Debian Bug report logs -
#594155
CVE-2010-1526: overflows in TIFF, JPEG, DIP decoding
Reported by: Florian Weimer <fw@deneb.enyo.de>
Date: Tue, 24 Aug 2010 06:06:02 UTC
Severity: normal
Tags: security
Fixed in versions libgdiplus/2.6.7-2, libgdiplus/1.9-1+lenny1
Done: Jo Shields <directhex@apebox.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian Mono Group <pkg-mono-group@lists.alioth.debian.org>:
Bug#594155; Package libgdiplus.
(Tue, 24 Aug 2010 06:06:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Florian Weimer <fw@deneb.enyo.de>:
New Bug report received and forwarded. Copy sent to Debian Mono Group <pkg-mono-group@lists.alioth.debian.org>.
(Tue, 24 Aug 2010 06:06:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libgdiplus
Tags: security
Vulnerabilities have been discoverd in libgdiplus. Here is the
summary from Secunia's advisory:
| Secunia Research has discovered three vulnerabilities in libgdiplus
| for Mono, which can be exploited by malicious people to compromise an
| application using the library.
|
| 1) An integer overflow error within the "gdip_load_tiff_image()"
| function in src/tiffcodec.c can be exploited to cause a heap-based
| buffer overflow by e.g. processing specially crafted TIFF images in
| an application using the library.
|
| 2) An integer overflow error within the
| "gdip_load_jpeg_image_internal()" function in src/jpegcodec.c can be
| exploited to cause a heap-based buffer overflow by e.g. processing
| specially crafted JPEG images in an application using the library.
|
| 3) An integer overflow error within the "gdip_read_bmp_image()"
| function in src/bmpcodec.c can be exploited to cause a heap-based
| buffer overflow by e.g. processing specially crafted BMP images in an
| application using the library.
<http://article.gmane.org/gmane.comp.security.bugtraq/44343>
This should probably be fixed in a point release for lenny.
Reply sent
to Jo Shields <directhex@apebox.org>:
You have taken responsibility.
(Wed, 25 Aug 2010 08:36:03 GMT) (full text, mbox, link).
Notification sent
to Florian Weimer <fw@deneb.enyo.de>:
Bug acknowledged by developer.
(Wed, 25 Aug 2010 08:36:03 GMT) (full text, mbox, link).
Message #10 received at 594155-close@bugs.debian.org (full text, mbox, reply):
Source: libgdiplus
Source-Version: 2.6.7-2
We believe that the bug you reported is fixed in the latest version of
libgdiplus, which is due to be installed in the Debian FTP archive:
libgdiplus_2.6.7-2.diff.gz
to main/libg/libgdiplus/libgdiplus_2.6.7-2.diff.gz
libgdiplus_2.6.7-2.dsc
to main/libg/libgdiplus/libgdiplus_2.6.7-2.dsc
libgdiplus_2.6.7-2_amd64.deb
to main/libg/libgdiplus/libgdiplus_2.6.7-2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 594155@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jo Shields <directhex@apebox.org> (supplier of updated libgdiplus package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 25 Aug 2010 08:51:05 +0100
Source: libgdiplus
Binary: libgdiplus
Architecture: source amd64
Version: 2.6.7-2
Distribution: experimental
Urgency: high
Maintainer: Debian Mono Group <pkg-mono-group@lists.alioth.debian.org>
Changed-By: Jo Shields <directhex@apebox.org>
Description:
libgdiplus - interface library for System.Drawing of Mono
Closes: 594155
Changes:
libgdiplus (2.6.7-2) experimental; urgency=high
.
* SECURITY UPDATE: Import upstream commit fa0e3a1d516166c341d5, which
closes integer overflows in BMP, JPEG and TIFF handling.
(Closes: #594155) (CVE-2010-1526)
Checksums-Sha1:
cd0460d57ae6be113a5c0df5c6a079e28c3f5430 1876 libgdiplus_2.6.7-2.dsc
bf862b5e88115f9f468ad98a09f64e76d2ebb4fc 7881 libgdiplus_2.6.7-2.diff.gz
78017a1815928ed569ce27af5fb426046985e263 170806 libgdiplus_2.6.7-2_amd64.deb
Checksums-Sha256:
d3df496310dd794f19e69b93249e443a082799e536d631b72a694a7e98638d78 1876 libgdiplus_2.6.7-2.dsc
dd444f9a03f07b31f645104ae630fce885df654acaf99dd0b881d132e63ee507 7881 libgdiplus_2.6.7-2.diff.gz
18184381c69aeca9c715b91b9d890273a4afa7eec14d97b82e3d0b8bd7a7d613 170806 libgdiplus_2.6.7-2_amd64.deb
Files:
d26f5e35710f527b5d621c4ac904e548 1876 libs optional libgdiplus_2.6.7-2.dsc
c27f0cb84a01a86a096e784816896f7a 7881 libs optional libgdiplus_2.6.7-2.diff.gz
687406c66851ae859e5f4d06be6ddb32 170806 libs optional libgdiplus_2.6.7-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJMdM+1AAoJEMkPnLkOH60MkNQH/A+K1wia9QZRU6bkNOX31ZQt
/p7oiKqc3moCj/4B5B3oTM5toRHSlQSWReAd9h4AL/8pRML4udDbnRHB8hm8Cf76
6PfoUc2tagz1O70X6qxfqT2u2lY45YsJ8lr69rqdtFXkVJRqwE7/BConmjlWNcZu
K5rBV+suSNPX5MvS1XR631hMsDiLMedcYsk7yWrIH9tUXxDC62mXzqqErDovqXG5
hnD/AaRH5YauS/Dg/SIBiGy2odqpusFO1Je0GIh8jCCKnU7yjO903+lkENuyZ6dE
jPeFXo6iMc0nrOi8oj2qUtmVhjgr2m8CJZTKDlSdJlf5311/+ub56kUZRn0WfS8=
=hvyv
-----END PGP SIGNATURE-----
Reply sent
to Jo Shields <directhex@apebox.org>:
You have taken responsibility.
