Package: release.debian.org Severity: normal Tags: wheezy User: release.debian....@packages.debian.org Usertags: pu
Hello, I have prepared a security update for optipng in wheezy to address CVE-2015-7801. I have contacted the security team but they don't think this issue warrants a DSA. Please find attached the debdiff. Regards, Markus
diff -Nru optipng-0.6.4/debian/changelog optipng-0.6.4/debian/changelog --- optipng-0.6.4/debian/changelog 2010-03-17 16:26:21.000000000 +0100 +++ optipng-0.6.4/debian/changelog 2016-03-28 23:41:09.000000000 +0200 @@ -1,3 +1,12 @@ +optipng (0.6.4-1+deb7u1) wheezy; urgency=high + + * Non-maintainer upload. + * Fix CVE-2015-7801: + Use-after-free vulnerability in optipng 0.6.4 is causing an invalid/double + free. + + -- Markus Koschany <a...@debian.org> Mon, 28 Mar 2016 23:15:19 +0200 + optipng (0.6.4-1) unstable; urgency=low * New upstream release; diff -Nru optipng-0.6.4/debian/patches/CVE-2015-7801.patch optipng-0.6.4/debian/patches/CVE-2015-7801.patch --- optipng-0.6.4/debian/patches/CVE-2015-7801.patch 1970-01-01 01:00:00.000000000 +0100 +++ optipng-0.6.4/debian/patches/CVE-2015-7801.patch 2016-03-28 23:41:09.000000000 +0200 @@ -0,0 +1,34 @@ +From: Markus Koschany <a...@debian.org> +Date: Mon, 28 Mar 2016 23:13:51 +0200 +Subject: CVE-2015-7801 + +Fix Use-after-free vulnerability in optipng 0.6.4 is causing an invalid/double +free. +--- + src/opngoptim.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/opngoptim.c b/src/opngoptim.c +index aab5580..cf55ed6 100644 +--- a/src/opngoptim.c ++++ b/src/opngoptim.c +@@ -1877,7 +1877,7 @@ opng_initialize(const struct opng_options *init_options, + int + opng_optimize(const char *infile_name) + { +- const char *err_msg; ++ const char *err_msg = ""; + volatile int result; /* needs not be volatile, but keeps compilers happy */ + + OPNG_ENSURE(engine.started, "The OptiPNG engine is not running"); +@@ -1906,7 +1906,9 @@ opng_optimize(const char *infile_name) + opng_print_error(err_msg); + result = -1; + } +- opng_destroy_image_info(); ++ // Don't attempt to free if libpng is confused ++ if (strcmp(err_msg, "Inconsistent data in libpng")) ++ opng_destroy_image_info(); + usr_printf("\n"); + return result; + } diff -Nru optipng-0.6.4/debian/patches/series optipng-0.6.4/debian/patches/series --- optipng-0.6.4/debian/patches/series 1970-01-01 01:00:00.000000000 +0100 +++ optipng-0.6.4/debian/patches/series 2016-03-28 23:41:09.000000000 +0200 @@ -0,0 +1 @@ +CVE-2015-7801.patch