Your message dated Sat, 09 Dec 2017 10:47:53 +0000 with message-id <1512816473.1994.32.ca...@adam-barratt.org.uk> and subject line Closing bugs for updates included in jessie point release has caused the Debian Bug report #883177, regarding jessie-pu: package transfig/1:3.2.5.e-4 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 883177: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883177 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: release.debian.org Severity: normal Tags: jessie User: release.debian....@packages.debian.org Usertags: pu Fix some minor security issues, which according to security team do not warrant a DSA: * CVE-2017-16899: 33_input_sanitizing: Some input sanitizing on FIG files (Closes: #881143, #881144). * 34_fill-style-overflow: Sanitize input of fill patterns (Closes: #881396). The patches are adapted from unstable/testing. Greetings Rolanddiff -Nru transfig-3.2.5.e/debian/changelog transfig-3.2.5.e/debian/changelog --- transfig-3.2.5.e/debian/changelog 2014-08-26 10:06:01.000000000 +0200 +++ transfig-3.2.5.e/debian/changelog 2017-11-30 12:17:07.000000000 +0100 @@ -1,3 +1,12 @@ +transfig (1:3.2.5.e-4+deb8u1) jessie-proposed-updates; urgency=medium + + * CVE-2017-16899: 33_input_sanitizing: Some input sanitizing on FIG + files (Closes: #881143, #881144). + * 34_fill-style-overflow: Sanitize input of fill patterns + (Closes: #881396). + + -- Roland Rosenfeld <rol...@debian.org> Thu, 30 Nov 2017 12:17:07 +0100 + transfig (1:3.2.5.e-4) unstable; urgency=low * 32_dev_Imake_typo: use gengbx.c instead of gengbx.o in SRCS, otherwise diff -Nru transfig-3.2.5.e/debian/patches/33_input_sanitizing.patch transfig-3.2.5.e/debian/patches/33_input_sanitizing.patch --- transfig-3.2.5.e/debian/patches/33_input_sanitizing.patch 1970-01-01 01:00:00.000000000 +0100 +++ transfig-3.2.5.e/debian/patches/33_input_sanitizing.patch 2017-11-30 12:17:07.000000000 +0100 @@ -0,0 +1,41 @@ +Description: CVE-2017-16899 Some input sanitizing when reading FIG files. +Bug-Debian: https://bugs.debian.org/881143 +Bug-Debian: https://bugs.debian.org/881144 +Author: Thomas Loimer <thomas.loi...@tuwien.ac.at> + +--- a/fig2dev/read.c ++++ b/fig2dev/read.c +@@ -1204,8 +1204,14 @@ FILE *fp; + | PSFONT_TEXT; + + /* keep the font number reasonable */ +- if (t->font > MAXFONT(t)) ++ if (t->font > MAXFONT(t)) { + t->font = MAXFONT(t); ++ } else if (t->font < 0 ) { ++ if (psfont_text(t) && t->font < -1) ++ t->font = -1; ++ else ++ t->font = 0; ++ } + fix_color(&t->color); + t->comments = attach_comments(); /* attach any comments */ + return t; +--- a/fig2dev/read1_3.c ++++ b/fig2dev/read1_3.c +@@ -465,6 +465,15 @@ FILE *fp; + free((char*) t); + return(NULL); + } ++ /* keep the font number within valid range */ ++ if (t->font > MAXFONT(t)) { ++ t->font = MAXFONT(t); ++ } else if (t->font < 0 ) { ++ if (psfont_text(t) && t->font < -1) ++ t->font = -1; ++ else ++ t->font = 0; ++ } + (void)strcpy(t->cstring, buf); + if (t->size == 0) t->size = 18; + return(t); diff -Nru transfig-3.2.5.e/debian/patches/34_fill-style-overflow.patch transfig-3.2.5.e/debian/patches/34_fill-style-overflow.patch --- transfig-3.2.5.e/debian/patches/34_fill-style-overflow.patch 1970-01-01 01:00:00.000000000 +0100 +++ transfig-3.2.5.e/debian/patches/34_fill-style-overflow.patch 2017-11-30 12:17:07.000000000 +0100 @@ -0,0 +1,47 @@ +Description: Sanitize input of fill patterns. +Bug-Debian: https://bugs.debian.org/881396 +Author: Thomas Loimer <thomas.loi...@tuwien.ac.at> + +--- a/fig2dev/read.c ++++ b/fig2dev/read.c +@@ -61,6 +61,8 @@ static int save_comment(); + #define FILL_CONVERT(f) \ + ((v2_flag || (f) < WHITE_FILL) \ + ? (v30_flag? f: (f-1)) : 20 - ((f)-1)*5) ++#define FILL_SANITIZE(f) ((f) < UNFILLED || (f) >= \ ++ NUMSHADES + NUMTINTS + NUMPATTERNS) ? UNFILLED : f + + /* input buffer size */ + #define BUF_SIZE 1024 +@@ -527,6 +529,7 @@ FILE *fp; + } + a->thickness *= round(THICK_SCALE); + a->fill_style = FILL_CONVERT(a->fill_style); ++ a->fill_style = FILL_SANITIZE(a->fill_style); + /* keep track if pattern is used */ + note_pattern(a->fill_style); + fix_color(&a->pen_color); +@@ -718,6 +721,7 @@ read_ellipseobject() + fix_color(&e->fill_color); + e->thickness *= round(THICK_SCALE); + e->fill_style = FILL_CONVERT(e->fill_style); ++ e->fill_style = FILL_SANITIZE(e->fill_style); + /* keep track if pattern is used */ + note_pattern(e->fill_style); + e->comments = attach_comments(); /* attach any comments */ +@@ -786,6 +790,7 @@ FILE *fp; + l->radius *= round(THICK_SCALE); + l->thickness *= round(THICK_SCALE); + l->fill_style = FILL_CONVERT(l->fill_style); ++ l->fill_style = FILL_SANITIZE(l->fill_style); + + /* keep track if pattern is used */ + note_pattern(l->fill_style); +@@ -925,6 +930,7 @@ FILE *fp; + } + s->thickness *= round(THICK_SCALE); + s->fill_style = FILL_CONVERT(s->fill_style); ++ s->fill_style = FILL_SANITIZE(s->fill_style); + /* keep track if pattern is used */ + note_pattern(s->fill_style); + fix_color(&s->pen_color); diff -Nru transfig-3.2.5.e/debian/patches/series transfig-3.2.5.e/debian/patches/series --- transfig-3.2.5.e/debian/patches/series 2014-08-26 10:06:06.000000000 +0200 +++ transfig-3.2.5.e/debian/patches/series 2017-11-30 12:17:07.000000000 +0100 @@ -18,3 +18,5 @@ 30_fprintf_format.patch 31_index_not_static.patch 32_dev_Imake_typo.patch +33_input_sanitizing.patch +34_fill-style-overflow.patch
--- End Message ---
--- Begin Message ---Version: 8.10 Hi, Each of the updates referenced in these bugs was included in this morning's jessie point release. Thanks! Regards, Adam
--- End Message ---
