Your message dated Wed, 04 Jan 2012 19:02:30 +0000
with message-id <[email protected]>
and subject line Bug#652649: fixed in jasper 1.900.1-13
has caused the Debian Bug report #652649,
regarding jasper: Fix for CVE-2011-4516 and CVE-2011-4517
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
652649: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652649
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: jasper
Version: 1.900.1-12
Severity: normal
Tags: patch
User: [email protected]
Usertags: origin-ubuntu precise ubuntu-patch
*** /tmp/tmpCx1dv3
In Ubuntu, the attached patch was applied to achieve the following:
* SECURITY UPDATE: denial of service and possible code execution via
heap-based buffer overflows.
- debian/patches/03-CVE-2011-451x.patch: validate compparms->numrlvls
and allocate proper size in src/libjasper/jpc/jpc_cs.c.
- CVE-2011-4516
- CVE-2011-4517
Thanks for considering the patch.
-- System Information:
Debian Release: wheezy/sid
APT prefers oneiric-updates
APT policy: (500, 'oneiric-updates'), (500, 'oneiric-security'), (500,
'oneiric-proposed'), (500, 'oneiric')
Architecture: amd64 (x86_64)
Kernel: Linux 3.0.0-15-generic (SMP w/4 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru jasper-1.900.1/debian/changelog jasper-1.900.1/debian/changelog
diff -Nru jasper-1.900.1/debian/patches/03-CVE-2011-451x.patch jasper-1.900.1/debian/patches/03-CVE-2011-451x.patch
--- jasper-1.900.1/debian/patches/03-CVE-2011-451x.patch 1969-12-31 19:00:00.000000000 -0500
+++ jasper-1.900.1/debian/patches/03-CVE-2011-451x.patch 2011-12-19 09:39:44.000000000 -0500
@@ -0,0 +1,28 @@
+Description: fix denial of service and possible code execution via
+ heap-based buffer overflows.
+Origin: Patch thanks to Red Hat
+
+Index: jasper-1.900.1/src/libjasper/jpc/jpc_cs.c
+===================================================================
+--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_cs.c 2011-12-19 09:35:34.186909298 -0500
++++ jasper-1.900.1/src/libjasper/jpc/jpc_cs.c 2011-12-19 09:35:51.198909832 -0500
+@@ -744,6 +744,10 @@
+ return -1;
+ }
+ compparms->numrlvls = compparms->numdlvls + 1;
++ if (compparms->numrlvls > JPC_MAXRLVLS) {
++ jpc_cox_destroycompparms(compparms);
++ return -1;
++ }
+ if (prtflag) {
+ for (i = 0; i < compparms->numrlvls; ++i) {
+ if (jpc_getuint8(in, &tmp)) {
+@@ -1331,7 +1335,7 @@
+ jpc_crgcomp_t *comp;
+ uint_fast16_t compno;
+ crg->numcomps = cstate->numcomps;
+- if (!(crg->comps = jas_alloc2(cstate->numcomps, sizeof(uint_fast16_t)))) {
++ if (!(crg->comps = jas_alloc2(cstate->numcomps, sizeof(jpc_crgcomp_t)))) {
+ return -1;
+ }
+ for (compno = 0, comp = crg->comps; compno < cstate->numcomps;
diff -Nru jasper-1.900.1/debian/patches/series jasper-1.900.1/debian/patches/series
--- jasper-1.900.1/debian/patches/series 2011-11-27 13:55:33.000000000 -0500
+++ jasper-1.900.1/debian/patches/series 2011-12-19 09:35:07.000000000 -0500
@@ -1,2 +1,3 @@
01-misc-fixes.patch
02-fix-filename-buffer-overflow.patch
+03-CVE-2011-451x.patch
--- End Message ---
