Your message dated Wed, 15 Nov 2017 19:35:16 +0000 with message-id <e1ef3su-000ffg...@fasolo.debian.org> and subject line Bug#881396: fixed in fig2dev 1:3.2.6a-6 has caused the Debian Bug report #881396, regarding fig2dev: buffer overflow in note_pattern() to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 881396: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881396 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: fig2dev Version: 1:3.2.6a-5 fig2dev crashes on the attached file: $ fig2dev -L epic overflow.fig Segmentation fault GDB says it's a buffer overflow: Program received signal SIGSEGV, Segmentation fault. 0x56563a0d in note_pattern (fill_style=123456789) at read.c:1450 warning: Source file is more recent than executable. 1450 pattern_used[fill_style-NUMSHADES-NUMTINTS] = true; (gdb) bt #0 0x56563a0d in note_pattern (fill_style=123456789) at read.c:1450 #1 read_splineobject (fp=0x56618838, fp@entry=0x0) at read.c:1054 #2 0x5656522e in read_objects (obj=0x56618838, fp=<optimized out>) at read.c:380 #3 readfp_fig (fp=<optimized out>, obj=<optimized out>) at read.c:183 #4 0x5655aa47 in main (argc=4, argv=0xffffd744) at fig2dev.c:412 Found using American Fuzzy Lop: http://lcamtuf.coredump.cx/afl/ -- System Information: Architecture: i386 Versions of packages fig2dev depends on: ii gawk 1:4.1.4+dfsg-1 ii x11-common 1:7.7+19 ii libc6 2.24-17 ii libpng16-16 1.6.34-1 ii libxpm4 1:3.5.12-1 -- Jakub Wilk
overflow.fig
Description: application/xfig
--- End Message ---
--- Begin Message ---Source: fig2dev Source-Version: 1:3.2.6a-6 We believe that the bug you reported is fixed in the latest version of fig2dev, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 881...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Roland Rosenfeld <rol...@debian.org> (supplier of updated fig2dev package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 13 Nov 2017 17:58:24 +0100 Source: fig2dev Binary: fig2dev Architecture: source amd64 Version: 1:3.2.6a-6 Distribution: unstable Urgency: medium Maintainer: Roland Rosenfeld <rol...@debian.org> Changed-By: Roland Rosenfeld <rol...@debian.org> Description: fig2dev - Utilities for converting XFig figure files Closes: 881396 Changes: fig2dev (1:3.2.6a-6) unstable; urgency=medium . * 32_fill-style-overflow: Sanitize input of fill patterns (Closes: #881396). Checksums-Sha1: 1d871b3b2d6149383f78ab38305c120373dcbe56 2092 fig2dev_3.2.6a-6.dsc 574a0652d61f22b44921982d1d9c67da3afbab7e 210128 fig2dev_3.2.6a-6.debian.tar.xz a0822376f327bfae9d889d90e41e334f9cbba81c 556176 fig2dev-dbgsym_3.2.6a-6_amd64.deb 84238781f082da7c2815009898bb6498123e0781 9265 fig2dev_3.2.6a-6_amd64.buildinfo e98a212c3d009c14174c0b8e24eeec0f3b70f86d 661464 fig2dev_3.2.6a-6_amd64.deb Checksums-Sha256: 77c35d3722956376ab13e1dda10889566d23c6e6fbfc0807d30590e37c5426b8 2092 fig2dev_3.2.6a-6.dsc 328330a053cd643d9d4ddd5eed05538fa6dc85582436e4d2155eaf26eb8ffeca 210128 fig2dev_3.2.6a-6.debian.tar.xz 7586c1bcacddfbbc1d76038d53a4a721fe4eba28aba53f3ec2aa470cd8d3974d 556176 fig2dev-dbgsym_3.2.6a-6_amd64.deb 49f0d235e14381e5f3e53578f52e9ecc6a3034b903aa96ec7e1d4edbfd53463d 9265 fig2dev_3.2.6a-6_amd64.buildinfo 049df72fddf9d77bc6120c692ca9469c7ca8d744e6ef422e58912195fe8b9896 661464 fig2dev_3.2.6a-6_amd64.deb Files: 1c1640a39cde0920f11251dfa7864cb1 2092 graphics optional fig2dev_3.2.6a-6.dsc cd10f785d7de1535227a21cb156c77f0 210128 graphics optional fig2dev_3.2.6a-6.debian.tar.xz b47be411ca4f749ca17380497dfcb47d 556176 debug optional fig2dev-dbgsym_3.2.6a-6_amd64.deb 7dd6f4d2f59409b2759df6ba7150ccc1 9265 graphics optional fig2dev_3.2.6a-6_amd64.buildinfo 5cf0157a173818e779505bf9f9e930e1 661464 graphics optional fig2dev_3.2.6a-6_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEErC+9sQSUPYpEoCEdAnE7z8pUELIFAloMkuUACgkQAnE7z8pU ELI01hAAo6xnmLurad+jdvZB1C2CSQrPxpnC/Pn/gJq6PdBJHXDd8Mdicb/xNdik lbanJvQRKEwHdxEas/NuNFwwxHXK7LUksTEuElqKU423P72a6ytJ2IjLBOSrETpv Brmevv7gajET8mpLye8nBZQfWXt0LDNzAMxenI0W6cScqx3Z4JW8yh3DQiL5Y+1x IUt2/ZbuwDU6T9IofNIhBenH9gHWuPCjiOybd9rS2hiDU5/Y0+rHJbNahyJ7m/U7 +E6YErKYssaiFhVxGXxy1Q2BXjXdyIa1ehZw/pogDcGlty9Tneslxk3Kk636oU3d B2SnLv73NJfC2nB3QlFAIB4oHsIOTG8AyIfOSV4/qP2lCopFVuum3WXszco0O3lV SZ26jE7ZkHDHRFHytG5LFbQ7cHLYIPuEqENdfJuMG5Xin2s1GYWufH2W0cqlx9Wr +3H2RvhiKJqggHA1HKuhlRgFFFMREk1IQxPr1Myb34ofgKT5HiTCxnZKCahAwfb7 wb63MuMF88lJ4N+X26YYMvVahYuxACs6uTReLugphZ81Ke7RIk4nnZV3Dvke0A2h s6DC0v5DlEnKb3rIpMrIClGJF76bcVHB27t4U3Uygdzmb+jW8sqPH7c0OdfNCL7m V+h72XYBFGdlQr+yjTBmvt5KPx7sCOM8hrANYqvCtX+no/lQJaM= =0Y47 -----END PGP SIGNATURE-----
--- End Message ---
