Your message dated Mon, 09 Apr 2012 03:02:30 +0000 with message-id <e1sh4sa-0006ht...@franck.debian.org> and subject line Bug#668082: fixed in libpng 1.2.49-1 has caused the Debian Bug report #668082, regarding libpng12-0: libpng-1.2.44 crashes with electric fence memory debugger to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 668082: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668082 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: libpng12-0 Version: 1.2.44-1+squeeze4 Severity: grave Tags: security Justification: user security hole Debian libpng crashes when loading corruted image, I placed the image here: http://artax.karlin.mff.cuni.cz/~mikulas/debian-libtiff-bug/debian- libpng-1.2.44-crash.png How to reproduce: install links2 and electric-fence package run: LD_PRELOAD=/usr/lib/libefence.so EF_ALIGNMENT=0 links2 -g http://artax.karlin.mff.cuni.cz/~mikulas/debian-libtiff-bug/debian- libpng-1.2.44-crash.png You get a crash in inflate. I tried it on upstream libpng, upstream versions up to 1.2.47 crash. 1.2.48 and 1.2.49 dont' crash. A backtrace of the upstream crash: Program terminated with signal 11, Segmentation fault. #0 0x00007fd202b4338f in inflate (strm=0x7fd1fe3c7c40, flush=1) at inflate.c:649 649 NEEDBITS(16); (gdb) bt #0 0x00007fd202b4338f in inflate (strm=0x7fd1fe3c7c40, flush=1) at inflate.c:649 #1 0x00007fd2029304de in png_push_read_zTXt (png_ptr=0x7fd1fe3c7b10, info_ptr=0x7fd1fe3cfe30) at pngpread.c:1405 #2 0x00007fd20292d7d0 in png_process_some_data (png_ptr=0x7fd1fe3c7b10, info_ptr=0x7fd1fe3cfe30) at pngpread.c:85 #3 0x00007fd20292d70a in png_process_data (png_ptr=0x7fd1fe3c7b10, info_ptr=0x7fd1fe3cfe30, buffer=0x7fd1fe976d03 "\211PNG\r\n\032\n", buffer_size=757) at pngpread.c:41 (gdb) frame 1 #1 0x00007fd2029304de in png_push_read_zTXt (png_ptr=0x7fd1fe3c7b10, info_ptr=0x7fd1fe3cfe30) at pngpread.c:1405 1405 ret = inflate(&png_ptr->zstream, Z_PARTIAL_FLUSH); (gdb) print png_ptr->zstream $1 = {next_in = 0x7fd1fe3d4000 "", avail_in = 4294967295, total_in = 0, next_out = 0x7fd1fe3c9000 "Copyright Willem van Schaik, Singapore 1995", avail_out = 8192, total_out = 0, msg = 0x0, state = 0x7fd1fe3cc410, zalloc = 0x7fd20290884d <png_zalloc>, zfree = 0x7fd20290891a <png_zfree>, opaque = 0x7fd1fe3c7b10, data_type = 64, adler = 1, reserved = 0} The crash is caused by libpng filling too big value to "avail_in" field. This bug is already fixed in libpng-1.2.48 (the buggy function png_push_read_zTXt is removed), but Debian didn't backport the fix. -- System Information: Debian Release: 6.0.4 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.3.0 (SMP w/8 CPU cores; PREEMPT) Locale: LANG=cs_CZ, LC_CTYPE=cs_CZ (charmap=ISO-8859-2) Shell: /bin/sh linked to /bin/dash Versions of packages libpng12-0 depends on: ii libc6 2.11.3-2 Embedded GNU C Library: Shared lib ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime libpng12-0 recommends no packages. libpng12-0 suggests no packages. -- no debconf information<<attachment: file.png>>
--- End Message ---
--- Begin Message ---Source: libpng Source-Version: 1.2.49-1 We believe that the bug you reported is fixed in the latest version of libpng, which is due to be installed in the Debian FTP archive: libpng12-0-udeb_1.2.49-1_mipsel.udeb to main/libp/libpng/libpng12-0-udeb_1.2.49-1_mipsel.udeb libpng12-0_1.2.49-1_mipsel.deb to main/libp/libpng/libpng12-0_1.2.49-1_mipsel.deb libpng12-dev_1.2.49-1_mipsel.deb to main/libp/libpng/libpng12-dev_1.2.49-1_mipsel.deb libpng3_1.2.49-1_mipsel.deb to main/libp/libpng/libpng3_1.2.49-1_mipsel.deb libpng_1.2.49-1.debian.tar.bz2 to main/libp/libpng/libpng_1.2.49-1.debian.tar.bz2 libpng_1.2.49-1.dsc to main/libp/libpng/libpng_1.2.49-1.dsc libpng_1.2.49.orig.tar.bz2 to main/libp/libpng/libpng_1.2.49.orig.tar.bz2 A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 668...