Bug#710353: libraw: CVE-2013-2126 CVE-2013-2127
Control: found -1 0.14.6-2
Control: tags -1 patch
03.06.2013 в 19:34:15 +0400 Stepan Golosunov написал:
> On Thu, May 30, 2013 at 09:22:27AM +0200, Moritz Muehlenhoff wrote:
> > Package: libraw
> > Severity: grave
> > Tags: security
> >
> > Two security issues have been found in libraw. Please see this link for
> > more information and links to upstream commits:
> >
> > http://www.openwall.com/lists/oss-security/2013/05/29/7
> According to
> http://blog.lexa.ru/2013/05/28/o_spiskakh_uyazvimostei_v_programmakh.html
> the buggy code is present only in 0.15 branch.
Apparently (https://bugzilla.redhat.com/show_bug.cgi?id=968382#c5)
only CVE-2013-2127 is limited to 0.15 (and as a result is not present
in debian libraw packages). According to
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2126
CVE-2013-2126 affects 0.14 an 0.15 and patch for 0.14 is available at
https://github.com/LibRaw/LibRaw/commit/c14ae36d28e80139b2f31b5d9d7623db3b597a3a
--- a/src/libraw_cxx.cpp
+++ b/src/libraw_cxx.cpp
@@ -796,8 +796,8 @@ int LibRaw::unpack(void)
S.iheight= S.height;
IO.shrink = 0;
// allocate image as temporary buffer, size
-imgdata.rawdata.raw_alloc =
calloc(S.iwidth*S.iheight,sizeof(*imgdata.image));
-imgdata.image = (ushort (*)[4]) imgdata.rawdata.raw_alloc;
+imgdata.rawdata.raw_alloc = 0;
+imgdata.image = (ushort (*)[4])
calloc(S.iwidth*S.iheight,sizeof(*imgdata.image));
}
@@ -807,8 +807,8 @@ int LibRaw::unpack(void)
// recover saved
if( decoder_info.decoder_flags & LIBRAW_DECODER_LEGACY)
{
-imgdata.image = 0;
-imgdata.rawdata.color_image = (ushort (*)[4])
imgdata.rawdata.raw_alloc;
+ imgdata.rawdata.raw_alloc = imgdata.rawdata.color_image =
imgdata.image;
+ imgdata.image = 0;
}
// calculate channel maximum
> (Note that there are other packages that duplicate libraw sources.
> Darktable, for example, includes libraw 0.14.7.)
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Processed: Re: Bug#710353: libraw: CVE-2013-2126 CVE-2013-2127
Processing control commands: > found -1 0.14.6-2 Bug #710353 [libraw] libraw: CVE-2013-2126 CVE-2013-2127 There is no source info for the package 'libraw' at version '0.14.6-2' with architecture '' Unable to make a source version for version '0.14.6-2' Marked as found in versions 0.14.6-2. > tags -1 patch Bug #710353 [libraw] libraw: CVE-2013-2126 CVE-2013-2127 Added tag(s) patch. -- 710353: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710353 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Processed: Re: Bug#710353: libraw: CVE-2013-2126 CVE-2013-2127
Processing control commands: > found -1 0.15.1-1 Bug #710353 [libraw] libraw: CVE-2013-2126 CVE-2013-2127 There is no source info for the package 'libraw' at version '0.15.1-1' with architecture '' Unable to make a source version for version '0.15.1-1' Marked as found in versions 0.15.1-1. -- 710353: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710353 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#710353: libraw: CVE-2013-2126 CVE-2013-2127
Control: found -1 0.15.1-1 On Thu, May 30, 2013 at 09:22:27AM +0200, Moritz Muehlenhoff wrote: > Package: libraw > Severity: grave > Tags: security > > Two security issues have been found in libraw. Please see this link for > more information and links to upstream commits: > > http://www.openwall.com/lists/oss-security/2013/05/29/7 According to http://blog.lexa.ru/2013/05/28/o_spiskakh_uyazvimostei_v_programmakh.html the buggy code is present only in 0.15 branch. Which means only experimental is affected, and only by CVE-2013-2126. (Note that there are other packages that duplicate libraw sources. Darktable, for example, includes libraw 0.14.7.) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#710353: libraw: CVE-2013-2126 CVE-2013-2127
Package: libraw Severity: grave Tags: security Two security issues have been found in libraw. Please see this link for more information and links to upstream commits: http://www.openwall.com/lists/oss-security/2013/05/29/7 Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
