Thanks for reminding us. We should be able to upload this later today. On 8/5/07, Steffen Joeris <[EMAIL PROTECTED]> wrote: > Package: cupsys > Version: 1.2.12-1 > Severity: grave > Tags: security, patch > Justification: user security hole > > Hi > > A vulnerability has been found in libpoppler and related > packages. From CVE-2007-3387: > > "Integer overflow in the StreamPredictor::StreamPredictor function in > gpdf before 2.8.2, as used in (1) poppler, (2) xpdf, (3) kpdf, (4) > kdegraphics, (5) CUPS, and other products, might allow remote > attackers to execute arbitrary code via a crafted PDF file." > > Please mention the CVE id in the changelog. > > A patch to fix this issue is attached below. > If you do not have the time, please give me permission to upload an > NMU. > Thanks for your efforts > > Cheers > Steffen > > diff -u cupsys-1.2.12/debian/patches/00list > cupsys-1.2.12/debian/patches/00list > --- cupsys-1.2.12/debian/patches/00list > +++ cupsys-1.2.12/debian/patches/00list > @@ -26,0 +27 @@ > +CVE-2007-3387.dpatch > diff -u cupsys-1.2.12/debian/changelog cupsys-1.2.12/debian/changelog > --- cupsys-1.2.12/debian/changelog > +++ cupsys-1.2.12/debian/changelog > @@ -1,3 +1,12 @@ > +cupsys (1.2.12-1.1) unstable; urgency=high > + > + * Non-maintainer upload > + * Include upstream patch to fix integer overflow in the > + StreamPredictor::StreamPredictor function > + Fixes: CVE-2007-3387 > + > + -- Steffen Joeris <[EMAIL PROTECTED]> Sun, 05 Aug 2007 11:18:08 +0000 > + > cupsys (1.2.12-1) unstable; urgency=low > > * New upstream release > only in patch2: > unchanged: > --- cupsys-1.2.12.orig/debian/patches/CVE-2007-3387.dpatch > +++ cupsys-1.2.12/debian/patches/CVE-2007-3387.dpatch > @@ -0,0 +1,22 @@ > +#! /bin/sh /usr/share/dpatch/dpatch-run > +## CVE-2007-3387.dpatch > +## > +## All lines beginning with `## DP:' are a description of the patch. > +## DP: Fix integer overflow in Stream.cxx > + > [EMAIL PROTECTED]@ > +--- Stream.cxx.old 2007-08-05 11:15:08.000000000 +0000 > ++++ cupsys-1.2.12/pdftops/Stream.cxx 2007-08-05 11:14:44.000000000 +0000 > +@@ -412,9 +412,9 @@ > + > + nVals = width * nComps; > + if (width <= 0 || nComps <= 0 || nBits <= 0 || > +- nComps >= INT_MAX / nBits || > +- width >= INT_MAX / nComps / nBits || > +- nVals * nBits + 7 < 0) { > ++ nComps > gfxColorMaxComps || nBits > 16 || > ++ width >= INT_MAX / nComps || > ++ nVals >= (INT_MAX - 7) / nBits) { > + return; > + } > + pixBytes = (nComps * nBits + 7) >> 3; > > > _______________________________________________ > Pkg-cups-devel mailing list > [EMAIL PROTECTED] > http://lists.alioth.debian.org/mailman/listinfo/pkg-cups-devel >
-- Martin-Éric Racine http://q-funk.iki.fi