky Sun, 17 Oct 2021 14:56:13 +0200
+
plib (1.8.5-8) unstable; urgency=medium
* QA upload.
diff -Nru plib-1.8.5/debian/.gitlab-ci.yml plib-1.8.5/debian/.gitlab-ci.yml
--- plib-1.8.5/debian/.gitlab-ci.yml1970-01-01 01:00:00.0 +0100
+++ plib-1.8.5/debian/.gitlab-ci.yml2021-10-17 14:56:13.0 +0200
@@ -0,0 +1,7 @@
+include:
+ -
https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml
+
+variables:
+ RELEASE: 'buster'
+ SALSA_CI_COMPONENTS: 'main contrib non-free'
+ SALSA_CI_DISABLE_REPROTEST: 1
diff -Nru plib-1.8.5/debian/patches/08_CVE-2021-38714.patch
plib-1.8.5/debian/patches/08_CVE-2021-38714.patch
--- plib-1.8.5/debian/patches/08_CVE-2021-38714.patch 1970-01-01
01:00:00.0 +0100
+++ plib-1.8.5/debian/patches/08_CVE-2021-38714.patch 2021-10-10
15:14:22.0 +0200
@@ -0,0 +1,64 @@
+Description: Prevent integer overflow in ssgLoadTGA() function. CVE-2021-38714
+Author: Anton Gladky
+Bug-Debian: https://bugs.debian.org/992973
+Last-Update: 2021-10-02
+
+Index: plib/src/ssg/ssgLoadTGA.cxx
+===
+--- plib.orig/src/ssg/ssgLoadTGA.cxx
plib/src/ssg/ssgLoadTGA.cxx
+@@ -23,6 +23,7 @@
+
+
+ #include "ssgLocal.h"
++#include
+
+ #ifdef SSG_LOAD_TGA_SUPPORTED
+
+@@ -103,9 +104,9 @@ bool ssgLoadTGA ( const char *fname, ssg
+
+ // image info
+ int type = header[2];
+-int xsize = get16u(header + 12);
+-int ysize = get16u(header + 14);
+-int bits = header[16];
++unsigned int xsize = get16u(header + 12);
++unsigned int ysize = get16u(header + 14);
++unsigned int bits = header[16];
+
+ /* image types:
+ *
+@@ -169,9 +170,32 @@ bool ssgLoadTGA ( const char *fname, ssg
+ }
+
+
++const auto bytes_to_allocate = (bits / 8) * xsize * ysize;
++
++ulSetError( UL_DEBUG, "bytes_to_allocate=%ld xsize = %ld, ysize = %ld,
%ld == %ld ", bytes_to_allocate, xsize, ysize, bytes_to_allocate / xsize,
(ysize * (bits / 8)));
++
++if (xsize != 0 && ((ysize * (bits / 8)) != bytes_to_allocate / xsize))
++{
++ ulSetError( UL_WARNING, "Integer overflow in image size: xsize = %d,
ysize = %d", xsize, ysize);
++ return false;
++}
++else
++{
++ulSetError( UL_DEBUG, "ssgLoadTGA: Allocating %ld bytes for the size
%d x %d", bytes_to_allocate, xsize, ysize );
++}
++
+ // read image data
+
+-GLubyte *image = new GLubyte [ (bits / 8) * xsize * ysize ];
++GLubyte *image;
++try
++{
++image = new GLubyte [ bytes_to_allocate ];
++}
++catch (const std::bad_alloc&)
++{
++ulSetError( UL_WARNING, "ssgLoadTGA: Allocation of %d bytes
failed!", bytes_to_allocate);
++ return false;
++}
+
+ if ((type & 8) != 0)
+ {
diff -Nru plib-1.8.5/debian/patches/series plib-1.8.5/debian/patches/series
--- plib-1.8.5/debian/patches/series2017-07-24 20:11:17.0 +0200
+++ plib-1.8.5/debian/patches/series2021-10-02 13:24:19.0 +0200
@@ -6,3 +6,4 @@
06_spelling_errors.diff
05_CVE-2012-4552.diff
07_dont_break_joystick_system_calibration.diff
+08_CVE-2021-38714.patch