Package: release.debian.org Severity: normal Tags: bullseye User: release.debian....@packages.debian.org Usertags: pu
Dear release team, the plib versioned 1.8.5-8+deb10u1 is prepared for the bullseye next stable release. [ Reason ] This upload fixes a security issue CVE-2021-38714. [ Impact ] It should not have any impact on end users. [ Tests ] Salsa-ci is employed to check main package characteristics https://salsa.debian.org/debian/plib/-/pipelines/303701 [ Risks ] No risks are known. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] See attached diff. Sanitized values check is implemented. Best regards Anton
diff -Nru plib-1.8.5/debian/changelog plib-1.8.5/debian/changelog --- plib-1.8.5/debian/changelog 2017-07-24 21:24:48.000000000 +0200 +++ plib-1.8.5/debian/changelog 2021-10-17 14:56:13.000000000 +0200 @@ -1,3 +1,10 @@ +plib (1.8.5-8+deb11u1) bullseye; urgency=medium + + * Prevent integer overflow in ssgLoadTGA() function. CVE-2021-38714 + (Closes: #992973) + + -- Anton Gladky <gl...@debian.org> Sun, 17 Oct 2021 14:56:13 +0200 + plib (1.8.5-8) unstable; urgency=medium * QA upload. diff -Nru plib-1.8.5/debian/.gitlab-ci.yml plib-1.8.5/debian/.gitlab-ci.yml --- plib-1.8.5/debian/.gitlab-ci.yml 1970-01-01 01:00:00.000000000 +0100 +++ plib-1.8.5/debian/.gitlab-ci.yml 2021-10-17 14:56:13.000000000 +0200 @@ -0,0 +1,7 @@ +include: + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml + +variables: + RELEASE: 'bullseye' + SALSA_CI_COMPONENTS: 'main contrib non-free' + SALSA_CI_DISABLE_REPROTEST: 1 diff -Nru plib-1.8.5/debian/patches/08_CVE-2021-38714.patch plib-1.8.5/debian/patches/08_CVE-2021-38714.patch --- plib-1.8.5/debian/patches/08_CVE-2021-38714.patch 1970-01-01 01:00:00.000000000 +0100 +++ plib-1.8.5/debian/patches/08_CVE-2021-38714.patch 2021-10-10 15:14:22.000000000 +0200 @@ -0,0 +1,64 @@ +Description: Prevent integer overflow in ssgLoadTGA() function. CVE-2021-38714 +Author: Anton Gladky <gl...@debian.org> +Bug-Debian: https://bugs.debian.org/992973 +Last-Update: 2021-10-02 + +Index: plib/src/ssg/ssgLoadTGA.cxx +=================================================================== +--- plib.orig/src/ssg/ssgLoadTGA.cxx ++++ plib/src/ssg/ssgLoadTGA.cxx +@@ -23,6 +23,7 @@ + + + #include "ssgLocal.h" ++#include <new> + + #ifdef SSG_LOAD_TGA_SUPPORTED + +@@ -103,9 +104,9 @@ bool ssgLoadTGA ( const char *fname, ssg + + // image info + int type = header[2]; +- int xsize = get16u(header + 12); +- int ysize = get16u(header + 14); +- int bits = header[16]; ++ unsigned int xsize = get16u(header + 12); ++ unsigned int ysize = get16u(header + 14); ++ unsigned int bits = header[16]; + + /* image types: + * +@@ -169,9 +170,32 @@ bool ssgLoadTGA ( const char *fname, ssg + } + + ++ const auto bytes_to_allocate = (bits / 8) * xsize * ysize; ++ ++ ulSetError( UL_DEBUG, "bytes_to_allocate=%ld xsize = %ld, ysize = %ld, %ld == %ld ", bytes_to_allocate, xsize, ysize, bytes_to_allocate / xsize, (ysize * (bits / 8))); ++ ++ if (xsize != 0 && ((ysize * (bits / 8)) != bytes_to_allocate / xsize)) ++ { ++ ulSetError( UL_WARNING, "Integer overflow in image size: xsize = %d, ysize = %d", xsize, ysize); ++ return false; ++ } ++ else ++ { ++ ulSetError( UL_DEBUG, "ssgLoadTGA: Allocating %ld bytes for the size %d x %d", bytes_to_allocate, xsize, ysize ); ++ } ++ + // read image data + +- GLubyte *image = new GLubyte [ (bits / 8) * xsize * ysize ]; ++ GLubyte *image; ++ try ++ { ++ image = new GLubyte [ bytes_to_allocate ]; ++ } ++ catch (const std::bad_alloc&) ++ { ++ ulSetError( UL_WARNING, "ssgLoadTGA: Allocation of %d bytes failed!", bytes_to_allocate); ++ return false; ++ } + + if ((type & 8) != 0) + { diff -Nru plib-1.8.5/debian/patches/series plib-1.8.5/debian/patches/series --- plib-1.8.5/debian/patches/series 2017-07-24 20:11:17.000000000 +0200 +++ plib-1.8.5/debian/patches/series 2021-10-02 13:24:19.000000000 +0200 @@ -6,3 +6,4 @@ 06_spelling_errors.diff 05_CVE-2012-4552.diff 07_dont_break_joystick_system_calibration.diff +08_CVE-2021-38714.patch