(Sun, 05 Sep 2010 14:03:09 GMT) (full text, mbox, link).
Notification sent
to Florian Weimer <fw@deneb.enyo.de>:
Bug acknowledged by developer.
(Sun, 05 Sep 2010 14:03:09 GMT) (full text, mbox, link).
Message #15 received at 594155-close@bugs.debian.org (full text, mbox, reply):
Source: libgdiplus
Source-Version: 1.9-1+lenny1
We believe that the bug you reported is fixed in the latest version of
libgdiplus, which is due to be installed in the Debian FTP archive:
libgdiplus_1.9-1+lenny1.diff.gz
to main/libg/libgdiplus/libgdiplus_1.9-1+lenny1.diff.gz
libgdiplus_1.9-1+lenny1.dsc
to main/libg/libgdiplus/libgdiplus_1.9-1+lenny1.dsc
libgdiplus_1.9-1+lenny1_amd64.deb
to main/libg/libgdiplus/libgdiplus_1.9-1+lenny1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 594155@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jo Shields <directhex@apebox.org> (supplier of updated libgdiplus package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 01 Sep 2010 11:25:23 +0100
Source: libgdiplus
Binary: libgdiplus
Architecture: source amd64
Version: 1.9-1+lenny1
Distribution: stable
Urgency: high
Maintainer: Debian Mono Group <pkg-mono-group@lists.alioth.debian.org>
Changed-By: Jo Shields <directhex@apebox.org>
Description:
libgdiplus - interface library for Mono class System.Drawing
Closes: 594155
Changes:
libgdiplus (1.9-1+lenny1) stable; urgency=high
.
* [b29175e] SECURITY UPDATE: Import upstream commit
fa0e3a1d516166c341d5, which closes integer overflows in BMP, JPEG
and TIFF handling. (Closes: #594155) (CVE-2010-1526)
Checksums-Sha1:
d4df6ad09b9e9027b9069873f9171249b079113f 1751 libgdiplus_1.9-1+lenny1.dsc
cdbd731b7ecc4bdfa1f6c63bcf6422055280e4d6 6876 libgdiplus_1.9-1+lenny1.diff.gz
1adca968a91804e2237a586d60c808bbab6618d8 171460 libgdiplus_1.9-1+lenny1_amd64.deb
Checksums-Sha256:
3a6a03fb1b12790b4badaa089586d0ef972a2215b76dd7b3fc7162659af72217 1751 libgdiplus_1.9-1+lenny1.dsc
336cf06ec303623c66ae3769bf2b6bd1eecf74af4ca86d9c215b2be64a4f76c5 6876 libgdiplus_1.9-1+lenny1.diff.gz
5cff04e854c142183c363cc8a2f48ad6501a3de6bdd851fe9cced33059809d5a 171460 libgdiplus_1.9-1+lenny1_amd64.deb
Files:
9617ff14ac7d363ae6b1c8597d862693 1751 libs optional libgdiplus_1.9-1+lenny1.dsc
5fa6f265adafe0b1a92a096c707f5143 6876 libs optional libgdiplus_1.9-1+lenny1.diff.gz
f8fa885ac28f24384b5470c51d345820 171460 libs optional libgdiplus_1.9-1+lenny1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBCAAGBQJMfjTKAAoJEMkPnLkOH60MlBQH/09nt2gfUWrUrFA6m+5TPIZa
2YKFbT/1KJMW5KdLFNdarTH4kROM7+YsznZEO8BkSlcpQZkMG5QTJZ1ko3unhaka
ebbctYV2j46QuwhGcQMDJ+TFC7jSa+sH9INarIlg9f7Yhi08bR+mYT+0C9GVRuNS
D8WRH1T7Wjhg+fkjS+/InCSGSZraYPHKpYpKj1HC+SiapwWc3VRzj6CEL2wN8k5X
nh8s0p5H4wT8irt/jMMhgRJH6th88bSihQhdOS9MHwNz8uK8QZQqZcEbJW38ucV3
zJrQfV9dPpFZm2zO+08zXjgzIONiSlGbhUccZZp794Pwdo3XSuZbMJlnZF0sero=
=kp46
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 13 Oct 2010 07:32:14 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:45:29 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon