Package: liblcms1
Followup-For: Bug #718682
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi,
I'm currently preparing a NMU for this package.
To fix this issue, I will use the attached patch.
Its taken from:
https://build.opensuse.org/package/view_file/openSUSE:Evergreen:11.2:Test/lcms/CVE-2013-4276.patch#
- --
Tobias Frost
- -- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.13-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJTNAUxAAoJEJFk+h0XvV02rhgQAKTwhHtRN/9Ku4tjQRP9UC7h
huM2qrRh3PqT851XCDK8RES9qrQNUDcuwzYtfUxVB5yjPgJGNxnli4rnkMp3BaEV
wDP781PU52u7/D+xVnWQShL7wERAiJKrJY3y//x8v1U7/VMM0RtPXaFEZC2o1+rE
xxZDQFRQtGSRc95HiVn/5p5ItD7R0tX69bzPlczJHJcd8lGe2Lf7PlhzfqYNie0r
dW1ZkLtVzjfqRLaTHap0z8QMEnb0cRgIFf+CWi94UNZp6obasiSSQ0n4Q+GcHMPq
sGGbBfYWWXTWg9FyFg7TVAGnn/6ILH7XBCv7Agh343nUsZpCY/1ruAs1POe0Rs6H
DY4UkyrxR0B+GYDKgPnep75rxRO3yryO856rctVBFucxnasuQwxdnRTZ/tvdKL+5
EOp6AM5MCKibcw68xN7AP/2rxF9TxS1HrNBdScST2gZyTvPhdOIU3MO3dfUuXg7G
NV/4xL/MXXYCdTUhHAJ+erkEB1R9iGasZ++48Qpszgmf86CSL5UMRx+y2QAGGpQz
FOzW46k0/nVrH2iNaunwOADlAE/DjFSJiBOhfmLtvyGdhb39bYiu6ShVP/i/AfTs
fA7ss0hfTtmxCWgzpJduKJkxuSPXIwGTUTPL2V/dBw/n2uAjDWnYBjh4JDJx4dAV
RnvcVGqrZKnJ3co5Ksyn
=0DVy
-----END PGP SIGNATURE-----
--- lcms-1.19.dfsg/samples/icctrans.c 2009-10-30 15:57:45.000000000 +0000
+++ lcms-1.19.dfsg/samples/icctrans.c 2013-08-06 11:53:14.385266647 +0100
@@ -86,6 +86,8 @@
static LPcmsNAMEDCOLORLIST InputColorant = NULL;
static LPcmsNAMEDCOLORLIST OutputColorant = NULL;
+unsigned int Buffer_size = 4096;
+
// isatty replacement
@@ -500,7 +502,7 @@
Prefix[0] = 0;
if (!lTerse)
- sprintf(Prefix, "%s=", C);
+ snprintf(Prefix, 20, "%s=", C);
if (InHexa)
{
@@ -648,7 +650,9 @@
static
void GetLine(char* Buffer)
{
- scanf("%s", Buffer);
+ char User_buffer[Buffer_size];
+ fgets(User_buffer, (Buffer_size - 1), stdin);
+ sscanf(User_buffer,"%s", Buffer);
if (toupper(Buffer[0]) == 'Q') { // Quit?
@@ -668,7 +672,7 @@
static
double GetAnswer(const char* Prompt, double Range)
{
- char Buffer[4096];
+ char Buffer[Buffer_size];
double val = 0.0;
if (Range == 0.0) { // Range 0 means double value
@@ -738,7 +742,7 @@
static
WORD GetIndex(void)
{
- char Buffer[4096], Name[40], Prefix[40], Suffix[40];
+ char Buffer[Buffer_size], Name[40], Prefix[40], Suffix[40];
int index, max;
max = cmsNamedColorCount(hTrans)-1;
--- lcms-1.19.dfsg/tifficc/tiffdiff.c 2009-10-30 15:57:46.000000000 +0000
+++ lcms-1.19.dfsg/tifficc/tiffdiff.c 2013-08-06 11:49:06.698951157 +0100
@@ -633,7 +633,7 @@
cmsIT8SetSheetType(hIT8, "TIFFDIFF");
- sprintf(Buffer, "Differences between %s and %s", TiffName1, TiffName2);
+ snprintf(Buffer, 256, "Differences between %s and %s", TiffName1, TiffName2);
cmsIT8SetComment(hIT8, Buffer);
