apng2gif: CVE-2017-6962: Integer overflow resulting in heap overflow write

Debian Bug report logs - #854447
apng2gif: CVE-2017-6962: Integer overflow resulting in heap overflow write

Reply or subscribe to this bug.

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Dileep Kumar Jallepalli <dileep.chinu@gmail.com>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: apng2gif: Integer overflow resulting in heap overflow write

Date: Tue, 07 Feb 2017 02:31:33 -0800

[Message part 1 (text/plain, inline)]

Package: apng2gif
Version: 1.7-1
Severity: important

Dear Maintainer,

Q.) What led up to the situation?
A.) In read_chunk function, the line "pChunk->size = png_get_uint_32(len) + 12"
is having an integer overflow vulnerability which can result in smaller memory
allocation for pChunk->p than expected. If the integer overflow results in a
pChunk->size < 4; it can cause heap overflow write in the subsequent line
"memcpy(pChunk->p, len, 4)".

Q.) What exactly did you do (or not do) that was effective (or ineffective)?
A.) Just have to modify the relavent offset in the png file so that the
pChunk->size value is less than 4.

    Steps to reproduce:
        Use the makefile in the attachment and compile the program in asan mode
(Attaching makefile just as a reference).
        Use the input.png file in the attachment as input to the program and
run it:
                apng2gif input.png

Q.) What was the outcome of this action?
A.) There will be a heap overflow write of 4 bytes for this particular crafter
input png.

Sample ASAN Output:

apng2gif 1.7

Reading './crashes_submitted/iohpw/input.png'...
=================================================================
==19011== ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb4b007d0
at pc 0x8057c2c bp 0xbf847468 sp 0xbf84745c
WRITE of size 4 at 0xb4b007d0 thread T0
    #0 0x8057c2b (apng2gif/1.7/gccasanbuild/apng2gif+0x8057c2b)
    #1 0x804938b (apng2gif/1.7/gccasanbuild/apng2gif+0x804938b)
    #2 0xb5ef6af2 (/lib/i386-linux-gnu/libc-2.19.so+0x19af2)
    #3 0x804a0c1 (apng2gif/1.7/gccasanbuild/apng2gif+0x804a0c1)
0xb4b007d1 is located 0 bytes to the right of 1-byte region
[0xb4b007d0,0xb4b007d1)
allocated by thread T0 here:
    #0 0xb61cb6a4 (/usr/lib/i386-linux-gnu/libasan.so.0.0.0+0x116a4)
    #1 0x8056888 (apng2gif/1.7/gccasanbuild/apng2gif+0x8056888)
    #2 0x804938b (apng2gif/1.7/gccasanbuild/apng2gif+0x804938b)
    #3 0xb5ef6af2 (/lib/i386-linux-gnu/libc-2.19.so+0x19af2)
Shadow bytes around the buggy address:
  0x369600a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x369600b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x369600c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x369600d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x369600e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x369600f0: fa fa fa fa fa fa fa fa fa fa[01]fa fa fa 00 fa
  0x36960100: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x36960110: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x36960120: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x36960130: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x36960140: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:     fa
  Heap righ redzone:     fb
  Freed Heap region:     fd
  Stack left redzone:    f1
  Stack mid redzone:     f2
  Stack right redzone:   f3
  Stack partial redzone: f4
  Stack after return:    f5
  Stack use after scope: f8
  Global redzone:        f9
  Global init order:     f6
  Poisoned by user:      f7
  ASan internal:         fe
==19011== ABORTING

Analysis:

In this particular example, the pChunk->size value is 1, and hence
memcpy(pChunk->p, len, 4) resulted in a heap overflow write of 4 bytes.

Q.) What outcome did you expect instead?
A.) Probably some input validation to prevent integer overflow.




