Bug#812362: jessie-pu: package giflib/4.1.6-11+deb8u1

Fri, 22 Jan 2016 10:52:04 -0800 

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian....@packages.debian.org
Usertags: pu

Hi,
I'd like to fix CVE-2015-7555 via jessie-pu since the bug is fixed in
Squeeze LTS and we try to not introduce new security issues when people
upgrade (the Debian security team marked this CVE as no-dsa).

Please find the debdiff attached.
Cheers,
 -- Guido

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'stable-updates'), (500, 'unstable'), 
(500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.1.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

diff --git a/debian/changelog b/debian/changelog
index d1fa6ba..d35e960 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+giflib (4.1.6-11+deb8u1) stable-proposed-updates; urgency=medium
+
+  * Non-maintainer upload by the LTS Security Team.
+  * CVE-2015-7555: bail out if Width > SWidth.
+    Cherry-picked upstream commit 179510be300bf11115e37528d79619b53c884a63
+    (Closes: #808704)
+
+ -- Guido Günther <a...@sigxcpu.org>  Mon, 18 Jan 2016 17:08:39 +0100
+
 giflib (4.1.6-11) unstable; urgency=low
 
   * Remove Provides: libungif4g.
diff --git a/debian/patches/CVE-2015-7555-bail-out-if-Width-SWidth.patch b/debian/patches/CVE-2015-7555-bail-out-if-Width-SWidth.patch
new file mode 100644
index 0000000..e660bea
--- /dev/null
+++ b/debian/patches/CVE-2015-7555-bail-out-if-Width-SWidth.patch
@@ -0,0 +1,22 @@
+From: "Eric S. Raymond" <e...@thyrsus.com>
+Date: Tue, 5 Jan 2016 23:01:45 -0500
+Subject: CVE-2015-7555: bail out if Width > SWidth
+
+Cherry-picked upstream commit 179510be300bf11115e37528d79619b53c884a63
+---
+ util/giffix.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/util/giffix.c b/util/giffix.c
+index 247305e..408d429 100644
+--- a/util/giffix.c
++++ b/util/giffix.c
+@@ -137,6 +137,8 @@ int main(int argc, char **argv)
+ 		Height = GifFileIn->Image.Height;
+ 		GifQprintf("\n%s: Image %d at (%d, %d) [%dx%d]:     ",
+ 		    PROGRAM_NAME, ++ImageNum, Col, Row, Width, Height);
++		if (Width > GifFileIn->SWidth)
++		    GIF_EXIT("Image is wider than total");
+ 
+ 		/* Put the image descriptor to out file: */
+ 		if (EGifPutImageDesc(GifFileOut, Col, Row, Width, Height,
diff --git a/debian/patches/series b/debian/patches/series
index 3bcfb21..e297c1f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@
 02-doc_fixes.patch
 03-spelling_fixes.patch
 04-fprintf_format_error.patch
+CVE-2015-7555-bail-out-if-Width-SWidth.patch

Reply via email to