Debian Bug report logs -
#840806
libgd2: CVE-2016-6911: invalid read in gdImageCreateFromTiffPtr()
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat, 15 Oct 2016 05:09:05 UTC
Severity: grave
Tags: patch, security, upstream
Found in version libgd2/2.1.0-5
Fixed in versions libgd2/2.1.0-5+deb8u7, libgd2/2.2.3-87-gd0fec80-2
Done: Ondřej Surý <ondrej@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, GD team <pkg-gd-devel@lists.alioth.debian.org>:
Bug#840806; Package src:libgd2.
(Sat, 15 Oct 2016 05:09:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, GD team <pkg-gd-devel@lists.alioth.debian.org>.
(Sat, 15 Oct 2016 05:09:07 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: libgd2
Version: 2.1.0-5
Severity: grave
Tags: security upstream patch
Control: fixed -1 2.1.0-5+deb8u7
For tracking the isssue.
DSA-3693-1 included the patch
0020-Fix-invalid-read-in-gdImageCreateFromTiffPtr.patch to fix:
> Subject: Fix invalid read in gdImageCreateFromTiffPtr()
with patch included in the 2.1.0-5+deb8u7 upload.
Regards,
Salvatore
Marked as fixed in versions libgd2/2.1.0-5+deb8u7.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to submit@bugs.debian.org.
(Sat, 15 Oct 2016 05:09:07 GMT) (full text, mbox, link).
Changed Bug title to 'libgd2: CVE-2016-6911: invalid read in gdImageCreateFromTiffPtr()' from 'libgd2: invalid read in gdImageCreateFromTiffPtr()'.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Sat, 15 Oct 2016 11:39:16 GMT) (full text, mbox, link).
Reply sent
to Ondřej Surý <ondrej@debian.org>:
You have taken responsibility.
(Mon, 31 Oct 2016 10:21:15 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Mon, 31 Oct 2016 10:21:15 GMT) (full text, mbox, link).
Message #14 received at 840806-close@bugs.debian.org (full text, mbox, reply):
Source: libgd2
Source-Version: 2.2.3-87-gd0fec80-1
We believe that the bug you reported is fixed in the latest version of
libgd2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 840806@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ondřej Surý <ondrej@debian.org> (supplier of updated libgd2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 31 Oct 2016 09:56:49 +0100
Source: libgd2
Binary: libgd-tools libgd-dev libgd3
Architecture: source
Version: 2.2.3-87-gd0fec80-1
Distribution: unstable
Urgency: medium
Maintainer: GD team <pkg-gd-devel@lists.alioth.debian.org>
Changed-By: Ondřej Surý <ondrej@debian.org>
Description:
libgd-dev - GD Graphics Library (development version)
libgd-tools - GD command line tools and example code
libgd3 - GD Graphics Library
Closes: 839659 840805 840806
Changes:
libgd2 (2.2.3-87-gd0fec80-1) unstable; urgency=medium
.
* Imported Upstream version 2.2.3-87-gd0fec80
+ [CVE-2016-8670]: Stack Buffer Overflow in GD dynamicGetbuf
+ [CVE-2016-6911]: invalid read in gdImageCreateFromTiffPtr()
+ [CVE-2016-7568]: Integer overflow in gdImageWebpCtx
(Closes: #840805, #840806, #839659)
* Refresh patches on top of git snapshot 2.2.3-87-gd0fec80
* Replace -dbg with -dbgsym packages
* Disable php_bug_72339 that has overflow constant
* Fix error: ISO C99 requires at least one argument for the "..." in a variadic macro
Checksums-Sha1:
52684e3622c645ed1a33ff42a6674b98cb841981 2363 libgd2_2.2.3-87-gd0fec80-1.dsc
7c748f98bf29fddd587dacb4fdca6866fd7cc6ba 2239856 libgd2_2.2.3-87-gd0fec80.orig.tar.xz
58744bc626bc9caea9d5a6c071f70f1158e08314 24476 libgd2_2.2.3-87-gd0fec80-1.debian.tar.xz
Checksums-Sha256:
4feae7067a735787a258d64f26e08feca1feba4072217b7b2a8916ceda88387c 2363 libgd2_2.2.3-87-gd0fec80-1.dsc
c4fbf0b4017aff89dc53ab08600baea78b2a9dab59af77da424a6979e5907d7e 2239856 libgd2_2.2.3-87-gd0fec80.orig.tar.xz
fa0d5d80dcc7208b18e14d798fbf9d3fead24da1199dfacfa704460ed3943af2 24476 libgd2_2.2.3-87-gd0fec80-1.debian.tar.xz
