r28700 - in /desktop/unstable/gdk-pixbuf/debian: changelog control patches/CVE-2011-2485.patch patches/series

biebl at users.alioth.debian.org biebl at users.alioth.debian.org
Wed Jun 29 03:05:50 UTC 2011 

Author: biebl
Date: Wed Jun 29 03:05:49 2011
New Revision: 28700

URL: http://svn.debian.org/wsvn/pkg-gnome/?sc=1&rev=28700
Log:
Import NMU by the security team

Added:
    desktop/unstable/gdk-pixbuf/debian/patches/CVE-2011-2485.patch
Modified:
    desktop/unstable/gdk-pixbuf/debian/changelog
    desktop/unstable/gdk-pixbuf/debian/control
    desktop/unstable/gdk-pixbuf/debian/patches/series

Modified: desktop/unstable/gdk-pixbuf/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/gdk-pixbuf/debian/changelog?rev=28700&op=diff
==============================================================================
--- desktop/unstable/gdk-pixbuf/debian/changelog [utf-8] (original)
+++ desktop/unstable/gdk-pixbuf/debian/changelog [utf-8] Wed Jun 29 03:05:49 2011
@@ -1,3 +1,11 @@
+gdk-pixbuf (2.23.3-3.1) unstable; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * Fix improper check of gif_main_loop() resulting in DoS conditions
+    on specially crafted GIF images (CVE-2011-2485; Closes: #631524)
+
+ -- Nico Golde <nion at debian.org>  Tue, 28 Jun 2011 21:59:16 +0200
+
 gdk-pixbuf (2.23.3-3) unstable; urgency=low
 
   * Move the mime.cache generation from gtk+ udebs to this one, since 

Modified: desktop/unstable/gdk-pixbuf/debian/control
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/gdk-pixbuf/debian/control?rev=28700&op=diff
==============================================================================
--- desktop/unstable/gdk-pixbuf/debian/control [utf-8] (original)
+++ desktop/unstable/gdk-pixbuf/debian/control [utf-8] Wed Jun 29 03:05:49 2011
@@ -7,7 +7,7 @@
 Section: libs
 Priority: optional
 Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers at lists.alioth.debian.org>
-Uploaders: Emilio Pozuelo Monfort <pochu at debian.org>, Josselin Mouette <joss at debian.org>, Laurent Bigonville <bigon at debian.org>, Sebastian Dröge <slomo at debian.org>
+Uploaders: Emilio Pozuelo Monfort <pochu at debian.org>, Josselin Mouette <joss at debian.org>, Laurent Bigonville <bigon at debian.org>
 Build-Depends: cdbs (>= 0.4.90~),
                debhelper (>= 7),
                autotools-dev,

Added: desktop/unstable/gdk-pixbuf/debian/patches/CVE-2011-2485.patch
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/gdk-pixbuf/debian/patches/CVE-2011-2485.patch?rev=28700&op=file
==============================================================================
--- desktop/unstable/gdk-pixbuf/debian/patches/CVE-2011-2485.patch (added)
+++ desktop/unstable/gdk-pixbuf/debian/patches/CVE-2011-2485.patch [utf-8] Wed Jun 29 03:05:49 2011
@@ -1,0 +1,56 @@
+From f8569bb13e2aa1584dde61ca545144750f7a7c98 Mon Sep 17 00:00:00 2001
+From: Matthias Clasen <mclasen at redhat.com>
+Date: Fri, 24 Jun 2011 05:09:35 +0000
+Subject: GIF: Don't return a partially initialized pixbuf structure
+
+It was found that gdk-pixbuf GIF image loader gdk_pixbuf__gif_image_load()
+routine did not properly handle certain return values from their subroutines.
+A remote attacker could provide a specially-crafted GIF image, which once
+opened in an application, linked against gdk-pixbuf would lead to gdk-pixbuf
+to return partially initialized pixbuf structure, possibly having huge
+width and height, leading to that particular application termination due
+excessive memory use.
+
+The CVE identifier of CVE-2011-2485 has been assigned to this issue.
+---
+diff --git a/gdk-pixbuf/io-gif.c b/gdk-pixbuf/io-gif.c
+index 0b370ee..8a1fa3e 100644
+--- a/gdk-pixbuf/io-gif.c
++++ b/gdk-pixbuf/io-gif.c
+@@ -1455,6 +1455,7 @@ gdk_pixbuf__gif_image_load (FILE *file, GError **error)
+ {
+ 	GifContext *context;
+ 	GdkPixbuf *pixbuf;
++        gint retval;
+ 
+ 	g_return_val_if_fail (file != NULL, NULL);
+ 
+@@ -1472,19 +1473,25 @@ gdk_pixbuf__gif_image_load (FILE *file, GError **error)
+         context->error = error;
+         context->stop_after_first_frame = TRUE;
+ 
+-	if (gif_main_loop (context) == -1 || context->animation->frames == NULL) {
++        retval = gif_main_loop (context);
++	if (retval == -1 || context->animation->frames == NULL) {
+                 if (context->error && *(context->error) == NULL)
+                         g_set_error_literal (context->error,
+                                              GDK_PIXBUF_ERROR,
+                                              GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
+                                              _("GIF file was missing some data (perhaps it was truncated somehow?)"));
+         }
++        else if (retval == -2) {
++                pixbuf = NULL;
++                goto out;
++        }
+         
+         pixbuf = gdk_pixbuf_animation_get_static_image (GDK_PIXBUF_ANIMATION (context->animation));
+ 
+         if (pixbuf)
+                 g_object_ref (pixbuf);
+ 
++out:
+         g_object_unref (context->animation);
+         
+         g_free (context->buf);
+--
+cgit v0.9

Modified: desktop/unstable/gdk-pixbuf/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/gdk-pixbuf/debian/patches/series?rev=28700&op=diff
==============================================================================
--- desktop/unstable/gdk-pixbuf/debian/patches/series [utf-8] (original)
+++ desktop/unstable/gdk-pixbuf/debian/patches/series [utf-8] Wed Jun 29 03:05:49 2011
@@ -1,1 +1,2 @@
 041_ia32-libs.patch
+CVE-2011-2485.patch

More information about the pkg-gnome-commits mailing list