[Pkg-shotwell-maint] Bug#710353: libraw: CVE-2013-2126 CVE-2013-2127
Stepan Golosunov
stepan at golosunov.pp.ru
Mon Jun 3 18:59:12 UTC 2013
Control: found -1 0.14.6-2
Control: tags -1 patch
03.06.2013 в 19:34:15 +0400 Stepan Golosunov написал:
> On Thu, May 30, 2013 at 09:22:27AM +0200, Moritz Muehlenhoff wrote:
> > Package: libraw
> > Severity: grave
> > Tags: security
> >
> > Two security issues have been found in libraw. Please see this link for
> > more information and links to upstream commits:
> >
> > http://www.openwall.com/lists/oss-security/2013/05/29/7
> According to
> http://blog.lexa.ru/2013/05/28/o_spiskakh_uyazvimostei_v_programmakh.html
> the buggy code is present only in 0.15 branch.
Apparently (https://bugzilla.redhat.com/show_bug.cgi?id=968382#c5)
only CVE-2013-2127 is limited to 0.15 (and as a result is not present
in debian libraw packages). According to
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2126
CVE-2013-2126 affects 0.14 an 0.15 and patch for 0.14 is available at
https://github.com/LibRaw/LibRaw/commit/c14ae36d28e80139b2f31b5d9d7623db3b597a3a
--- a/src/libraw_cxx.cpp
+++ b/src/libraw_cxx.cpp
@@ -796,8 +796,8 @@ int LibRaw::unpack(void)
S.iheight= S.height;
IO.shrink = 0;
// allocate image as temporary buffer, size
- imgdata.rawdata.raw_alloc = calloc(S.iwidth*S.iheight,sizeof(*imgdata.image));
- imgdata.image = (ushort (*)[4]) imgdata.rawdata.raw_alloc;
+ imgdata.rawdata.raw_alloc = 0;
+ imgdata.image = (ushort (*)[4]) calloc(S.iwidth*S.iheight,sizeof(*imgdata.image));
}
@@ -807,8 +807,8 @@ int LibRaw::unpack(void)
// recover saved
if( decoder_info.decoder_flags & LIBRAW_DECODER_LEGACY)
{
- imgdata.image = 0;
- imgdata.rawdata.color_image = (ushort (*)[4]) imgdata.rawdata.raw_alloc;
+ imgdata.rawdata.raw_alloc = imgdata.rawdata.color_image = imgdata.image;
+ imgdata.image = 0;
}
// calculate channel maximum
> (Note that there are other packages that duplicate libraw sources.
> Darktable, for example, includes libraw 0.14.7.)
More information about the Pkg-shotwell-maint
mailing list