Files:
8c29c925806f53f87660a5a48e23efb5 2363 graphics optional libgd2_2.2.3-87-gd0fec80-1.dsc
bb033924093aaf539ecb9c6034763f02 2239856 graphics optional libgd2_2.2.3-87-gd0fec80.orig.tar.xz
cd865f5380d4990e62207e481fa4d881 24476 graphics optional libgd2_2.2.3-87-gd0fec80-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQJ8BAEBCgBmBQJYFxSOXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzMEI5MzNEODBGQ0UzRDk4MUEyRDM4RkIw
Qzk5QjcwRUY0RkNCQjA3AAoJEAyZtw70/LsHAJMP/iXsHbutxJdJ+1bFPrjnTAHX
/zD87H+bzv2j8hPkKkns4PhSQgdJXjDOnk4lccTr5rKDbK7LcxGjfyJIUQUwIhWP
s/86g0R4QnntBAQ0cSZ8KCWnXOovhsndqW6RW1YER624aF2kXJ1cBlObOH4ExbNL
F3sLYfRssK3iDrl84WdNJktxOoOXXBGHRTrj6bi4m8ogcC4PmZkp+bHV5kJpwHqJ
MfCJk1NCwflCUPYsU2TwTfpUt9PEgPUSqp8x22PAVR65Nj16xFa6rI6qR605huvt
MIWr/zokCUlNxdf9wSC2otsHOAMW+vHXM9g86d0PuzT58WV1gSI5Psv1DWAhzgZj
RCzqJxo/N9r20MBNMD8R7fC+peClP388JvsFs3mZ2Xn8ZWRJlnpLQ2iuONmHSvUD
sK8FMCzPclFZBhtbq+6XM9iWOmz22jBJ4HpduNGiqiwM3KMQAmJlWkjQr+x4U2CV
u4AgGQG7RQKVC8Wx5p4+fS71s9neBvWm1cCdb3WDFVjQQu70r9rXdT7+VnqMmvKY
oYOqzHLoz4w4mppP9d7+8Gh5uM5irsE7cTScXNJwJFbWpW1o90CUUal8/Rl1HDXZ
t7aW/O7jf/Oy7pqXlBsU8EZ+lGGX6StsqqEsCEoZX8iWXODqvOBs2T22C1s5Q2oE
nrEE32ko5B/epC88JtFq
=J7pa
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, GD team <pkg-gd-devel@lists.alioth.debian.org>:
Bug#840806; Package src:libgd2.
(Mon, 31 Oct 2016 13:18:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to GD team <pkg-gd-devel@lists.alioth.debian.org>.
(Mon, 31 Oct 2016 13:18:06 GMT) (full text, mbox, link).
Message #19 received at 840806@bugs.debian.org (full text, mbox, reply):
Control: reopen -1
Hi Ondřej,
While updating the security-tracker information I noticed:
On Mon, Oct 31, 2016 at 10:21:15AM +0000, Debian Bug Tracking System wrote:
[...]
> + [CVE-2016-6911]: invalid read in gdImageCreateFromTiffPtr()
[...]
For the recently uploaded Version 2.2.3-87-gd0fec80-1. But comparing
this with the patch applied in jessie-security, named
0020-Fix-invalid-read-in-gdImageCreateFromTiffPtr.patch
Is this patch missing for the unstable upload?
I'm reopening the bug just to be on the safe side, but happy to be
corrected if I'm wrong!
Regards,
Salvatore
Bug reopened
Request was from Salvatore Bonaccorso <carnil@debian.org>
to 840806-submit@bugs.debian.org.
(Mon, 31 Oct 2016 13:18:06 GMT) (full text, mbox, link).
No longer marked as fixed in versions libgd2/2.1.0-5+deb8u7 and libgd2/2.2.3-87-gd0fec80-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to 840806-submit@bugs.debian.org.
(Mon, 31 Oct 2016 13:18:07 GMT) (full text, mbox, link).
Marked as fixed in versions libgd2/2.1.0-5+deb8u7.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Mon, 31 Oct 2016 13:21:04 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, GD team <pkg-gd-devel@lists.alioth.debian.org>:
Bug#840806; Package src:libgd2.
(Sun, 06 Nov 2016 22:51:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Ondřej Surý <ondrej@debian.org>:
Extra info received and forwarded to list. Copy sent to GD team <pkg-gd-devel@lists.alioth.debian.org>.
(Sun, 06 Nov 2016 22:51:03 GMT) (full text, mbox, link).
Message #30 received at 840806@bugs.debian.org (full text, mbox, reply):
Hi Salvatore,
you are right. I thought this patch has been already merged into
upstream git,
but it looks like it hasn't. I will upload fixed version to unstable
shortly.
Cheers,
--
Ondřej Surý <ondrej@sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware,
fast DNS(SEC) resolver
On Mon, Oct 31, 2016, at 14:16, Salvatore Bonaccorso wrote:
> Control: reopen -1
>
> Hi Ondřej,
>
> While updating the security-tracker information I noticed:
>
> On Mon, Oct 31, 2016 at 10:21:15AM +0000, Debian Bug Tracking System
> wrote:
> [...]
> > + [CVE-2016-6911]: invalid read in gdImageCreateFromTiffPtr()
> [...]
