CVE-2010-4262: Buffer overflow

Debian Bug report logs - #606257
CVE-2010-4262: Buffer overflow

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: CVE-2010-4262: Buffer overflow

Date: Tue, 07 Dec 2010 22:16:36 +0100

Package: xfig
Severity: important
Tags: security

Hi,
please see https://bugzilla.redhat.com/show_bug.cgi?id=659676 for details
and a patch. Please fix this for Squeeze.

The attack vector is fairly obscure, so we don't need a DSA for it,
you could fix it through a point update, though:
http://www.debian.org/doc/developers-reference/pkgs.html#upload-stable

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages xfig depends on:
ii  libc6                         2.11.2-7   Embedded GNU C Library: Shared lib
ii  libjpeg62                     6b1-1      The Independent JPEG Group's JPEG 
ii  libpng12-0                    1.2.44-1   PNG library - runtime
ii  libx11-6                      2:1.3.3-4  X11 client-side library
ii  libxi6                        2:1.3-5    X11 Input extension library
ii  libxpm4                       1:3.5.9-1  X11 pixmap library
ii  libxt6                        1:1.0.7-1  X11 toolkit intrinsics library
ii  xaw3dg                        1.5+E-18   Xaw3d widget set

Versions of packages xfig recommends:
pn  transfig                      <none>     (no description available)
pn  xfig-libs                     <none>     (no description available)

Versions of packages xfig suggests:
pn  cupsys-client | lpr       <none>         (no description available)
ii  ghostscript-x [gs]        8.71~dfsg2-6   The GPL Ghostscript PostScript/PDF
ii  gimp                      2.6.11-1       The GNU Image Manipulation Program
ii  gs                        8.64~dfsg-1.1  Transitional package
pn  gsfonts-x11               <none>         (no description available)
ii  netpbm                    2:10.0-12.2+b1 Graphics conversion tools between 
pn  spell                     <none>         (no description available)
pn  xfig-doc                  <none>         (no description available)

Message #10 received at 606257@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>

To: Moritz Muehlenhoff <jmm@debian.org>

Cc: 606257@bugs.debian.org

Subject: Re: CVE-2010-4262: Buffer overflow

Date: Fri, 17 Dec 2010 17:52:28 +0100

On Tue, Dec 07, 2010 at 10:16:36PM +0100, Moritz Muehlenhoff wrote:
> Package: xfig
> Severity: important
> Tags: security
> 
> Hi,
> please see https://bugzilla.redhat.com/show_bug.cgi?id=659676 for details
> and a patch. Please fix this for Squeeze.
> 
> The attack vector is fairly obscure, so we don't need a DSA for it,
> you could fix it through a point update, though:
> http://www.debian.org/doc/developers-reference/pkgs.html#upload-stable

Please still fix this for Squeeze with an isolated bugfix.

Cheers,
         Moritz

Message #15 received at 606257@bugs.debian.org (full text, mbox, reply):

From: Giuseppe Iuculano <iuculano@debian.org>

To: 606257@bugs.debian.org

Subject: xfig: diff for NMU version 1:3.2.5.b-1.1

Date: Wed, 29 Dec 2010 17:00:27 +0100

[Message part 1 (text/plain, inline)]

tags 606257 + patch
thanks

Dear maintainer,

I've prepared an NMU for xfig (versioned as 1:3.2.5.b-1.1). The diff
is attached to this message.

Regards.
Giuseppe

[xfig-3.2.5.b-1.1-nmu.diff (text/x-diff, attachment)]

[signature.asc (application/pgp-signature, inline)]

Message #22 received at 606257-close@bugs.debian.org (full text, mbox, reply):

