gpart_0.1h-12_amd64.changes ACCEPTED into experimental
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Sun, 01 Mar 2015 11:45:34 -0300 Source: gpart Binary: gpart Architecture: source amd64 Version: 0.1h-12 Distribution: experimental Urgency: medium Maintainer: Debian Forensics forensics-devel@lists.alioth.debian.org Changed-By: Joao Eriberto Mota Filho eribe...@debian.org Description: gpart - Guess PC disk partition table, find lost partitions Closes: 630336 Changes: gpart (0.1h-12) experimental; urgency=medium . * New co-maintainer. * Updated the upstream homepage. (Closes: #630336) * Migrations: - DebSrc to 3.0 version. - DH level to 9. * debian/control: - Added the 'forensics' word to long description. - Bumped Standards-Version to 3.9.6. - Updated the Vcs-* fields. * debian/copyright: - Updated all copyright files, authors and dates. - Updated the file header. - Updated the GPL-2 license text. * debian/gpart.docs: renamed to docs. * debian/patches/: - Added the 'Last-Update' field to 02-ntfs-winxp, 03-open-mode and 04-imagefile patches. - Added 05-add-hardening to implement the GCC hardening. - Added 06-fix-manpage to fix some hyphens used as minus sign. - Removed all .patch extensions. - Tried to discover/describe each action, creating headers for all authors and dates. However, is very hard say that the result is 100% reliable. * debian/rules: - Full updated. - Added DEB_CFLAGS_MAINT_APPEND and DEB_LDFLAGS_MAINT_APPEND to fix issues shown by blhc command. * debian/source.lintian-overrides: removed because produces an undesirable action. * debian/watch: added. Checksums-Sha1: 94802b0fe56cb3e4f46312435ca65763834e6b65 1859 gpart_0.1h-12.dsc 92299cbdda6d43719136c83f2e040e5ce982d5ef 12552 gpart_0.1h-12.debian.tar.xz 66afef8841dc924f0e43122256e06d295c10efbc 35304 gpart_0.1h-12_amd64.deb Checksums-Sha256: 164729ef137ef126eb677be602e3b87ff6d8016ab79bb55dcc782c77d9337462 1859 gpart_0.1h-12.dsc 13cc10108b5f161ff934bf5decda30aeb855204de2c0c8a3c8cf93886613df6c 12552 gpart_0.1h-12.debian.tar.xz 21363b6ddf25f8f90749c5ad1f4bf41e179a0ec9728a635fe91b8cfb085ee251 35304 gpart_0.1h-12_amd64.deb Files: b91d2e2817fac41076371ccab54fe7ea 1859 admin optional gpart_0.1h-12.dsc 24e987a711eaa20501a5a54c337ce61f 12552 admin optional gpart_0.1h-12.debian.tar.xz b433d2f9edfe3d54741a586fc9da 35304 admin optional gpart_0.1h-12_amd64.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJU83p2AAoJEN5juccE6+nvb0EP/05zca0B9un/8ozYULKROm9d rlRPwnZpv7HMP794rHHE1E0LSgjtBFx0TJi3pf+6sCl+1y/ALRlCjX6qUVYQUL35 QygABmi81n1myqa5VuW2pIV4ehGV6C4K7qGNSdSuvJ6u1uXvjf0BI3DGdBA9KecL MSHYH4sj1gysx0H3J3+Vm6EDx95xr1c7HL7FLLujOnfRGhQ6B96kr04jkhovvif9 N2EUAN91p7/uGROGdgOQZvxau9tyDDxUy4+sdhnDKjxVPviNClPNYtkQMCDVcHEv 1bK9kbG81xn5qj45waOX/hBR7muxVezu0L2mFPbR7bgyS0JbW+wbZAbg/NfnlFDB WTCSBqEh5HlxqJa0IckgveSVyEArwqSxi8+JJvfdgN4ep9oqFlGtLt4kOiJ/sNd/ rbWQBfB6P4Isj4pFoztAecPKpoQ67UTf1zO2BgXzzVG36wlhdx+NoYxrVVfpMfS5 YKFXePJwqY8iYg18Zp/cPw+WiBM2tAw6MYLywUzM64U6pFTkv1NQyHKgiSvRGK3i 1wtdgWD/mj/r5O+N+vltg7aZceRx5p0R17/WXJauCoUTQ5amFrJsVeOH+WBuUxSW UsZDTvoH6xnIB6HBrKVsqIPh3NRiuD5nhOyo4aM9N86GousyXWOr6zo7wWtcQfKi ZTpKRB0UB4DSAUC+G4Qz =bFEW -END PGP SIGNATURE- Thank you for your contribution to Debian. ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
metacam issues
Hi,
I found lots of issues from metacam package in Debian while fuzzing with AFL
http://lcamtuf.coredump.cx/afl/.