>
> For the recently uploaded Version 2.2.3-87-gd0fec80-1. But comparing
> this with the patch applied in jessie-security, named
> 0020-Fix-invalid-read-in-gdImageCreateFromTiffPtr.patch
>
> Is this patch missing for the unstable upload?
>
> I'm reopening the bug just to be on the safe side, but happy to be
> corrected if I'm wrong!
>
> Regards,
> Salvatore
>
> --
> pkg-GD-devel mailing list
> pkg-GD-devel@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-gd-devel
Reply sent
to Ondřej Surý <ondrej@debian.org>:
You have taken responsibility.
(Sun, 06 Nov 2016 23:06:08 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Sun, 06 Nov 2016 23:06:08 GMT) (full text, mbox, link).
Message #35 received at 840806-close@bugs.debian.org (full text, mbox, reply):
Source: libgd2
Source-Version: 2.2.3-87-gd0fec80-2
We believe that the bug you reported is fixed in the latest version of
libgd2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 840806@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ondřej Surý <ondrej@debian.org> (supplier of updated libgd2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 06 Nov 2016 23:38:28 +0100
Source: libgd2
Binary: libgd-tools libgd-dev libgd3
Architecture: source
Version: 2.2.3-87-gd0fec80-2
Distribution: unstable
Urgency: medium
Maintainer: GD team <pkg-gd-devel@lists.alioth.debian.org>
Changed-By: Ondřej Surý <ondrej@debian.org>
Description:
libgd-dev - GD Graphics Library (development version)
libgd-tools - GD command line tools and example code
libgd3 - GD Graphics Library
Closes: 840806
Changes:
libgd2 (2.2.3-87-gd0fec80-2) unstable; urgency=medium
.
* [CVE-2016-6911]: Fix invalid read in gdImageCreateFromTiffPtr()
(Closes: #840806)
Checksums-Sha1:
9123a601d3138d9432c2ff3ce068dc498751d53a 2363 libgd2_2.2.3-87-gd0fec80-2.dsc
c6249f343cd0471ca5e1a8bfd62cac7572e1ebbb 26940 libgd2_2.2.3-87-gd0fec80-2.debian.tar.xz
Checksums-Sha256:
fb07d6d50e132696c4133949c317c24b430f52748d1b39b4904e900cb83c6d98 2363 libgd2_2.2.3-87-gd0fec80-2.dsc
e3d5fdcd9b05ba919650e2ef79bebb0f3e310cc0d080d79461a2a3c405869c90 26940 libgd2_2.2.3-87-gd0fec80-2.debian.tar.xz
Files:
e5a5e3b76a1d0d44cf255f00a59eb399 2363 graphics optional libgd2_2.2.3-87-gd0fec80-2.dsc
76880184a6a1f838a7388d0d0a441390 26940 graphics optional libgd2_2.2.3-87-gd0fec80-2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQJ8BAEBCgBmBQJYH7KiXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzMEI5MzNEODBGQ0UzRDk4MUEyRDM4RkIw
Qzk5QjcwRUY0RkNCQjA3AAoJEAyZtw70/LsHp+0P/RFnlksPwhEXQMUazTbjA4h4
bs81mmY2PLf2Wuf27lw+5anAxef6sqUADeOwKRbgB2rsY/0FbeSKBmXQN6bwrFl2
AyXgNhaQelLv/R8lW+9I75A3mUofWaBnVQkzJ70AnOHVlcx72uBYpqAjjFCCNOeZ
ppzSIeNtU3WVAsplrHyzawaPheSLmOGqkPczNny/pvQlLnS6vFXM/o1tAMRIwyyV
7QbEIVZkl5mKoH8XDsctCmGJ75I+fAzwOV7wYFPBtPlh4fANkHZe9naox4SkXXBO
FUoChJyLoFB0KsZyyD8m+qgxMifRPJjInLo47Jx2XEub9i5gza+4RM4UDKsz8s49
urwNRvzsJavMN/bOQ5tItftQeUmFAFo1mG5SaUqeBb64S+JCz8egdcDZi2WI+lex
BQum5mq9stn84Mtyu+TotPWqXaNqzKDmRlmdpP7q1VIeezcY2zxq76wFmFJxEIWn
NkuT9B1g2XaEBFLNxCvteE9TXr97S5zdMVTRLVAv2qMqN1GVABac9oUxct84rOON
6lWfTsYgsHvpzTZG4TbouUm+y01CqPnLlxXbvo8gTltRnCA5Ti3lE+hR0I9Rgbs6
nCrw20wdcUZmS0iYKfIbHZMiCv4TFgyTFhQ8x2kt2JZz+uFGJ39zuJcDeuwIkAoe
ucgwPf3EKZDQW1Yj31Kd
=YBLG
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 05 Dec 2016 07:41:22 GMT) (full text, mbox, link).
Bug unarchived.
Request was from Don Armstrong <don@debian.org>
to control@bugs.debian.org.
(Wed, 07 Dec 2016 02:00:49 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 27 Jan 2017 07:44:13 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:41:00 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon