Debian Bug report logs -
#916721
graphicsmagick: CVE-2018-20184
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, team@security.debian.org, Laszlo Boszormenyi (GCS) <gcs@debian.org>
:
Bug#916721
; Package src:graphicsmagick
.
(Mon, 17 Dec 2018 20:39:08 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, team@security.debian.org, Laszlo Boszormenyi (GCS) <gcs@debian.org>
.
(Mon, 17 Dec 2018 20:39:08 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: graphicsmagick
Version: 1.3.31-1
Severity: important
Tags: patch security upstream
Forwarded: https://sourceforge.net/p/graphicsmagick/bugs/583/
Hi,
The following vulnerability was published for graphicsmagick.
CVE-2018-20184[0]:
| In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based
| buffer overflow in the WriteTGAImage function of tga.c, which allows
| attackers to cause a denial of service via a crafted image file,
| because the number of rows or columns can exceed the pixel-dimension
| restrictions of the TGA specification.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-20184
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20184
[1] https://sourceforge.net/p/graphicsmagick/bugs/583/
[2] http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/15d1b5fd003b
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Reply sent
to Laszlo Boszormenyi (GCS) <gcs@debian.org>
:
You have taken responsibility.
(Fri, 21 Dec 2018 02:09:13 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug acknowledged by developer.
(Fri, 21 Dec 2018 02:09:13 GMT) (full text, mbox, link).
Message #10 received at 916721-close@bugs.debian.org (full text, mbox, reply):
Source: graphicsmagick
Source-Version: 1.4~hg15873-1
We believe that the bug you reported is fixed in the latest version of
graphicsmagick, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 916721@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <gcs@debian.org> (supplier of updated graphicsmagick package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 20 Dec 2018 19:04:33 +0000
Source: graphicsmagick
Binary: graphicsmagick libgraphicsmagick-q16-3 libgraphicsmagick1-dev libgraphicsmagick++-q16-12 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat graphicsmagick-dbg
Architecture: source
Version: 1.4~hg15873-1
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Description:
graphicsmagick - collection of image processing tools
graphicsmagick-dbg - format-independent image processing - debugging symbols
graphicsmagick-imagemagick-compat - image processing tools providing ImageMagick interface
graphicsmagick-libmagick-dev-compat - image processing libraries providing ImageMagick interface
libgraphics-magick-perl - format-independent image processing - perl interface
libgraphicsmagick++-q16-12 - format-independent image processing - C++ shared library
libgraphicsmagick++1-dev - format-independent image processing - C++ development files
libgraphicsmagick-q16-3 - format-independent image processing - C shared library
libgraphicsmagick1-dev - format-independent image processing - C development files
Closes: 916719 916721 916752
Changes:
graphicsmagick (1.4~hg15873-1) unstable; urgency=high
.
* Mercurial snapshot, fixing the following security issues:
- WriteImage(): Eliminate use of just-freed memory in clone_info->magick,
- ReadMIFFImage(): Fix memory leak of profiles 'name' when claimed length
is zero,
- WriteXPMImage(): Assure that added colormap entry for transparent XPM
is initialized,
- ReadMNGImage(): Fix non-terminal MNG looping,
- ReadMIFFImage(): Sanitize claimed profile size before allocating memory
for it,
- CVE-2018-20185: ReadBMPImage(): Fix heap overflow in 32-bit build due
to arithmetic overflow (closes: #916719),
- CVE-2018-20184: WriteTGAImage(): Image rows/columns must not be larger
than 65535 (closes: #916721),
- ReadTIFFImage(): More validations and stricter error reporting,
- ReadMIFFImage(): Detect and reject zero-length deflate-encoded row in
MIFF version 0,
- CVE-2018-20189: ReadDIBImage(): DIB images claiming more than 8-bits
per pixel are not colormapped (closes: #916752).
* Add pkg-config to build dependency for FreeType 2.9.1+ detection.
* Update library symbols for this release.
Checksums-Sha1:
570a64fc1c84f10e250fe16658ec184ad5feda11 2855 graphicsmagick_1.4~hg15873-1.dsc
b8b928725b9dc11ae384492fa9a3fff72ea5249e 8601140 graphicsmagick_1.4~hg15873.orig.tar.xz
01104bf756373ea16b215370920e7dc82076ed18 142760 graphicsmagick_1.4~hg15873-1.debian.tar.xz
cd484cf006c65e55aa2a4fc67d4bbdffffc147f8 11902 graphicsmagick_1.4~hg15873-1_amd64.buildinfo
Checksums-Sha256:
9693950df9b7ada072bd3a01e63ef777f632fd2ea29e41ffc721120ad38fa9d3 2855 graphicsmagick_1.4~hg15873-1.dsc
7fd10c6f70273af33d40671195682f1b3a8bb478523388e49eee98b0fceda930 8601140 graphicsmagick_1.4~hg15873.orig.tar.xz
e7ee0d298f63f06906d01b95bf9adc05c0c4e06ca3f9f4108a249088d1aca57e 142760 graphicsmagick_1.4~hg15873-1.debian.tar.xz
b418fd324f3be55c2b8827c39f063c3b5c864f3e6f9f8d752e530ba236937f57 11902 graphicsmagick_1.4~hg15873-1_amd64.buildinfo
Files:
6d743b2f0ce9591b00615b495d1eba94 2855 graphics optional graphicsmagick_1.4~hg15873-1.dsc
436d86adba099cf081c25fda5203d4b0 8601140 graphics optional graphicsmagick_1.4~hg15873.orig.tar.xz
4997053a300319d4e660d0f70e595e27 142760 graphics optional graphicsmagick_1.4~hg15873-1.debian.tar.xz
ed36e05e528f8b06a7637e17e9b13f7b 11902 graphics optional graphicsmagick_1.4~hg15873-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAlwcQq4ACgkQ3OMQ54ZM
yL8ZLg/+O7y8a5z7x0kvywOfrEfcox5siIv/0OY4U5WuVorc/SlKTptcmc/U5t8u
bGGgRvP9U1RhFTXM9KvOxsDU9jo48ZbuS6K9HjxvUDM3zxgNqCtcuQI7A7dVIrml
qKAdaY6cjKDqjVcRw0HjXmuXf9cy8b8RzPWaA3VRRZ3Hd+RDmu6YICVE8cGEvMrq
2dM0dC4Ih4LAt7DfvHt4l0Hvha1B8dxo0KSbP74F6dmtimXFDb2C9Okxl5JVi0sJ
rk/9ZvAHN0pmrBjCegJuYtmI6u6vvZtNmkSPO+hyhidhqKT/8uEMoHJA2Wbg9RwN
KGHjhXH7OWooeKvH7d3BP8DWGmunx4tbevQ43ncRTEhys4GHlq2EajiRITJiMwdb
bc6+oqv50j3tIWms7NmX3g58irnOE8/acsAOlHmsVVRYdJBtfjBlyDrBwUH2mfp/
Y/ClSNQQsaaBCqAJcnocqjfpcvgDXD+xmeWutSjk+zivNRQKIDxyo0jiUDT9s9QT
B3GZS5rx1qsQG+6RrEsT11jnTL4esLRiMLavqJO5htKkNt5x/yKyp7vsmR9qR7xE
lr+as848W7UWsZWajvFXvv17Qh4HGSWulPW+atBFkNzsPZzt/3+kCF5ZkA6ipMxT
U+EwY49ljer/dRYsxp2W5t9xCAo7PW4ezw0PAFWABa5BPPcW8Kc=
=0f0w
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, Laszlo Boszormenyi (GCS) <gcs@debian.org>
:
Bug#916721
; Package src:graphicsmagick
.
(Thu, 27 Dec 2018 07:54:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Hugo Lefeuvre <hle@debian.org>
:
Extra info received and forwarded to list. Copy sent to Laszlo Boszormenyi (GCS) <gcs@debian.org>
.
(Thu, 27 Dec 2018 07:54:03 GMT) (full text, mbox, link).
Message #15 received at 916721@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi,
upstream patch contains unrelated code refactoring (deduplication of the
_TargaInfo structure). I have trimmed it down so it contains only necessary
changes, you can find the modified patch in attachement (it's only a few
lines long).
cheers,
Hugo
--
Hugo Lefeuvre (hle) | www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C
[CVE-2018-20184.patch (text/x-diff, attachment)]
[signature.asc (application/pgp-signature, inline)]
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Fri, 25 Jan 2019 07:28:01 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:05:32 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.