-- System Information:
Debian Release: jessie/sid
  APT prefers trusty-updates
  APT policy: (500, 'trusty-updates'), (500, 'trusty-security'), (500,
'trusty'), (100, 'trusty-backports')
Architecture: i386 (i686)

Kernel: Linux 3.13.0-32-generic (SMP w/2 CPU cores)

[input.png (image/png, attachment)]

[Makefile (text/x-makefile, attachment)]

Message #16 received at 854447@bugs.debian.org (full text, mbox, reply):

From: Ola Lundqvist <ola@inguza.com>

To: 854447@bugs.debian.org, Dileep Kumar Jallepalli <dileep.chinu@gmail.com>

Subject: Not sure I can reproduce this problem (CVE-2017-6962)

Date: Mon, 20 Mar 2017 23:15:39 +0100

[Message part 1 (text/plain, inline)]

Hi

I have tried to reproduce this problem but I can not reproduce a crash. Or
is it so that I just do not see it due to how the binary is built?

Wheezy:
(wheezy_chroot)root@tigereye:/# apng2gif input-854447.png
apng2gif 1.5
Reading 'input-854447.png'...
Error: can't load 'input-854447.png'

Sid:
(sid_chroot)root@tigereye:/# apng2gif input-854447.png
apng2gif 1.7
Reading 'input-854447.png'...
load_apng() failed: 'input-854447.png'

Best regards

// Ola

-- 
 --- Inguza Technology AB --- MSc in Information Technology ----
/  ola@inguza.com                    Folkebogatan 26            \
|  opal@debian.org                   654 68 KARLSTAD            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---------------------------------------------------------------

[Message part 2 (text/html, inline)]

Message #21 received at 854447@bugs.debian.org (full text, mbox, reply):

From: Dileep Kumar <dileep.chinu@gmail.com>

To: Ola Lundqvist <ola@inguza.com>, 854447@bugs.debian.org

Subject: Re: Not sure I can reproduce this problem (CVE-2017-6962)

Date: Tue, 21 Mar 2017 11:54:08 +0530

[Message part 1 (text/plain, inline)]

Hey,

As mentioned, you need to compile the binary in ASAN mode. Have you tried
using the make file in the attachment??

Best Regards,
Dileep

On Tue, Mar 21, 2017 at 3:45 AM, Ola Lundqvist <ola@inguza.com> wrote:

> Hi
>
> I have tried to reproduce this problem but I can not reproduce a crash. Or
> is it so that I just do not see it due to how the binary is built?
>
> Wheezy:
> (wheezy_chroot)root@tigereye:/# apng2gif input-854447.png
> apng2gif 1.5
> Reading 'input-854447.png'...
> Error: can't load 'input-854447.png'
>
> Sid:
> (sid_chroot)root@tigereye:/# apng2gif input-854447.png
> apng2gif 1.7
> Reading 'input-854447.png'...
> load_apng() failed: 'input-854447.png'
>
> Best regards
>
> // Ola
>
> --
>  --- Inguza Technology AB --- MSc in Information Technology ----
> /  ola@inguza.com                    Folkebogatan 26            \
> |  opal@debian.org                   654 68 KARLSTAD            |
> |  http://inguza.com/                Mobile: +46 (0)70-332 1551
> <+46%2070%20332%2015%2051> |
> \  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
>  ---------------------------------------------------------------
>
>

[Message part 2 (text/html, inline)]

Message #26 received at 854447@bugs.debian.org (full text, mbox, reply):

From: Ola Lundqvist <ola@inguza.com>

To: Dileep Kumar <dileep.chinu@gmail.com>

Cc: Ola Lundqvist <ola@inguza.com>, 854447@bugs.debian.org

Subject: Re: Not sure I can reproduce this problem (CVE-2017-6962)

Date: Tue, 21 Mar 2017 09:35:03 +0100

[Message part 1 (text/plain, inline)]

Hi Dileep

Thank you.

No I did not try that. I wanted to test with untouched binaries first.
The problem can still be there in the untouched binary. I just wanted to
check how that behaved to conclude the severity of the issue in stable and
oldstable.

Do you mean that I have to re-compile the binary in ASAN mode to be able to
trigger the problem, or just that the ASAN mode makes it more visible?

Best regards

// Ola

On 21 March 2017 at 07:24, Dileep Kumar <dileep.chinu@gmail.com> wrote:

> Hey,
>
> As mentioned, you need to compile the binary in ASAN mode. Have you tried
> using the make file in the attachment??
>
> Best Regards,
> Dileep
>
> On Tue, Mar 21, 2017 at 3:45 AM, Ola Lundqvist <ola@inguza.com> wrote:
>
>> Hi
>>
>> I have tried to reproduce this problem but I can not reproduce a crash.
>> Or is it so that I just do not see it due to how the binary is built?
>>
>> Wheezy:
>> (wheezy_chroot)root@tigereye:/# apng2gif input-854447.png
>> apng2gif 1.5
>> Reading 'input-854447.png'...
>> Error: can't load 'input-854447.png'
>>
>> Sid:
>> (sid_chroot)root@tigereye:/# apng2gif input-854447.png
>> apng2gif 1.7
>> Reading 'input-854447.png'...
>> load_apng() failed: 'input-854447.png'
>>
>> Best regards
>>
>> // Ola
>>
>> --
>>  --- Inguza Technology AB --- MSc in Information Technology ----
>> /  ola@inguza.com                    Folkebogatan 26            \
>> |  opal@debian.org                   654 68 KARLSTAD            |
>> |  http://inguza.com/                Mobile: +46 (0)70-332 1551
>> <+46%2070%20332%2015%2051> |
>> \  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
>>  ---------------------------------------------------------------
>>
>>
>


-- 
 --- Inguza Technology AB --- MSc in Information Technology ----
/  ola@inguza.com                    Folkebogatan 26            \
|  opal@debian.org                   654 68 KARLSTAD            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---------------------------------------------------------------

[Message part 2 (text/html, inline)]

Message #31 received at 854447@bugs.debian.org (full text, mbox, reply):

From: Dileep Kumar <dileep.chinu@gmail.com>

To: Ola Lundqvist <ola@inguza.com>, 854447@bugs.debian.org

Subject: Re: Not sure I can reproduce this problem (CVE-2017-6962)

Date: Tue, 21 Mar 2017 15:01:31 +0530

[Message part 1 (text/plain, inline)]

Hey,

Yep, the bug is always there, ASAN will just make the program abort on heap
overflow.

-Dileep

On Tue, Mar 21, 2017 at 2:05 PM, Ola Lundqvist <ola@inguza.com> wrote:

> Hi Dileep
>
> Thank you.
>
> No I did not try that. I wanted to test with untouched binaries first.
> The problem can still be there in the untouched binary. I just wanted to
> check how that behaved to conclude the severity of the issue in stable and
> oldstable.
>
> Do you mean that I have to re-compile the binary in ASAN mode to be able
> to trigger the problem, or just that the ASAN mode makes it more visible?
>
> Best regards
>
> // Ola
>
> On 21 March 2017 at 07:24, Dileep Kumar <dileep.chinu@gmail.com> wrote:
>
>> Hey,
>>
>> As mentioned, you need to compile the binary in ASAN mode. Have you tried
>> using the make file in the attachment??
>>
>> Best Regards,
>> Dileep
>>
>> On Tue, Mar 21, 2017 at 3:45 AM, Ola Lundqvist <ola@inguza.com> wrote:
>>
>>> Hi
>>>
>>> I have tried to reproduce this problem but I can not reproduce a crash.
>>> Or is it so that I just do not see it due to how the binary is built?
>>>
>>> Wheezy:
>>> (wheezy_chroot)root@tigereye:/# apng2gif input-854447.png
>>> apng2gif 1.5
>>> Reading 'input-854447.png'...
>>> Error: can't load 'input-854447.png'
>>>
>>> Sid:
>>> (sid_chroot)root@tigereye:/# apng2gif input-854447.png
>>> apng2gif 1.7
>>> Reading 'input-854447.png'...
>>> load_apng() failed: 'input-854447.png'
>>>
>>> Best regards
>>>
>>> // Ola
>>>
>>> --
>>>  --- Inguza Technology AB --- MSc in Information Technology ----
>>> /  ola@inguza.com                    Folkebogatan 26            \
>>> |  opal@debian.org                   654 68 KARLSTAD            |
>>> |  http://inguza.com/                Mobile: +46 (0)70-332 1551
>>> <+46%2070%20332%2015%2051> |
>>> \  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
>>>  ---------------------------------------------------------------
>>>
>>>
>>
>
>
> --
>  --- Inguza Technology AB --- MSc in Information Technology ----
> /  ola@inguza.com                    Folkebogatan 26            \
> |  opal@debian.org                   654 68 KARLSTAD            |
> |  http://inguza.com/                Mobile: +46 (0)70-332 1551
> <+46%2070%20332%2015%2051> |
> \  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
>  ---------------------------------------------------------------
>
>

[Message part 2 (text/html, inline)]

Message #36 received at 854447@bugs.debian.org (full text, mbox, reply):

From: Ola Lundqvist <ola@inguza.com>

To: Dileep Kumar <dileep.chinu@gmail.com>

Cc: Ola Lundqvist <ola@inguza.com>, 854447@bugs.debian.org

Subject: Re: Not sure I can reproduce this problem (CVE-2017-6962)

Date: Tue, 21 Mar 2017 12:59:39 +0100

[Message part 1 (text/plain, inline)]

Thank you. As I suspected. Do you see same error message when you try that
without ASAN mode?

// Ola

On 21 March 2017 at 10:31, Dileep Kumar <dileep.chinu@gmail.com> wrote:

> Hey,
>
> Yep, the bug is always there, ASAN will just make the program abort on
> heap overflow.
>
> -Dileep
>
> On Tue, Mar 21, 2017 at 2:05 PM, Ola Lundqvist <ola@inguza.com> wrote:
>
>> Hi Dileep
>>
>> Thank you.
>>
>> No I did not try that. I wanted to test with untouched binaries first.
>> The problem can still be there in the untouched binary. I just wanted to
>> check how that behaved to conclude the severity of the issue in stable and
>> oldstable.
>>
>> Do you mean that I have to re-compile the binary in ASAN mode to be able
>> to trigger the problem, or just that the ASAN mode makes it more visible?
>>
>> Best regards
>>
>> // Ola
>>
>> On 21 March 2017 at 07:24, Dileep Kumar <dileep.chinu@gmail.com> wrote:
>>
>>> Hey,
>>>
>>> As mentioned, you need to compile the binary in ASAN mode. Have you
>>> tried using the make file in the attachment??
>>>
>>> Best Regards,
>>> Dileep
>>>
>>> On Tue, Mar 21, 2017 at 3:45 AM, Ola Lundqvist <ola@inguza.com> wrote:
>>>
>>>> Hi
>>>>
>>>> I have tried to reproduce this problem but I can not reproduce a crash.
>>>> Or is it so that I just do not see it due to how the binary is built?
>>>>
>>>> Wheezy:
>>>> (wheezy_chroot)root@tigereye:/# apng2gif input-854447.png
>>>> apng2gif 1.5
>>>> Reading 'input-854447.png'...
>>>> Error: can't load 'input-854447.png'
>>>>
>>>> Sid:
>>>> (sid_chroot)root@tigereye:/# apng2gif input-854447.png
>>>> apng2gif 1.7
>>>> Reading 'input-854447.png'...
>>>> load_apng() failed: 'input-854447.png'
>>>>
>>>> Best regards
>>>>
>>>> // Ola
>>>>
>>>> --
>>>>  --- Inguza Technology AB --- MSc in Information Technology ----
>>>> /  ola@inguza.com                    Folkebogatan 26            \
>>>> |  opal@debian.org                   654 68 KARLSTAD            |
>>>> |  http://inguza.com/                Mobile: +46 (0)70-332 1551
>>>> <+46%2070%20332%2015%2051> |
>>>> \  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
>>>>  ---------------------------------------------------------------
>>>>
>>>>
>>>
>>
>>
>> --
>>  --- Inguza Technology AB --- MSc in Information Technology ----
>> /  ola@inguza.com                    Folkebogatan 26            \
>> |  opal@debian.org                   654 68 KARLSTAD            |
>> |  http://inguza.com/                Mobile: +46 (0)70-332 1551
>> <+46%2070%20332%2015%2051> |
>> \  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
>>  ---------------------------------------------------------------
>>
>>
>


