giflib: CVE-2015-7555: Heap-based buffer overflow in giffix utility

Debian Bug report logs - #808704
giflib: CVE-2015-7555: Heap-based buffer overflow in giffix utility

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: giflib: Heap-based buffer overflow in giffix utility

Date: Mon, 21 Dec 2015 22:51:28 +0100

Source: giflib
Version: 5.1.1-0.2
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for giflib.

CVE-2015-7555[0]:
Heap-based buffer overflow in giffix utility

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-7555
[1] https://marc.info/?l=full-disclosure&m=145071139902501&w=2

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Message #14 received at 808704@bugs.debian.org (full text, mbox, reply):

From: Guido Günther <agx@sigxcpu.org>

To: Salvatore Bonaccorso <carnil@debian.org>, 808704@bugs.debian.org

Subject: Re: Bug#808704: giflib: Heap-based buffer overflow in giffix utility

Date: Thu, 31 Dec 2015 15:06:13 +0100

[Message part 1 (text/plain, inline)]

Hi,
On Mon, Dec 21, 2015 at 10:51:28PM +0100, Salvatore Bonaccorso wrote:
> Source: giflib
> Version: 5.1.1-0.2
> Severity: important
> Tags: security upstream
> 
> Hi,
> 
> the following vulnerability was published for giflib.
> 
> CVE-2015-7555[0]:
> Heap-based buffer overflow in giffix utility
> 
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

Does the attached patch make sense? If so I'd prepare debdiffs for
squeeze/jessie/wheezy.
Cheers,
 -- Guido

[0001-CVE-2015-7555-base-width-on-image-width-instead-of-c.patch (text/x-diff, attachment)]

Message #21 received at 808704-close@bugs.debian.org (full text, mbox, reply):

