[freeimage] 01/03: Fix CVE-2016-5864: apply patch from wheezy-security.

Anton Gladky gladk at moszumanska.debian.org
Tue Oct 11 19:29:13 UTC 2016 

This is an automated email from the git hooks/post-receive script.

gladk pushed a commit to branch debian/jessie
in repository freeimage.

commit b2e0c3f911cb702918160e680f7500253bdeb4e5
Author: Anton Gladky <gladk at debian.org>
Date:   Tue Oct 11 20:59:07 2016 +0200

    Fix CVE-2016-5864: apply patch from wheezy-security.
    
    Thanks to Salvatore Bonaccorso, Balint Reczey and Chris Lamb
    (Closes: #839827)
---
 debian/patches/Fix-CVE-2016-5684.patch | 34 ++++++++++++++++++++++++++++++++++
 debian/patches/series                  |  1 +
 2 files changed, 35 insertions(+)

diff --git a/debian/patches/Fix-CVE-2016-5684.patch b/debian/patches/Fix-CVE-2016-5684.patch
new file mode 100644
index 0000000..68c2cdc
--- /dev/null
+++ b/debian/patches/Fix-CVE-2016-5684.patch
@@ -0,0 +1,34 @@
+From: Debian Science Maintainers
+ <debian-science-maintainers at lists.alioth.debian.org>
+Date: Mon, 10 Oct 2016 08:22:44 +0100
+Subject: CVE-2016-5684
+
+---
+ Source/FreeImage/PluginXPM.cpp | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+Index: freeimage-3.15.4/Source/FreeImage/PluginXPM.cpp
+===================================================================
+--- freeimage-3.15.4.orig/Source/FreeImage/PluginXPM.cpp
++++ freeimage-3.15.4/Source/FreeImage/PluginXPM.cpp
+@@ -181,6 +181,11 @@ Load(FreeImageIO *io, fi_handle handle,
+ 		}
+ 		free(str);
+ 
++		// check info string
++		if((width <= 0) || (height <= 0) || (colors <= 0) || (cpp <= 0)) {
++			throw "Improperly formed info string";
++		}
++
+         if (colors > 256) {
+ 			dib = FreeImage_AllocateHeader(header_only, width, height, 24, FI_RGBA_RED_MASK, FI_RGBA_GREEN_MASK, FI_RGBA_BLUE_MASK);
+ 		} else {
+@@ -193,7 +198,7 @@ Load(FreeImageIO *io, fi_handle handle,
+ 			FILE_RGBA rgba;
+ 
+ 			str = ReadString(io, handle);
+-			if(!str)
++			if(!str || (strlen(str) < (size_t)cpp))
+ 				throw "Error reading color strings";
+ 
+ 			std::string chrs(str,cpp); //create a string for the color chars using the first cpp chars
diff --git a/debian/patches/series b/debian/patches/series
index 72d1912..982e774 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,3 +6,4 @@ fix-big-endian-detection.patch
 build_using_libjpeg62_transupp.c.patch
 fix_integer_overflow.patch
 fix_Integer_overflow_in_ljpeg_start.patch
+Fix-CVE-2016-5684.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-science/packages/freeimage.git

More information about the debian-science-commits mailing list