Popularity of this package is pretty low currently:
https://qa.debian.org/popcon.php?package=metacam
Do you want me to report these issues to Debian bug tracking system? I was
unable to find upstream issue tracker for this package and our Git URL seems to
be broken according to http://duck.debian.net/static/sp/m/metacam.html
Some of these issues probably has security impact on systems executing malicious
files with cli program. Please note that the cli program might be dependency in
web-application etc.
Do we really want to have several packages in Debian, which list and/or edit
EXIF data for JPEG files?
I have attached one of the sample files to this email.
5d4c287cf40b73d2a5aac8b4a7367564ce823937 afl-metacam-sample-001.jpg
Starting program: metacam afl-metacam-sample-001.jpg
File: afl-metacam-sample-001.jpg
WARNING: Unknown field type 0
WARNING: Unknown field type 0
Standard Fields ---
Program received signal SIGSEGV, Segmentation fault.
tiffRATIONAL::normalize (this=0x0) at rationals.cc:40
40 if ((num == 0) || (den == 0)) return *this;
(gdb) bt
#0 tiffRATIONAL::normalize (this=0x0) at rationals.cc:40
#1 0x00421bf7 in dpyResolution (ctx=..., name=0x4584f7 X Resolution,
e=...) at dpyfuncs.cc:194
#2 0x0040ebe3 in displayTags (driver=driver@entry=0x661010,
header=header@entry=0x4581e5 Standard Fields, tag_map=..., known=optimized
out,
verbose=0) at metacam.cc:86
#3 0x004060bc in processFile (is=..., fname=optimized out,
driver=0x661010) at metacam.cc:255
#4 main (argc=optimized out, argv=optimized out) at metacam.cc:359
#5 0x772d1ead in __libc_start_main (main=optimized out,
argc=optimized out, ubp_av=optimized out, init=optimized out,
fini=optimized out, rtld_fini=optimized out, stack_end=0x7fffe4e8)
at libc-start.c:244
#6 0x0040c271 in _start ()
(gdb) list
35
36
37 tiffRATIONAL
38 tiffRATIONAL::normalize() const
39 {
40 if ((num == 0) || (den == 0)) return *this;
41 unsigned long d = Euclid(num, den);
42 return tiffRATIONAL(num/d, den/d);
43 }
44
--
Henri Salo
signature.asc
Description: Digital signature
___
forensics-devel mailing list
forensics-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
Bug#779527: sample file
Thanks a lot Henri. The upstream development is dead. We need wait a day when someone will rescue this program. However, your reports are very important and useful. Cheers, Eriberto 2015-03-02 12:42 GMT-03:00 Henri Salo he...@nerv.fi: File attached. -- Henri Salo ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
Bug#779527: sample file
File attached. -- Henri Salo ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
Processed: bug 779527 is forwarded to https://github.com/hfiguiere/exifprobe/issues/3 ...
Processing commands for cont...@bugs.debian.org: forwarded 779527 https://github.com/hfiguiere/exifprobe/issues/3 Bug #779527 [exifprobe] exifprobe: denial of service Set Bug forwarded-to-address to 'https://github.com/hfiguiere/exifprobe/issues/3'. forwarded 779525 https://github.com/hfiguiere/exifprobe/issues/2 Bug #779525 [exifprobe] exifprobe: double free or corruption Set Bug forwarded-to-address to 'https://github.com/hfiguiere/exifprobe/issues/2'. thanks Stopping processing here. Please contact me if you need assistance. -- 779525: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779525 779527: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779527 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
Processed: tagging 779525
Processing commands for cont...@bugs.debian.org: tags 779525 + fixed-upstream Bug #779525 [exifprobe] exifprobe: double free or corruption Added tag(s) fixed-upstream. thanks Stopping processing here. Please contact me if you need assistance. -- 779525: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779525 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