From: Matthias Klose <doko@debian.org>

To: 808704-close@bugs.debian.org

Subject: Bug#808704: fixed in giflib 5.1.2-0.1

Date: Sat, 16 Jan 2016 21:50:14 +0000

Source: giflib
Source-Version: 5.1.2-0.1

We believe that the bug you reported is fixed in the latest version of
giflib, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 808704@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Matthias Klose <doko@debian.org> (supplier of updated giflib package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 16 Jan 2016 22:26:13 +0100
Source: giflib
Binary: giflib-dbg giflib-tools libgif7 libgif-dev
Architecture: source amd64
Version: 5.1.2-0.1
Distribution: unstable
Urgency: high
Maintainer: Thibaut Gridel <tgridel@free.fr>
Changed-By: Matthias Klose <doko@debian.org>
Description:
 giflib-dbg - library for GIF images (debug)
 giflib-tools - library for GIF images (utilities)
 libgif-dev - library for GIF images (development)
 libgif7    - library for GIF images (library)
Closes: 808704
Changes:
 giflib (5.1.2-0.1) unstable; urgency=high
 .
   * Non-maintainer upload.
   * New upstream version.
     - CVE-2015-7555, Heap-based buffer overflow in giffix utility.
       Closes: #808704.
Checksums-Sha1:
 d39c80219a08f78da22ff26fd757a343b62ddf00 2054 giflib_5.1.2-0.1.dsc
 3f7bc86280db30a7120b2113f9f261301c515ad2 638967 giflib_5.1.2.orig.tar.bz2
 0a7850a0debf73a3a40dc3fdef8becf4a1dc2c43 12152 giflib_5.1.2-0.1.debian.tar.xz
 d5e6fb8ffe1bf0d2eb8b3a4ed583dd5f52ace8f5 166402 giflib-dbg_5.1.2-0.1_amd64.deb
 c00974d92158557a29ebce499be1f057c6d84937 121034 giflib-tools_5.1.2-0.1_amd64.deb
 0adb892658eda0fb26c7a8ad94ea462714b3c59b 44380 libgif-dev_5.1.2-0.1_amd64.deb
 6ace961e7430874fafb53140807bf3385cce3c75 42030 libgif7_5.1.2-0.1_amd64.deb
Checksums-Sha256:
 b89ea0e888b2eceeb9c44b3dafc1a097d6a700c1121cfef7cee59f7107459e02 2054 giflib_5.1.2-0.1.dsc
 76c0a084c3b02f9315ff937b8be6096186002fea26f33e2123081ba2be6e2a7c 638967 giflib_5.1.2.orig.tar.bz2
 068558718360b9c0d40afac1760f3b6e797a36d0143448e2c1fb16d5c546e87a 12152 giflib_5.1.2-0.1.debian.tar.xz
 77192b5d61384c0fd7467ce18b212927a3a0ef617933cd939777ad2d72a98af6 166402 giflib-dbg_5.1.2-0.1_amd64.deb