--- Begin Message ---
Source: jasper
Source-Version: 1.900.1-13
We believe that the bug you reported is fixed in the latest version of
jasper, which is due to be installed in the Debian FTP archive:
jasper_1.900.1-13.debian.tar.gz
to main/j/jasper/jasper_1.900.1-13.debian.tar.gz
jasper_1.900.1-13.dsc
to main/j/jasper/jasper_1.900.1-13.dsc
libjasper-dev_1.900.1-13_i386.deb
to main/j/jasper/libjasper-dev_1.900.1-13_i386.deb
libjasper-runtime_1.900.1-13_i386.deb
to main/j/jasper/libjasper-runtime_1.900.1-13_i386.deb
libjasper1_1.900.1-13_i386.deb
to main/j/jasper/libjasper1_1.900.1-13_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Roland Stigge <[email protected]> (supplier of updated jasper package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 04 Jan 2012 19:14:40 +0100
Source: jasper
Binary: libjasper1 libjasper-dev libjasper-runtime
Architecture: source i386
Version: 1.900.1-13
Distribution: unstable
Urgency: high
Maintainer: Roland Stigge <[email protected]>
Changed-By: Roland Stigge <[email protected]>
Description:
libjasper-dev - Development files for the JasPer JPEG-2000 library
libjasper-runtime - Programs for manipulating JPEG-2000 files
libjasper1 - JasPer JPEG-2000 runtime library
Closes: 652649
Changes:
jasper (1.900.1-13) unstable; urgency=high
.
* Fix CVE-2011-4516 and CVE-2011-4517: Two buffer overflow issues possibly
exploitable via specially crafted input files (Closes: #652649)
Thanks to Red Hat and Michael Gilbert
Checksums-Sha1:
56514845483d7dadb937b0c28a10895384ab7f7d 1219 jasper_1.900.1-13.dsc
a659962039b75acbd726eb2aef83cf47a9c3985a 31455 jasper_1.900.1-13.debian.tar.gz
4c1c9aadae629e1015b5071ee82486e476b6b162 158982 libjasper1_1.900.1-13_i386.deb
6eccd2ddeb7b65cea95a64c96e04d1d9c817b7a2 564778
libjasper-dev_1.900.1-13_i386.deb
0be5ce62bfc9f76a3ca2669cdeac7481af298c3d 25526
libjasper-runtime_1.900.1-13_i386.deb
Checksums-Sha256:
27b3b204a3169e270c142000f5d0653639dda2ceeed0adc8398bd3dfaaf7cdfc 1219
jasper_1.900.1-13.dsc
2d6c89219e232b6589e1239adf27f812abd1adb30d1306b9460e83d2c2db6652 31455
jasper_1.900.1-13.debian.tar.gz
7c1b70e67ad5ed6f0236e944c8c0d4ef6d161ca95843cd6e7eb3189fe5cc5c6e 158982
libjasper1_1.900.1-13_i386.deb
2244ad057654a9f0e57d7c2b160422f0bd5d24b815ef4c6605a057eb8a3eda9f 564778
libjasper-dev_1.900.1-13_i386.deb
f37a23fc977789e8ea6dc4469b57eb0e52f71dc6439a7737cc31e8f22900e995 25526
libjasper-runtime_1.900.1-13_i386.deb
Files:
c8200db57e03c92c8ef45aeea66e4d1e 1219 graphics optional jasper_1.900.1-13.dsc
d5da45f67a8c51bbfb10c472912d2b65 31455 graphics optional
jasper_1.900.1-13.debian.tar.gz
052771286ef82b5967bfab91dcc8f65e 158982 libs optional
libjasper1_1.900.1-13_i386.deb
2ca8b6b638a73b5434294cd75d4d0e8e 564778 libdevel optional
libjasper-dev_1.900.1-13_i386.deb
8f3f4fa07d28389387641b8e5f3d832a 25526 graphics optional
libjasper-runtime_1.900.1-13_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFPBJ/OcaH/YBv43g8RAmByAJsGQvBV9jBC9KF5iAAUNdsoNkpSTgCgxVal
+6WqBjVRYeLjsvaqfwIr0vw=
=lorM
-----END PGP SIGNATURE-----
--- End Message ---