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Anibal Monsalve Salazar <ani...@debian.org> (supplier of updated libpng package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 09 Apr 2012 12:08:13 +1000 Source: libpng Binary: libpng12-0 libpng12-dev libpng3 libpng12-0-udeb Architecture: source mipsel Version: 1.2.49-1 Distribution: unstable Urgency: high Maintainer: Anibal Monsalve Salazar <ani...@debian.org> Changed-By: Anibal Monsalve Salazar <ani...@debian.org> Description: libpng12-0 - PNG library - runtime libpng12-0-udeb - PNG library - minimal runtime library (udeb) libpng12-dev - PNG library - development libpng3 - PNG library - runtime Closes: 667475 668082 Changes: libpng (1.2.49-1) unstable; urgency=high . * New upstream version 1.2.49 - Fix CVE-2011-3048 (memory corruption flaw) Closes: 667475 - Don't crash with electric fence memory debugger Closes: 668082 * Merged upstream: 02-665208-CVE-2012-3045.patch Checksums-Sha1: 97bc62e067dd4f028dca4cafc37ca889eed077b5 1976 libpng_1.2.49-1.dsc 93cdd7e4fe01b490cf045e3f354ab38f0200c540 669011 libpng_1.2.49.orig.tar.bz2 b66e6fbaa296a21a2c19922393111c0f1b503a0e 15926 libpng_1.2.49-1.debian.tar.bz2 954068cd8d070e297f4bf0ffdcc636b6db112b9d 184718 libpng12-0_1.2.49-1_mipsel.deb 6af14f453cccb01fd66bd2343c409c1ce5ca3b02 274834 libpng12-dev_1.2.49-1_mipsel.deb ce0ee517ecd9be13b4543b8d950bec4797ef3e50 950 libpng3_1.2.49-1_mipsel.deb fc7edba93fef4acbcf7c9b48000f3dae11a245e1 70266 libpng12-0-udeb_1.2.49-1_mipsel.udeb Checksums-Sha256: de69dd0f9a8b4758d991cafb43afbec6c92f1e9c175e48ad399cd28273c2d309 1976 libpng_1.2.49-1.dsc fbf8faa70ebca2ed2ee6df6f2249f4722517b581af5b6c3c71bbdaf925d5954e 669011 libpng_1.2.49.orig.tar.bz2 02c9d8ae3e62eb7fc7848827957b23f0b3120f59c9254b255417d371a2f17929 15926 libpng_1.2.49-1.debian.tar.bz2 16977d7395735909a35168a45581e7ab3a911e24ff6f08fa2e2804d0232599a2 184718 libpng12-0_1.2.49-1_mipsel.deb fe34f6ee1dcba4428005363115830b69ea4ed3de2d4a4299025faca525c78425 274834 libpng12-dev_1.2.49-1_mipsel.deb 2c6f73ee7ec6a3b981a7da6ddee169f031a85735ede482b9db68b643a89a1450 950 libpng3_1.2.49-1_mipsel.deb a1ee89fc2f4c2c7c97d24f929599c4d5bb74f33b9161815484cc1d550acf830e 70266 libpng12-0-udeb_1.2.49-1_mipsel.udeb Files: e76f6a73dc3957d394277c502c23728b 1976 libs optional libpng_1.2.49-1.dsc d5106b70b4f8b464a7da66bffe4565fb 669011 libs optional libpng_1.2.49.orig.tar.bz2 255fa917ea45c837c1635de4eee936d5 15926 libs optional libpng_1.2.49-1.debian.tar.bz2 5df8b116c4dbabb51226cf0c0c1e1fbd 184718 libs optional libpng12-0_1.2.49-1_mipsel.deb 074dc66c38daca0d1148127bd2e2b9bd 274834 libdevel optional libpng12-dev_1.2.49-1_mipsel.deb 5c1434b8e011f72ade7412b72ebf5d29 950 oldlibs optional libpng3_1.2.49-1_mipsel.deb f789f9da1a18de2dc464bf54657f0409 70266 debian-installer extra libpng12-0-udeb_1.2.49-1_mipsel.udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBCAAGBQJPgk6CAAoJEHxWrP6UeJfYB04P/0fgXdXUf/RyzPSw1vAadaSM j3bPqqfwNIDA88fEGAPtF5MfMDBjFZwzmXj3Lpjr5NBCVDPVA44Yb7e3pjVW9IkG XCUgl2J0us0q/8XcITMe2y7wY9WgKweZfj/rpPGB/ED2M3hYZ/VJXp0Ib/Fv4ztY 2hmqEjtP5aqhOfCDwEA7GZKM+aE1ZdakRZZ6vZMw7+rHlywfWLDRUdxcZVk4Fhlj eeHIQTRDZNA77+tvGBP6FScbwGi82rEI/Ns5r6Xj7G9cMPcqkDylTay+p/aHv35a fI9//B0UChmrVxnL6MP6Huf8f0dVExQQrpEfWT1+7MLPRMsHuC7IxNUV0s6P3nV/ Hs9fJyI8bCfBhU09WmZV+pXf5b6S5dqEIL+kosPxjUyRqI1fMK4aTyhPe8McaGwj YVI3ZetqoaOcBOMjw3YroTpTyxAYwpprSWbyaOtZHUyLlNEIZ9MVX4N1RL7wVet+ 9VUkQPFBU7iMy51hFcsu/t9FMpNaYnBqmwd1jMWfjgnDWS32SMLfxKboxAZvjM9V rDNvh9CFDSRJSP4VCEjipkvXd/JnTcgbskO45pox5JXhHG9Ye3BAm728IkaAgfUL uJfamXJWGhDBIo1ORyx1e7ZX2eqZZjNW9ILUtkPYf7+Gq86nvwloEwlzeph5yykd eqbfD373LBcmBm6wAeAK =JLWT -----END PGP SIGNATURE-----
--- End Message ---