 25d42132e9c09ad3911099be000a820d9bf713946367322eea16a8a1ae1726bc 121034 giflib-tools_5.1.2-0.1_amd64.deb
 888be6e26c6f0f2e44552b19c3c1f789cfbf6c47dbd7c8bf2d3f066c93d4cab6 44380 libgif-dev_5.1.2-0.1_amd64.deb
 2723fc8aa72520a9761ec8d255dfd1ba240a270ab3f738e6ac5d6fc1085c661a 42030 libgif7_5.1.2-0.1_amd64.deb
Files:
 312411210693c2a58eda6d877a585475 2054 libs optional giflib_5.1.2-0.1.dsc
 323a9f11ab56c8a2d1715376410ce376 638967 libs optional giflib_5.1.2.orig.tar.bz2
 8ce448054c46b8c019f9afbb7cc965bc 12152 libs optional giflib_5.1.2-0.1.debian.tar.xz
 25b6182cba3d46ec3f921e8cdf3d6bc5 166402 debug extra giflib-dbg_5.1.2-0.1_amd64.deb
 31b4f765a222f5befd9c245abd5927c6 121034 utils optional giflib-tools_5.1.2-0.1_amd64.deb
 6d669454a8714a6777f0986ed9020e68 44380 libdevel optional libgif-dev_5.1.2-0.1_amd64.deb
 c5677eb81853eaba7c9855ac86dcf0a4 42030 libs optional libgif7_5.1.2-0.1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWmrauAAoJEL1+qmB3j6b1AgkP/1kQdUmmGfv7bRflKPgSqwCg
6m47gpUDnww2PZncXotomhQgI/7hVEP0ExFJ8Ahst2ZsRyVjybc+h6BjqqqETViY
2OBNK7c8jKi8wQQL0A+slphuKr3K/AqiYquU4axAJU84djSfJAo7CHjx9FrVP83z
9FOAVY0lltMwWrq/iJNHMX6e6yzGf/cpN+kzZpi8dwpRRrIV2bW1HwIsk1SnwOlV
IakDe4qRtzTFank4sdcBdE97M/KWQ2IzSNG6XKSQxTwLo+g5niREewK1yYKg4Pbl
TqcWyvSi7hIzZ79Cln0TwCy+cBDo6i1wfFcOjYAHtZzZ1W76/I4U5m9cALoG3ZzD
uWdHzwH86+Bj1YoQ6wghEhD2WGv2+nkn6WToAMSKMuOH4A5DuaA3JnUb6ckaN0Jc
IzkdjLqxoiPAa0A3MQj5H8fqAuaDrThMqps02X7cMR2XyygsOTn1Ao59TEjLFsc/
5FjtBlOByIN4HbNfUyjd30vIl3UUjPJIYcsWxPjZyfMF13VOe1AnaWiG7KyU8GBc
adjSBRWRyUOtFAL30HQiclALX1HHP7iO1LTQ+G8XpAkxQWi+IREorrilmO7MkNhA
B9RbB9jK8GLsFcb4PN/5f+hHmszmvT4J0OFQ21P0RJs9WdkJF4OuleXsbC4xyrOV
usAQKrvGhfzNmrqCbcXt
=ZlO/
-----END PGP SIGNATURE-----

Message #26 received at 808704@bugs.debian.org (full text, mbox, reply):

From: Guido Günther <agx@sigxcpu.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: jessie-pu: package giflib/4.1.6-11+deb8u1

Date: Fri, 22 Jan 2016 19:49:11 +0100

[Message part 1 (text/plain, inline)]

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu

Hi,
I'd like to fix CVE-2015-7555 via jessie-pu since the bug is fixed in
Squeeze LTS and we try to not introduce new security issues when people
upgrade (the Debian security team marked this CVE as no-dsa).

