Bug#710353: libraw: CVE-2013-2126 CVE-2013-2127
Control: found -1 0.14.6-2 Control: tags -1 patch 03.06.2013 в 19:34:15 +0400 Stepan Golosunov написал: > On Thu, May 30, 2013 at 09:22:27AM +0200, Moritz Muehlenhoff wrote: > > Package: libraw > > Severity: grave > > Tags: security > > > > Two security issues have been found in libraw. Please see this link for > > more information and links to upstream commits: > > > > http://www.openwall.com/lists/oss-security/2013/05/29/7 > According to > http://blog.lexa.ru/2013/05/28/o_spiskakh_uyazvimostei_v_programmakh.html > the buggy code is present only in 0.15 branch. Apparently (https://bugzilla.redhat.com/show_bug.cgi?id=968382#c5) only CVE-2013-2127 is limited to 0.15 (and as a result is not present in debian libraw packages). According to https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2126 CVE-2013-2126 affects 0.14 an 0.15 and patch for 0.14 is available at https://github.com/LibRaw/LibRaw/commit/c14ae36d28e80139b2f31b5d9d7623db3b597a3a --- a/src/libraw_cxx.cpp +++ b/src/libraw_cxx.cpp @@ -796,8 +796,8 @@ int LibRaw::unpack(void) S.iheight= S.height; IO.shrink = 0; // allocate image as temporary buffer, size -imgdata.rawdata.raw_alloc = calloc(S.iwidth*S.iheight,sizeof(*imgdata.image)); -imgdata.image = (ushort (*)[4]) imgdata.rawdata.raw_alloc; +imgdata.rawdata.raw_alloc = 0; +imgdata.image = (ushort (*)[4]) calloc(S.iwidth*S.iheight,sizeof(*imgdata.image)); } @@ -807,8 +807,8 @@ int LibRaw::unpack(void) // recover saved if( decoder_info.decoder_flags & LIBRAW_DECODER_LEGACY) { -imgdata.image = 0; -imgdata.rawdata.color_image = (ushort (*)[4]) imgdata.rawdata.raw_alloc; + imgdata.rawdata.raw_alloc = imgdata.rawdata.color_image = imgdata.image; + imgdata.image = 0; } // calculate channel maximum > (Note that there are other packages that duplicate libraw sources. > Darktable, for example, includes libraw 0.14.7.) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Processed: Re: Bug#710353: libraw: CVE-2013-2126 CVE-2013-2127
Processing control commands: > found -1 0.14.6-2 Bug #710353 [libraw] libraw: CVE-2013-2126 CVE-2013-2127 There is no source info for the package 'libraw' at version '0.14.6-2' with architecture '' Unable to make a source version for version '0.14.6-2' Marked as found in versions 0.14.6-2. > tags -1 patch Bug #710353 [libraw] libraw: CVE-2013-2126 CVE-2013-2127 Added tag(s) patch. -- 710353: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710353 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Processed: Re: Bug#710353: libraw: CVE-2013-2126 CVE-2013-2127
Processing control commands: > found -1 0.15.1-1 Bug #710353 [libraw] libraw: CVE-2013-2126 CVE-2013-2127 There is no source info for the package 'libraw' at version '0.15.1-1' with architecture '' Unable to make a source version for version '0.15.1-1' Marked as found in versions 0.15.1-1. -- 710353: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710353 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#710353: libraw: CVE-2013-2126 CVE-2013-2127
Control: found -1 0.15.1-1 On Thu, May 30, 2013 at 09:22:27AM +0200, Moritz Muehlenhoff wrote: > Package: libraw > Severity: grave > Tags: security > > Two security issues have been found in libraw. Please see this link for > more information and links to upstream commits: > > http://www.openwall.com/lists/oss-security/2013/05/29/7 According to http://blog.lexa.ru/2013/05/28/o_spiskakh_uyazvimostei_v_programmakh.html the buggy code is present only in 0.15 branch. Which means only experimental is affected, and only by CVE-2013-2126. (Note that there are other packages that duplicate libraw sources. Darktable, for example, includes libraw 0.14.7.) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#710353: libraw: CVE-2013-2126 CVE-2013-2127
Package: libraw Severity: grave Tags: security Two security issues have been found in libraw. Please see this link for more information and links to upstream commits: http://www.openwall.com/lists/oss-security/2013/05/29/7 Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org