From: Giuseppe Iuculano <iuculano@debian.org>

To: 606257-close@bugs.debian.org

Subject: Bug#606257: fixed in xfig 1:3.2.5.b-1.1

Date: Wed, 29 Dec 2010 16:17:17 +0000

Source: xfig
Source-Version: 1:3.2.5.b-1.1

We believe that the bug you reported is fixed in the latest version of
xfig, which is due to be installed in the Debian FTP archive:

xfig-doc_3.2.5.b-1.1_all.deb
  to main/x/xfig/xfig-doc_3.2.5.b-1.1_all.deb
xfig-libs_3.2.5.b-1.1_all.deb
  to main/x/xfig/xfig-libs_3.2.5.b-1.1_all.deb
xfig_3.2.5.b-1.1.diff.gz
  to main/x/xfig/xfig_3.2.5.b-1.1.diff.gz
xfig_3.2.5.b-1.1.dsc
  to main/x/xfig/xfig_3.2.5.b-1.1.dsc
xfig_3.2.5.b-1.1_i386.deb
  to main/x/xfig/xfig_3.2.5.b-1.1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 606257@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Giuseppe Iuculano <iuculano@debian.org> (supplier of updated xfig package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 29 Dec 2010 16:50:04 +0100
Source: xfig
Binary: xfig xfig-doc xfig-libs
Architecture: source all i386
Version: 1:3.2.5.b-1.1
Distribution: unstable
Urgency: high
Maintainer: Roland Rosenfeld <roland@debian.org>
Changed-By: Giuseppe Iuculano <iuculano@debian.org>
Description: 
 xfig       - Facility for Interactive Generation of figures under X11
 xfig-doc   - XFig on-line documentation and examples
 xfig-libs  - XFig image libraries and examples
Closes: 606257
Changes: 
 xfig (1:3.2.5.b-1.1) unstable; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fixed CVE-2010-4262: Stack-based buffer overflow by processing certain FIG
     images (Closes: #606257)
Checksums-Sha1: 
 4ac02fcafa1311e6172e263668fdf57a3bd9ded7 1161 xfig_3.2.5.b-1.1.dsc
 f0d19399584b5e6a914fd7d1f92945a394bd425e 48728 xfig_3.2.5.b-1.1.diff.gz
 2ed55fc84ffcfa6643b3724a532d00444c2202ef 3435242 xfig-doc_3.2.5.b-1.1_all.deb
 4a79ac269f8dafcad699b977a2f04f5e9d9067d1 1752754 xfig-libs_3.2.5.b-1.1_all.deb
 eec420e70bf0e25625f5583245ba03011656272d 643376 xfig_3.2.5.b-1.1_i386.deb
Checksums-Sha256: 
 4fa74ab32c91d8356e4c7997ee69c3dcd864aeda30c44d9fa099a57fd6510513 1161 xfig_3.2.5.b-1.1.dsc
 5f2d7db923cfc88ea13971b01abad09f3cb1aeac42ef6cc99501f982fb13d8f6 48728 xfig_3.2.5.b-1.1.diff.gz
 151109866000fd867836422c9f47a2354b36ea540a1b4fe7eda3cd592f9b6f22 3435242 xfig-doc_3.2.5.b-1.1_all.deb
 957f2a76c276a669e700c25b97d46db33c8291d748e065d9bc572befb3dcc609 1752754 xfig-libs_3.2.5.b-1.1_all.deb
 2d44a0d47ecb4e2d8636cda25bd4ce760cb7e4b6bc187621c3762e0f8f45463b 643376 xfig_3.2.5.b-1.1_i386.deb
Files: 
 4feaad14a93211c4d5719fc3f43458e6 1161 graphics optional xfig_3.2.5.b-1.1.dsc
 72d04f0adaac6623538cfb4ad07f97e3 48728 graphics optional xfig_3.2.5.b-1.1.diff.gz
 b97163d3b8d2f60bd21ab8efbda2fd36 3435242 doc optional xfig-doc_3.2.5.b-1.1_all.deb
 1d044702064998d699e4837341fb7e5e 1752754 graphics optional xfig-libs_3.2.5.b-1.1_all.deb
 a98836898b7a04a01ee60a017d2c4aaa 643376 graphics optional xfig_3.2.5.b-1.1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk0bWsYACgkQNxpp46476apt0ACfTAi29UB9CIfF0KozT6Fh41I1
zXEAn2tclqsEChPla7+TmS6yFlr5CAzS
=rSij
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.