Package: cupsys Version: 1.2.12-1 Severity: grave Tags: security, patch Justification: user security hole
Hi A vulnerability has been found in libpoppler and related packages. From CVE-2007-3387: "Integer overflow in the StreamPredictor::StreamPredictor function in gpdf before 2.8.2, as used in (1) poppler, (2) xpdf, (3) kpdf, (4) kdegraphics, (5) CUPS, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file." Please mention the CVE id in the changelog. A patch to fix this issue is attached below. If you do not have the time, please give me permission to upload an NMU. Thanks for your efforts Cheers Steffen diff -u cupsys-1.2.12/debian/patches/00list cupsys-1.2.12/debian/patches/00list --- cupsys-1.2.12/debian/patches/00list +++ cupsys-1.2.12/debian/patches/00list @@ -26,0 +27 @@ +CVE-2007-3387.dpatch diff -u cupsys-1.2.12/debian/changelog cupsys-1.2.12/debian/changelog --- cupsys-1.2.12/debian/changelog +++ cupsys-1.2.12/debian/changelog @@ -1,3 +1,12 @@ +cupsys (1.2.12-1.1) unstable; urgency=high + + * Non-maintainer upload + * Include upstream patch to fix integer overflow in the + StreamPredictor::StreamPredictor function + Fixes: CVE-2007-3387 + + -- Steffen Joeris <[EMAIL PROTECTED]> Sun, 05 Aug 2007 11:18:08 +0000 + cupsys (1.2.12-1) unstable; urgency=low * New upstream release only in patch2: unchanged: --- cupsys-1.2.12.orig/debian/patches/CVE-2007-3387.dpatch +++ cupsys-1.2.12/debian/patches/CVE-2007-3387.dpatch @@ -0,0 +1,22 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## CVE-2007-3387.dpatch +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Fix integer overflow in Stream.cxx + [EMAIL PROTECTED]@ +--- Stream.cxx.old 2007-08-05 11:15:08.000000000 +0000 ++++ cupsys-1.2.12/pdftops/Stream.cxx 2007-08-05 11:14:44.000000000 +0000 +@@ -412,9 +412,9 @@ + + nVals = width * nComps; + if (width <= 0 || nComps <= 0 || nBits <= 0 || +- nComps >= INT_MAX / nBits || +- width >= INT_MAX / nComps / nBits || +- nVals * nBits + 7 < 0) { ++ nComps > gfxColorMaxComps || nBits > 16 || ++ width >= INT_MAX / nComps || ++ nVals >= (INT_MAX - 7) / nBits) { + return; + } + pixBytes = (nComps * nBits + 7) >> 3; -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]