-- 
 --- Inguza Technology AB --- MSc in Information Technology ----
/  ola@inguza.com                    Folkebogatan 26            \
|  opal@debian.org                   654 68 KARLSTAD            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---------------------------------------------------------------

[Message part 2 (text/html, inline)]

Message #41 received at 854447@bugs.debian.org (full text, mbox, reply):

From: Dileep Kumar <dileep.chinu@gmail.com>

To: Ola Lundqvist <ola@inguza.com>

Cc: 854447@bugs.debian.org

Subject: Re: Not sure I can reproduce this problem (CVE-2017-6962)

Date: Wed, 22 Mar 2017 12:52:17 +0530

[Message part 1 (text/plain, inline)]

Yes.

On Tue, Mar 21, 2017 at 5:29 PM, Ola Lundqvist <ola@inguza.com> wrote:

> Thank you. As I suspected. Do you see same error message when you try that
> without ASAN mode?
>
> // Ola
>
> On 21 March 2017 at 10:31, Dileep Kumar <dileep.chinu@gmail.com> wrote:
>
>> Hey,
>>
>> Yep, the bug is always there, ASAN will just make the program abort on
>> heap overflow.
>>
>> -Dileep
>>
>> On Tue, Mar 21, 2017 at 2:05 PM, Ola Lundqvist <ola@inguza.com> wrote:
>>
>>> Hi Dileep
>>>
>>> Thank you.
>>>
>>> No I did not try that. I wanted to test with untouched binaries first.
>>> The problem can still be there in the untouched binary. I just wanted to
>>> check how that behaved to conclude the severity of the issue in stable and
>>> oldstable.
>>>
>>> Do you mean that I have to re-compile the binary in ASAN mode to be able
>>> to trigger the problem, or just that the ASAN mode makes it more visible?
>>>
>>> Best regards
>>>
>>> // Ola
>>>
>>> On 21 March 2017 at 07:24, Dileep Kumar <dileep.chinu@gmail.com> wrote:
>>>
>>>> Hey,
>>>>
>>>> As mentioned, you need to compile the binary in ASAN mode. Have you
>>>> tried using the make file in the attachment??
>>>>
>>>> Best Regards,
>>>> Dileep
>>>>
>>>> On Tue, Mar 21, 2017 at 3:45 AM, Ola Lundqvist <ola@inguza.com> wrote:
>>>>
>>>>> Hi
>>>>>
>>>>> I have tried to reproduce this problem but I can not reproduce a
>>>>> crash. Or is it so that I just do not see it due to how the binary is built?
>>>>>
>>>>> Wheezy:
>>>>> (wheezy_chroot)root@tigereye:/# apng2gif input-854447.png
>>>>> apng2gif 1.5
>>>>> Reading 'input-854447.png'...
>>>>> Error: can't load 'input-854447.png'
>>>>>
>>>>> Sid:
>>>>> (sid_chroot)root@tigereye:/# apng2gif input-854447.png
>>>>> apng2gif 1.7
>>>>> Reading 'input-854447.png'...
>>>>> load_apng() failed: 'input-854447.png'
>>>>>
>>>>> Best regards
>>>>>
>>>>> // Ola
>>>>>
>>>>> --
>>>>>  --- Inguza Technology AB --- MSc in Information Technology ----
>>>>> /  ola@inguza.com                    Folkebogatan 26            \
>>>>> |  opal@debian.org                   654 68 KARLSTAD            |
>>>>> |  http://inguza.com/                Mobile: +46 (0)70-332 1551
>>>>> <+46%2070%20332%2015%2051> |
>>>>> \  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
>>>>>  ---------------------------------------------------------------
>>>>>
>>>>>
>>>>
>>>
>>>
>>> --
>>>  --- Inguza Technology AB --- MSc in Information Technology ----
>>> /  ola@inguza.com                    Folkebogatan 26            \
>>> |  opal@debian.org                   654 68 KARLSTAD            |
>>> |  http://inguza.com/                Mobile: +46 (0)70-332 1551
>>> <+46%2070%20332%2015%2051> |
>>> \  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
>>>  ---------------------------------------------------------------
>>>
>>>
>>
>
>
> --
>  --- Inguza Technology AB --- MSc in Information Technology ----
> /  ola@inguza.com                    Folkebogatan 26            \
> |  opal@debian.org                   654 68 KARLSTAD            |
> |  http://inguza.com/                Mobile: +46 (0)70-332 1551
> <+46%2070%20332%2015%2051> |
> \  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
>  ---------------------------------------------------------------
>
>

