Debian Bug report logs -
#917080
libraw: CVE-2018-20337
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, team@security.debian.org, Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>:
Bug#917080; Package src:libraw.
(Sat, 22 Dec 2018 09:51:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, team@security.debian.org, Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>.
(Sat, 22 Dec 2018 09:51:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: libraw
Version: 0.19.1-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/LibRaw/LibRaw/issues/192
Hi,
The following vulnerability was published for libraw.
The issue is still present in 0.19.1-1 (note there was first some
confusion on the affected version as reported by the reporter). But
current sid (0.19.1-1):
==11669== Memcheck, a memory error detector
==11669== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==11669== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright info
==11669== Command: /usr/lib/libraw/raw-identify LibRaw_crashes_1
==11669==
*** buffer overflow detected ***: /usr/lib/libraw/raw-identify terminated
==11669==
==11669== Process terminating with default action of signal 6 (SIGABRT)
==11669== at 0x4B0F85B: raise (raise.c:51)
==11669== by 0x4AFA534: abort (abort.c:79)
==11669== by 0x4B51717: __libc_message (libc_fatal.c:181)
==11669== by 0x4BE2BBC: __fortify_fail_abort (fortify_fail.c:33)
==11669== by 0x4BE2BF0: __fortify_fail (fortify_fail.c:44)
==11669== by 0x4BE0CEF: __chk_fail (chk_fail.c:28)
==11669== by 0x4BE02A8: __strncpy_chk (strncpy_chk.c:26)
==11669== by 0x489F786: strncpy (string_fortified.h:106)
==11669== by 0x489F786: LibRaw::parse_makernote(int, int) (dcraw_common.cpp:10349)
==11669== by 0x48A5FD9: LibRaw::parse_exif(int) (dcraw_common.cpp:11857)
==11669== by 0x48980F6: LibRaw::parse_tiff_ifd(int) (dcraw_common.cpp:13262)
==11669== by 0x48A60D5: parse_tiff (dcraw_common.cpp:14080)
==11669== by 0x48A60D5: LibRaw::parse_tiff(int) (dcraw_common.cpp:14069)
==11669== by 0x48AA86F: LibRaw::identify() (dcraw_common.cpp:17781)
==11669==
==11669== HEAP SUMMARY:
==11669== in use at exit: 296,417 bytes in 8 blocks
==11669== total heap usage: 10 allocs, 2 frees, 401,937 bytes allocated
==11669==
==11669== LEAK SUMMARY:
==11669== definitely lost: 0 bytes in 0 blocks
==11669== indirectly lost: 0 bytes in 0 blocks
==11669== possibly lost: 0 bytes in 0 blocks
==11669== still reachable: 296,417 bytes in 8 blocks
==11669== suppressed: 0 bytes in 0 blocks
==11669== Rerun with --leak-check=full to see details of leaked memory
==11669==
==11669== For counts of detected and suppressed errors, rerun with: -v
==11669== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
Aborted
CVE-2018-20337[0]:
| There is a stack-based buffer overflow in the parse_makernote function
| of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a
| denial of service or possibly unspecified other impact.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-20337
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20337
[1] https://github.com/LibRaw/LibRaw/issues/192
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Added tag(s) fixed-upstream.
Request was from debian-bts-link@lists.debian.org
to control@bugs.debian.org.
(Thu, 27 Dec 2018 17:45:14 GMT) (full text, mbox, link).
Reply sent
to "Matteo F. Vescovi" <mfv@debian.org>:
You have taken responsibility.
(Thu, 27 Dec 2018 20:51:14 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Thu, 27 Dec 2018 20:51:14 GMT) (full text, mbox, link).
Message #12 received at 917080-done@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Version: 0.19.2-1
Hi!
On 2018-12-22 at 10:47 (+01), Salvatore Bonaccorso wrote:
> Source: libraw
> Version: 0.19.1-1
> Severity: important
> Tags: security upstream
> Forwarded: https://github.com/LibRaw/LibRaw/issues/192
[...]
The above new version fixes this vulnerability.
Thus, closing.
--
Matteo F. Vescovi || Debian Developer
GnuPG KeyID: 4096R/0x8062398983B2CF7A
[signature.asc (application/pgp-signature, inline)]
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 25 Jan 2019 07:31:54 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:57:06 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon