Bug#976019: buster-pu: package vips/8.7.4-1+deb10u1

Sat, 28 Nov 2020 03:45:16 -0800 

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian....@packages.debian.org
Usertags: pu

Hi SRMs,

There's a minor information leak, CVE-2020-20739 in VIPS which doesn't
warrant a DSA. I would like to fix it with a PU, proposed patch is
attached.

Thanks for consideration,
Laszlo/GCS

diff -Nru vips-8.7.4/debian/changelog vips-8.7.4/debian/changelog
--- vips-8.7.4/debian/changelog	2019-01-18 18:07:38.000000000 +0100
+++ vips-8.7.4/debian/changelog	2020-11-21 17:50:57.000000000 +0100
@@ -1,3 +1,9 @@
+vips (8.7.4-1+deb10u1) buster; urgency=medium
+
+  * Fix CVE-2020-20739: variable used-before-set error in im_vips2dz() .
+
+ -- Laszlo Boszormenyi (GCS) <g...@debian.org>  Sat, 21 Nov 2020 17:50:57 +0100
+
 vips (8.7.4-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru vips-8.7.4/debian/patches/fix-used-before-set_error-in-im_vips2dz.patch vips-8.7.4/debian/patches/fix-used-before-set_error-in-im_vips2dz.patch
--- vips-8.7.4/debian/patches/fix-used-before-set_error-in-im_vips2dz.patch	1970-01-01 01:00:00.000000000 +0100
+++ vips-8.7.4/debian/patches/fix-used-before-set_error-in-im_vips2dz.patch	2020-11-21 17:50:57.000000000 +0100
@@ -0,0 +1,26 @@
+From 2ab5aa7bf515135c2b02d42e9a72e4c98e17031a Mon Sep 17 00:00:00 2001
+From: John Cupitt <jcup...@gmail.com>
+Date: Tue, 3 Sep 2019 13:17:18 +0100
+Subject: [PATCH] fix a used-before-set error in im_vips2dz
+
+we were reading an uninited string in a vips7 compatibility wrapper, thanks
+yifengchen-cc
+
+see https://github.com/libvips/libvips/issues/1419
+---
+ libvips/deprecated/im_vips2dz.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libvips/deprecated/im_vips2dz.c b/libvips/deprecated/im_vips2dz.c
+index 6dbde78c3..aafe8f99d 100644
+--- a/libvips/deprecated/im_vips2dz.c
++++ b/libvips/deprecated/im_vips2dz.c
+@@ -75,6 +75,8 @@ im_vips2dz( IMAGE *in, const char *filename )
+ 		*p = '\0';
+ 		im_strncpy( mode, p + 1, FILENAME_MAX ); 
+ 	}
++	else 
++		strcpy( mode, "" ); 
+ 
+ 	strcpy( buf, mode ); 
+ 	p = &buf[0];
diff -Nru vips-8.7.4/debian/patches/series vips-8.7.4/debian/patches/series
--- vips-8.7.4/debian/patches/series	2018-07-24 21:17:08.000000000 +0200
+++ vips-8.7.4/debian/patches/series	2020-11-21 17:50:57.000000000 +0100
@@ -1 +1,2 @@
 reproducible-build.patch
+fix-used-before-set_error-in-im_vips2dz.patch

Reply via email to