[Message part 2 (text/html, inline)]

Message #46 received at 854447@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 854367@bugs.debian.org, 854441@bugs.debian.org, 854447@bugs.debian.org

Subject: Fixed upstream (new upstream version 1.8)

Date: Thu, 25 May 2017 17:25:09 +0200

All of those should be fixed in the new upstream version 1.8 according
to the upstream author.

Message #51 received at 854447@bugs.debian.org (full text, mbox, reply):

From: Moritz Mühlenhoff <jmm@inutil.org>

To: jari.aalto@cante.net

Cc: 854367@bugs.debian.org, 854441@bugs.debian.org, 854447@bugs.debian.org, carnil@debian.org

Subject: Re: Fixed upstream (new upstream version 1.8)

Date: Sun, 1 Oct 2017 11:32:46 +0200

On Thu, May 25, 2017 at 05:25:09PM +0200, Salvatore Bonaccorso wrote:
> All of those should be fixed in the new upstream version 1.8 according
> to the upstream author.

What's the status? This is unfixed for quite a while now?

Cheers,
        Moritz

Message #60 received at 854447@bugs.debian.org (full text, mbox, reply):

From: reiner@reiner-h.de

To: 854367@bugs.debian.org, 854441@bugs.debian.org, 854447@bugs.debian.org

Subject: apng2gif: diff for NMU version 1.8-0.1

Date: Sat, 27 Oct 2018 14:52:26 +0200

Control: tags 854367 + pending
Control: tags 854441 + pending
Control: tags 854447 + pending


Dear maintainer,

I've prepared an NMU for apng2gif (versioned as 1.8-0.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.

Regards.
  Reiner

Message #65 received at 854447-close@bugs.debian.org (full text, mbox, reply):

From: Reiner Herrmann <reiner@reiner-h.de>

To: 854447-close@bugs.debian.org

Subject: Bug#854447: fixed in apng2gif 1.8-0.1

Date: Mon, 29 Oct 2018 13:04:00 +0000

Source: apng2gif
Source-Version: 1.8-0.1

We believe that the bug you reported is fixed in the latest version of
apng2gif, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 854447@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Reiner Herrmann <reiner@reiner-h.de> (supplier of updated apng2gif package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 27 Oct 2018 14:15:49 +0200
Source: apng2gif
Binary: apng2gif
Architecture: source
Version: 1.8-0.1
Distribution: unstable
Urgency: medium
Maintainer: Jari Aalto <jari.aalto@cante.net>
Changed-By: Reiner Herrmann <reiner@reiner-h.de>
Description:
 apng2gif   - tool for converting APNG images to animated GIF format
Closes: 854367 854441 854447
Changes:
 apng2gif (1.8-0.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * New upstream release.
     - Fixes CVE-2017-6960 (Closes: #854367).
     - Fixes CVE-2017-6961 (Closes: #854441).
     - Fixes CVE-2017-6962 (Closes: #854447).
Checksums-Sha1:
 2d6fdc91c41949e7c1707f4f2a1e70c1d43b059f 1886 apng2gif_1.8-0.1.dsc
 f1f24e5ece9b6880334ba218c5ff7dadf91aedda 437914 apng2gif_1.8.orig.tar.gz
 d34cc6d4258909a473752a88eb04405f404f5f22 6724 apng2gif_1.8-0.1.debian.tar.xz
 69f724c185a3620421d84967dee31f72c77f5df3 5548 apng2gif_1.8-0.1_powerpc.buildinfo
Checksums-Sha256:
 e43a8f19ddced85f005478ea8c7be96f202622328d23bd3c90554d9e78fb0679 1886 apng2gif_1.8-0.1.dsc
 4d47a2c0e6656bbc5afeecccc62b22f885a6b0434944bd52824126a156959649 437914 apng2gif_1.8.orig.tar.gz
 8592fc133ea42694c79cfffa5ad31526cb8ab0c0045f1552e246757fd9a1e0be 6724 apng2gif_1.8-0.1.debian.tar.xz
 5e66e72e7073d06871e3793f22c3396df687ce6f63919e4d826ce2e6c6fa43ef 5548 apng2gif_1.8-0.1_powerpc.buildinfo
Files:
 839d4f7f3f0d2a869484e53b0f6de19b 1886 graphics optional apng2gif_1.8-0.1.dsc
 4cf980234840ce2aa856cf328c644e85 437914 graphics optional apng2gif_1.8.orig.tar.gz
 50b9332ec64e1541522fe109244f8d61 6724 graphics optional apng2gif_1.8-0.1.debian.tar.xz
 eaa7b7aac0edb69c1d1fdda722e916a0 5548 graphics optional apng2gif_1.8-0.1_powerpc.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEWXMI+726A12MfJXdxCxY61kUkv0FAlvUXCQACgkQxCxY61kU
kv1JaRAAsFYXg6vhnRAqwdnRYkr1OTBbmm4fsjglS4I/fzixylAXQdpGHNakbrkb
YWjxuOpPwefVzOF15o++MGunIRQMO4C0DBFah6Qf4Ioz+Wtx8Lmo6d/TZKG2R80X
7ekCOSgmE5SDkl+xfY0RrJqTTY8bLkhsplzaQsY/fyyf3isRCbkkhOZRfSWOCewa
Zft8c8U9lUVmKgGyh5AP3keJDVhgZiuU2buDswUq2VTsuQaBTwyXIICGWbIWjE0u
F0ayKvzCQKgWTHg8PSAY4m884/DyDupEofHxfYuzSp5rH4iEk4O24oJuCv6vnKyg
r1M4kiauBW0arqW4H/u4J5yKmywXxrppXRYQ+O3eu9y6sC3Vxee0rZgtNgv7GPTP
EBJik9qHLuB34TmDi5ynAx96QjQkvutMHTZsF6dksSkyasoVZ217UaL/9glAqrVN
4DvE0c6TrLsP4HTySatZJfoEze1NigJPrO9k1m5C6TEV/gKZfKXneba7IRcGxPNE
cApUjza56COd7MG2x82XpnI+vGCZChU8gVde3VnKUTLJAXJxa9tjg/zmdgtMi3GS
V5yYNYTkDY9NKzOF7vpSxRQgna0RXSg6XkMM77b/OEaxL217/Xeg6nwXrlsucCN4
mfIZm1rg9DsIBdMAvuIByMLNg6lD111OnSerGNvMmTMU0PUuabM=
=kXuG
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.