[freeimage] 01/03: Fix integer overflow in the ljpeg_start function CVE-2015-3885. (Closes: #786790)
Anton Gladky
gladk at moszumanska.debian.org
Mon Jan 18 07:35:38 UTC 2016
This is an automated email from the git hooks/post-receive script.
gladk pushed a commit to branch debian/jessie
in repository freeimage.
commit f51f898035ef1520920ba2fb8946ae7d5e1c4e8d
Author: Anton Gladky <gladk at debian.org>
Date: Thu Oct 29 23:14:50 2015 +0100
Fix integer overflow in the ljpeg_start function CVE-2015-3885. (Closes: #786790)
---
.../fix_Integer_overflow_in_ljpeg_start.patch | 34 ++++++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 35 insertions(+)
diff --git a/debian/patches/fix_Integer_overflow_in_ljpeg_start.patch b/debian/patches/fix_Integer_overflow_in_ljpeg_start.patch
new file mode 100644
index 0000000..3b84e80
--- /dev/null
+++ b/debian/patches/fix_Integer_overflow_in_ljpeg_start.patch
@@ -0,0 +1,34 @@
+Description: Fix integer overflow in the ljpeg_start function in dcraw
+Author: Alex Tutubalin <lexa at lexa.ru>
+Bug-Debian: https://bugs.debian.org/786790
+Origin: https://github.com/LibRaw/LibRaw/commit/4606c28f494a750892c5c1ac7903e62dd1c6fdb5
+ https://github.com/rawstudio/rawstudio/commit/983bda1f0fa5fa86884381208274198a620f006e
+Bug: https://security-tracker.debian.org/tracker/CVE-2015-3885
+Bug: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3885
+Reviewed-By: Anton Gladky <gladk at debian.org>
+Last-Update: 2015-10-29
+
+--- freeimage-3.15.4.orig/Source/LibRawLite/dcraw/dcraw.c
++++ freeimage-3.15.4/Source/LibRawLite/dcraw/dcraw.c
+@@ -768,7 +768,8 @@ struct jhead {
+
+ int CLASS ljpeg_start (struct jhead *jh, int info_only)
+ {
+- int c, tag, len;
++ int c, tag;
++ ushort len;
+ uchar data[0x10000];
+ const uchar *dp;
+
+--- freeimage-3.15.4.orig/Source/LibRawLite/internal/dcraw_common.cpp
++++ freeimage-3.15.4/Source/LibRawLite/internal/dcraw_common.cpp
+@@ -630,7 +630,8 @@ void CLASS canon_compressed_load_raw()
+
+ int CLASS ljpeg_start (struct jhead *jh, int info_only)
+ {
+- int c, tag, len;
++ int c, tag;
++ ushort len;
+ uchar data[0x10000];
+ const uchar *dp;
+
diff --git a/debian/patches/series b/debian/patches/series
index bd4223a..72d1912 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -5,3 +5,4 @@ tag_truncation.patch
fix-big-endian-detection.patch
build_using_libjpeg62_transupp.c.patch
fix_integer_overflow.patch
+fix_Integer_overflow_in_ljpeg_start.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-science/packages/freeimage.git
More information about the debian-science-commits
mailing list