gpart_0.1h-12_amd64.changes ACCEPTED into experimental
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Sun, 01 Mar 2015 11:45:34 -0300 Source: gpart Binary: gpart Architecture: source amd64 Version: 0.1h-12 Distribution: experimental Urgency: medium Maintainer: Debian Forensics forensics-devel@lists.alioth.debian.org Changed-By: Joao Eriberto Mota Filho eribe...@debian.org Description: gpart - Guess PC disk partition table, find lost partitions Closes: 630336 Changes: gpart (0.1h-12) experimental; urgency=medium . * New co-maintainer. * Updated the upstream homepage. (Closes: #630336) * Migrations: - DebSrc to 3.0 version. - DH level to 9. * debian/control: - Added the 'forensics' word to long description. - Bumped Standards-Version to 3.9.6. - Updated the Vcs-* fields. * debian/copyright: - Updated all copyright files, authors and dates. - Updated the file header. - Updated the GPL-2 license text. * debian/gpart.docs: renamed to docs. * debian/patches/: - Added the 'Last-Update' field to 02-ntfs-winxp, 03-open-mode and 04-imagefile patches. - Added 05-add-hardening to implement the GCC hardening. - Added 06-fix-manpage to fix some hyphens used as minus sign. - Removed all .patch extensions. - Tried to discover/describe each action, creating headers for all authors and dates. However, is very hard say that the result is 100% reliable. * debian/rules: - Full updated. - Added DEB_CFLAGS_MAINT_APPEND and DEB_LDFLAGS_MAINT_APPEND to fix issues shown by blhc command. * debian/source.lintian-overrides: removed because produces an undesirable action. * debian/watch: added. Checksums-Sha1: 94802b0fe56cb3e4f46312435ca65763834e6b65 1859 gpart_0.1h-12.dsc 92299cbdda6d43719136c83f2e040e5ce982d5ef 12552 gpart_0.1h-12.debian.tar.xz 66afef8841dc924f0e43122256e06d295c10efbc 35304 gpart_0.1h-12_amd64.deb Checksums-Sha256: 164729ef137ef126eb677be602e3b87ff6d8016ab79bb55dcc782c77d9337462 1859 gpart_0.1h-12.dsc 13cc10108b5f161ff934bf5decda30aeb855204de2c0c8a3c8cf93886613df6c 12552 gpart_0.1h-12.debian.tar.xz 21363b6ddf25f8f90749c5ad1f4bf41e179a0ec9728a635fe91b8cfb085ee251 35304 gpart_0.1h-12_amd64.deb Files: b91d2e2817fac41076371ccab54fe7ea 1859 admin optional gpart_0.1h-12.dsc 24e987a711eaa20501a5a54c337ce61f 12552 admin optional gpart_0.1h-12.debian.tar.xz b433d2f9edfe3d54741a586fc9da 35304 admin optional gpart_0.1h-12_amd64.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJU83p2AAoJEN5juccE6+nvb0EP/05zca0B9un/8ozYULKROm9d rlRPwnZpv7HMP794rHHE1E0LSgjtBFx0TJi3pf+6sCl+1y/ALRlCjX6qUVYQUL35 QygABmi81n1myqa5VuW2pIV4ehGV6C4K7qGNSdSuvJ6u1uXvjf0BI3DGdBA9KecL MSHYH4sj1gysx0H3J3+Vm6EDx95xr1c7HL7FLLujOnfRGhQ6B96kr04jkhovvif9 N2EUAN91p7/uGROGdgOQZvxau9tyDDxUy4+sdhnDKjxVPviNClPNYtkQMCDVcHEv 1bK9kbG81xn5qj45waOX/hBR7muxVezu0L2mFPbR7bgyS0JbW+wbZAbg/NfnlFDB WTCSBqEh5HlxqJa0IckgveSVyEArwqSxi8+JJvfdgN4ep9oqFlGtLt4kOiJ/sNd/ rbWQBfB6P4Isj4pFoztAecPKpoQ67UTf1zO2BgXzzVG36wlhdx+NoYxrVVfpMfS5 YKFXePJwqY8iYg18Zp/cPw+WiBM2tAw6MYLywUzM64U6pFTkv1NQyHKgiSvRGK3i 1wtdgWD/mj/r5O+N+vltg7aZceRx5p0R17/WXJauCoUTQ5amFrJsVeOH+WBuUxSW UsZDTvoH6xnIB6HBrKVsqIPh3NRiuD5nhOyo4aM9N86GousyXWOr6zo7wWtcQfKi ZTpKRB0UB4DSAUC+G4Qz =bFEW -END PGP SIGNATURE- Thank you for your contribution to Debian. ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
metacam issues
