Bug#512122: marked as done ([devil] fix for #511844 results in an off-by-one)

[Debian Bug Tracking System]

Your message dated Sat, 17 Jan 2009 15:17:04 +0000
with message-id <e1locv2-0005y6...@ries.debian.org>
and subject line Bug#512122: fixed in devil 1.7.5-4
has caused the Debian Bug report #512122,
regarding [devil] fix for #511844 results in an off-by-one
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
512122: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512122
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: devil
Version: 1.7.5-3
Severity: grave
Tags: security
X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org

Hi,
you fix #511844 by:
        while (a != '\n') {
+               if (count >= 80) {  // Line shouldn't be this long at all.
+                       ilSetError(IL_INVALID_FILE_HEADER);
+                       return IL_FALSE;
+               }
                buff[count] = a;

sizeof(buff) is 80. After each loop count is incremented and
a 0 byte is written to buff[count] after the while loop.
In case the header is 79 bytes long this results in an off-by-one and
a 0 byte written to buff[80]. Please fix this by check for count being
>= sizeof(buff) -1.

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

pgp1Rmp4VFpOG.pgp
Description: PGP signature

--- End Message ---

--- Begin Message ---

Source: devil
Source-Version: 1.7.5-4

We believe that the bug you reported is fixed in the latest version of
devil, which is due to be installed in the Debian FTP archive:

devil_1.7.5-4.diff.gz
  to pool/main/d/devil/devil_1.7.5-4.diff.gz
devil_1.7.5-4.dsc
  to pool/main/d/devil/devil_1.7.5-4.dsc
libdevil-dev_1.7.5-4_i386.deb
  to pool/main/d/devil/libdevil-dev_1.7.5-4_i386.deb
libdevil1c2_1.7.5-4_i386.deb
  to pool/main/d/devil/libdevil1c2_1.7.5-4_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 512...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bradley Smith <bradsm...@debian.org> (supplier of updated devil package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 17 Jan 2009 15:01:18 +0000
Source: devil
Binary: libdevil1c2 libdevil-dev
Architecture: source i386
Version: 1.7.5-4
Distribution: unstable
Urgency: low
Maintainer: Bradley Smith <bradsm...@debian.org>
Changed-By: Bradley Smith <bradsm...@debian.org>
Description: 
 libdevil-dev - Cross-platform image loading and manipulation toolkit
 libdevil1c2 - Cross-platform image loading and manipulation toolkit
Closes: 512122
Changes: 
 devil (1.7.5-4) unstable; urgency=low
 .
   * Actually fix CVE-2008-5262. Closes: #512122.
Checksums-Sha1: 
 5b9f3abc8e0736ba753565eaa3812b56ff6147d7 1269 devil_1.7.5-4.dsc
 48b25284c1122f0622ea90f890e467880ec603b7 13172 devil_1.7.5-4.diff.gz
 47fdcadd67232bc55849210ee704e980ba403ce1 225514 libdevil1c2_1.7.5-4_i386.deb
 bbf4a8e325ce65138e3039dbb0a2fcfc090e6412 267740 libdevil-dev_1.7.5-4_i386.deb
Checksums-Sha256: 
 1c8afe948b328dc33ff6c322d5d8957f1ceb87458b1766e1dddc449fe5da6fec 1269 
devil_1.7.5-4.dsc
 1933a64dce740d6e8bd115eecdbd8588d8f1000ae98e85ce10106a4c78a75341 13172 
devil_1.7.5-4.diff.gz
 2b90c3754b74dc7f9aeabae69618d22e55ef27b6d439526ac783bcaecd7a7240 225514 
libdevil1c2_1.7.5-4_i386.deb
 aa7be0f28c506577e06c729b7f1f8220f87ac0c52a9d5b8317a6c7ab48af5c6b 267740 
libdevil-dev_1.7.5-4_i386.deb
Files: 
 0ace64df4b2976970465a2cc3ae2c5cc 1269 devel optional devil_1.7.5-4.dsc
 42aa8544cff3995d33d4db6706fbe47c 13172 devel optional devil_1.7.5-4.diff.gz
 4c77fa4aa7b581eb10c1d7c8cc33889c 225514 libs optional 
libdevil1c2_1.7.5-4_i386.deb
 fdd059933fbc9f4d93a834d10ffc5271 267740 libdevel optional 
libdevil-dev_1.7.5-4_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAklx9EMACgkQj3BimscY00fLkACfVW7BcP0C7Ha5LHRd4u+HPhVW
wp8AnRUXT/n3WCorxUdaYCUFA0VlvjR2
=DBJM
-----END PGP SIGNATURE-----

--- End Message ---