Please find the debdiff attached.
Cheers,
 -- Guido

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'stable-updates'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.1.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

[4.1.6-11+deb8u1.diff (text/x-diff, attachment)]

Message #31 received at 808704@bugs.debian.org (full text, mbox, reply):

From: Guido Günther <agx@sigxcpu.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: wheezy-pu: package giflib/4.1.6-10+deb7u1

Date: Fri, 22 Jan 2016 19:50:30 +0100

[Message part 1 (text/plain, inline)]

Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian.org@packages.debian.org
Usertags: pu

Hi,
I'd like to fix CVE-2015-7555 via wheezy-pu since the bug is fixed in
Squeeze LTS and we try to not introduce new security issues when people
upgrade (the Debian security team marked this CVE as no-dsa).

Please find the debdiff attached.
Cheers,
 -- Guido

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'stable-updates'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.1.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

[4.1.6-10+deb7u1.diff (text/x-diff, attachment)]

Message #36 received at 808704-close@bugs.debian.org (full text, mbox, reply):

From: Guido Günther <agx@sigxcpu.org>

To: 808704-close@bugs.debian.org

Subject: Bug#808704: fixed in giflib 4.1.6-11+deb8u1

Date: Tue, 26 Jan 2016 21:47:08 +0000

Source: giflib
Source-Version: 4.1.6-11+deb8u1

We believe that the bug you reported is fixed in the latest version of
giflib, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 808704@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Guido Günther <agx@sigxcpu.org> (supplier of updated giflib package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 18 Jan 2016 17:08:39 +0100
Source: giflib
Binary: giflib-dbg giflib-tools libgif4 libgif-dev
Architecture: source
Version: 4.1.6-11+deb8u1
Distribution: stable-proposed-updates
Urgency: medium
Maintainer: Thibaut Gridel <tgridel@free.fr>
Changed-By: Guido Günther <agx@sigxcpu.org>
Closes: 808704
Description: 
 giflib-dbg - library for GIF images (debug)
 giflib-tools - library for GIF images (utilities)
 libgif4    - library for GIF images (library)
 libgif-dev - library for GIF images (development)
Changes:
 giflib (4.1.6-11+deb8u1) stable-proposed-updates; urgency=medium
 .
   * Non-maintainer upload by the LTS Security Team.
   * CVE-2015-7555: bail out if Width > SWidth.
     Cherry-picked upstream commit 179510be300bf11115e37528d79619b53c884a63
     (Closes: #808704)
Checksums-Sha1: 
 937ca29da24e27d93b17dc99741f0768cd8cadf8 2039 giflib_4.1.6-11+deb8u1.dsc
 fc9d3910a92fcd430c7741b2de1a6d3bd3e99559 9240 giflib_4.1.6-11+deb8u1.debian.tar.xz
Checksums-Sha256: 
 58f18c5c6bb24dbce21b13c7252319cb659fb0e86174ebbf8ccee8c7fea38cbb 2039 giflib_4.1.6-11+deb8u1.dsc
 c1b25cc01096d9d70e86035040358785bc6b620af5647c92af0ccb9c37d6892c 9240 giflib_4.1.6-11+deb8u1.debian.tar.xz
Files: 
 a1b7c4fa976592969cfbdc036df462eb 2039 libs optional giflib_4.1.6-11+deb8u1.dsc
 cb9afad46009703eed8b7ba6e432239d 9240 libs optional giflib_4.1.6-11+deb8u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIVAwUBVqVFgwe4t7DqmBILAQgHqhAAgmeflE0kEoCxmLv5gW1E0sBJc6eJosqK
HdPAwZ00JtIBt7l5/WDmMWc+uZDiBLRfSpp+DS9v4t3WL2lb2/g8L1CJDOIvTSas
vJSfxRZKLGjnZMh81MeaPmCGdieRiS0y8aaklEWlFEKGkX7NwDXX1w0yi+lTaavE
Ryvn/dHf3sL0a3YCBl1fjmNpgdmsJoLMZKQOQzEIw7sxO4YCdGxMHF/mx/5xVo0c
k5uPXI2q03if5A7GwOQjA+rMkQyIXBeGk66tXz+lpZvOeUycHGinozYzzyrXwcCU
6El9f3EJi3hmEo9q1fY6Cy0C29TbjwnyD8kRiYIaCf+LPY1neZQu8IEaodgI6pD7
seLollujiRsaRcwl/BwsH8lZSHqHn/4qpeq17hygumiJmf7HM1xYjpWUhXl3QqEP
onud5B03QZ5JoKRrUj2oHpi+Z0AN+VRekQvxY9BdyYkEhU/HaHuARrJGibvHr1ly
1kf/D9ZBAqoIss40/thKT6I6jmS9qFRc1WycGesJ3WvOsqBAmkvL1QwSoOFT4PTs
ElXrqYs7f2P7PkUENQXPxBH/EUIuS2XWmuknklwKcRfs79NR0yAyvmkAhLsorhOb
0uKGxaLvborQwNe3CgAi9yvwuQm/jDp3RHYfK56U0v9jJSy/S3EXa5ZG3kvIGrUm
+yMY6YvTKxk=
=FMsy
-----END PGP SIGNATURE-----

Message #41 received at 808704-close@bugs.debian.org (full text, mbox, reply):

From: Guido Günther <agx@sigxcpu.org>

To: 808704-close@bugs.debian.org

Subject: Bug#808704: fixed in giflib 4.1.6-10+deb7u1

Date: Tue, 26 Jan 2016 21:47:39 +0000

Source: giflib
Source-Version: 4.1.6-10+deb7u1

We believe that the bug you reported is fixed in the latest version of
giflib, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 808704@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Guido Günther <agx@sigxcpu.org> (supplier of updated giflib package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 22 Jan 2016 19:03:38 +0100
Source: giflib
Binary: giflib-dbg giflib-tools libgif4 libgif-dev
Architecture: source amd64
Version: 4.1.6-10+deb7u1
Distribution: wheezy
Urgency: medium
Maintainer: Thibaut Gridel <tgridel@free.fr>
Changed-By: Guido Günther <agx@sigxcpu.org>
Description: 
 giflib-dbg - library for GIF images (debug)
 giflib-tools - library for GIF images (utilities)
 libgif-dev - library for GIF images (development)
 libgif4    - library for GIF images (library)
Closes: 808704
Changes: 
 giflib (4.1.6-10+deb7u1) wheezy; urgency=medium
 .
   * Non-maintainer upload by the LTS Team.
   * CVE-2015-7555: bail out if Width > SWidth.
     Cherry-picked upstream commit 179510be300bf11115e37528d79619b53c884a63
     (Closes: #808704)
Checksums-Sha1: 
 2c74be2924d1da1f2608b718874d75b43b5f7601 1995 giflib_4.1.6-10+deb7u1.dsc
 9b16f6685ab87150faa123f3ced16149fb5817c0 10208 giflib_4.1.6-10+deb7u1.debian.tar.gz
 b253dddfa865a81074f65d6fbdec12b92e44f22a 380532 giflib-dbg_4.1.6-10+deb7u1_amd64.deb
 579d5f95d1fae0792d35f4e7b6470d3f8140d272 197308 giflib-tools_4.1.6-10+deb7u1_amd64.deb
 166603aee8cde3bc15b2f26957aa2eb1ca5ba546 42580 libgif4_4.1.6-10+deb7u1_amd64.deb
 fcb99a2d4cd72944761c15ff65ba29bd34e65ffe 46166 libgif-dev_4.1.6-10+deb7u1_amd64.deb
Checksums-Sha256: 
 69550041e9a0d513ae3443f7e2c0b9cf73513c832c77c711b2443569ce668f6e 1995 giflib_4.1.6-10+deb7u1.dsc
 91b58127e01784db83cccda2775dab40e7e1db5d1df4088f21f5890869b5a746 10208 giflib_4.1.6-10+deb7u1.debian.tar.gz
 beeaa3a34ac786c97aff250b8c8aeb1661f4952e9a29dfdd954db45a5b2d8427 380532 giflib-dbg_4.1.6-10+deb7u1_amd64.deb
 54ba4c11ab8a5054593a3c6fee1bcb12c96e4c705dbc7942cf899ce31b99e3b3 197308 giflib-tools_4.1.6-10+deb7u1_amd64.deb
 6b2e94b180b9bb534744104505e27955e0ba336eca04983523e453aca0741882 42580 libgif4_4.1.6-10+deb7u1_amd64.deb
 326ee77a6315ff73e130be4be5d52b2f8dda010220c9e46e3cb819a4d7129b43 46166 libgif-dev_4.1.6-10+deb7u1_amd64.deb
Files: 
 19feb1d9220506656b5625c646ce3029 1995 libs optional giflib_4.1.6-10+deb7u1.dsc
 369a49bbe63853b8b35ab2dc4b32d067 10208 libs optional giflib_4.1.6-10+deb7u1.debian.tar.gz
 09ae5a096d0b4a1b59ab220eb6566eb3 380532 debug extra giflib-dbg_4.1.6-10+deb7u1_amd64.deb
 14293d19378b2dfd08e442606a24a478 197308 utils optional giflib-tools_4.1.6-10+deb7u1_amd64.deb
 5dc005688446d38ef6b37201d4433862 42580 libs optional libgif4_4.1.6-10+deb7u1_amd64.deb
 6c6ce78fe089ae0a87d151ecbedafcbf 46166 libdevel optional libgif-dev_4.1.6-10+deb7u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIVAwUBVqXIqwe4t7DqmBILAQicVxAAtsgQndNIaTm0z3P0C6GqU8H0eBilb+hf
kSVP/DhnjIFjBodQE2fOreo8/l8E6y5RnFvdwXotQzpXxOghX45RgvJahH44flan
qopkEqhe6kkaYaFBDDgddH8xvvf1U2AbEAOQmrkRO/NDMWMOC9GY/vAVJuUmaxYp
4SmbJY9PQRfvC4RMF1NCuYDcP8YWD3b3bSKsME4pUO8DNoUdXY+fNT79Th7ALJ89
kGKPFZv2NkhB9ns5/37Z8ZrQSjl9bHnjwA2p//l009nLbaKvcA0XZ6TKfJV1/KPS
9PeKUpAagBb8x341IQuA+kw6RsPMt7I7H8DNvx450Uw/OEGXJ0wrIXikS+N+lMqV
8wfoKSmrE1I2bJnk9oxbXLA+yjFAHkpLzRxTk0iu2LH7h93NcZCynmtg5pDNwX29
CuIlWoFk0T+q0+GOYAUC2Jvhu4tkqoIeUpmQ7pEcn8OL3RJ4kax6i0+hNT7z2r5+
iu8byp8LeQ0gkX8Q2C2LNaw2E7W5h4M7cheWgl6BN8US6zFnsxdOebjY58eFdBSs
GmExxVPJlXlpQ0oGDHWjLcFmi3JkiZQJLm9Z1sWGfa2A97Y0HIf/buSjazkfV8uJ
1a7DBI4P3xc8IsfEL5Q5F8Ilgol+NVjuoab0ZgiZEx4UT8X/0VQvI5E9xm/qqb+p
gF45XZi5nE8=
=M4M3
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.