Hi, I found lots of issues from metacam package in Debian while fuzzing with AFL http://lcamtuf.coredump.cx/afl/. Popularity of this package is pretty low currently: https://qa.debian.org/popcon.php?package=metacam Do you want me to report these issues to Debian bug tracking system? I was unable to find upstream issue tracker for this package and our Git URL seems to be broken according to http://duck.debian.net/static/sp/m/metacam.html Some of these issues probably has security impact on systems executing malicious files with cli program. Please note that the cli program might be dependency in web-application etc. Do we really want to have several packages in Debian, which list and/or edit EXIF data for JPEG files? I have attached one of the sample files to this email. 5d4c287cf40b73d2a5aac8b4a7367564ce823937 afl-metacam-sample-001.jpg Starting program: metacam afl-metacam-sample-001.jpg File: afl-metacam-sample-001.jpg WARNING: Unknown field type 0 WARNING: Unknown field type 0 Standard Fields --- Program received signal SIGSEGV, Segmentation fault. tiffRATIONAL::normalize (this=0x0) at rationals.cc:40 40 if ((num == 0) || (den == 0)) return *this; (gdb) bt #0 tiffRATIONAL::normalize (this=0x0) at rationals.cc:40 #1 0x00421bf7 in dpyResolution (ctx=..., name=0x4584f7 X Resolution, e=...) at dpyfuncs.cc:194 #2 0x0040ebe3 in displayTags (driver=driver@entry=0x661010, header=header@entry=0x4581e5 Standard Fields, tag_map=..., known=optimized out, verbose=0) at metacam.cc:86 #3 0x004060bc in processFile (is=..., fname=optimized out, driver=0x661010) at metacam.cc:255 #4 main (argc=optimized out, argv=optimized out) at metacam.cc:359 #5 0x772d1ead in __libc_start_main (main=optimized out, argc=optimized out, ubp_av=optimized out, init=optimized out, fini=optimized out, rtld_fini=optimized out, stack_end=0x7fffe4e8) at libc-start.c:244 #6 0x0040c271 in _start () (gdb) list 35 36 37 tiffRATIONAL 38 tiffRATIONAL::normalize() const 39 { 40 if ((num == 0) || (den == 0)) return *this; 41 unsigned long d = Euclid(num, den); 42 return tiffRATIONAL(num/d, den/d); 43 } 44 -- Henri Salo signature.asc Description: Digital signature ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
Bug#779527: sample file
Thanks a lot Henri. The upstream development is dead. We need wait a day when someone will rescue this program. However, your reports are very important and useful. Cheers, Eriberto 2015-03-02 12:42 GMT-03:00 Henri Salo he...@nerv.fi: File attached. -- Henri Salo ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
Bug#779527: sample file
File attached. -- Henri Salo ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
Processed: bug 779527 is forwarded to https://github.com/hfiguiere/exifprobe/issues/3 ...
Processing commands for cont...@bugs.debian.org: forwarded 779527 https://github.com/hfiguiere/exifprobe/issues/3 Bug #779527 [exifprobe] exifprobe: denial of service Set Bug forwarded-to-address to 'https://github.com/hfiguiere/exifprobe/issues/3'. forwarded 779525 https://github.com/hfiguiere/exifprobe/issues/2 Bug #779525 [exifprobe] exifprobe: double free or corruption Set Bug forwarded-to-address to 'https://github.com/hfiguiere/exifprobe/issues/2'. thanks Stopping processing here. Please contact me if you need assistance. -- 779525: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779525 779527: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779527 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
Processed: tagging 779525
Processing commands for cont...@bugs.debian.org: tags 779525 + fixed-upstream Bug #779525 [exifprobe] exifprobe: double free or corruption Added tag(s) fixed-upstream. thanks Stopping processing here. Please contact me if you need assistance. -- 779525: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779525 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel