Control: tags 890086 + patch Control: tags 890086 + pending Dear maintainer,
I've prepared an NMU for ufraw (versioned as 0.22-3.1) and uploaded it to DELAYED/5. Please feel free to tell me if I should delay it longer. Regards, Salvatore
diff -Nru ufraw-0.22/debian/changelog ufraw-0.22/debian/changelog --- ufraw-0.22/debian/changelog 2018-03-21 19:13:29.000000000 +0100 +++ ufraw-0.22/debian/changelog 2018-12-02 10:55:01.000000000 +0100 @@ -1,3 +1,10 @@ +ufraw (0.22-3.1) unstable; urgency=medium + + * Non-maintainer upload. + * stack-based buffer overflow bug (CVE-2018-19655) (Closes: #890086) + + -- Salvatore Bonaccorso <car...@debian.org> Sun, 02 Dec 2018 10:55:01 +0100 + ufraw (0.22-3) unstable; urgency=medium * Remove gconf dependency again. (Closes: #892707) diff -Nru ufraw-0.22/debian/patches/05_CVE-2018-19655.patch ufraw-0.22/debian/patches/05_CVE-2018-19655.patch --- ufraw-0.22/debian/patches/05_CVE-2018-19655.patch 1970-01-01 01:00:00.000000000 +0100 +++ ufraw-0.22/debian/patches/05_CVE-2018-19655.patch 2018-12-02 10:55:01.000000000 +0100 @@ -0,0 +1,44 @@ +Description: stack-based buffer overflow bug +Bug-Debian: https://bugs.debian.org/890086 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-19655 +Author: Filip Hroch <hr...@physics.muni.cz> +Reviewed-by: Salvatore Bonaccorso <car...@debian.org> +Last-Update: 2018-12-02 + +--- a/dcraw.cc ++++ b/dcraw.cc +@@ -8505,9 +8505,15 @@ float CLASS find_green (int bps, int bit + { + UINT64 bitbuf=0; + int vbits, col, i, c; +- ushort img[2][2064]; ++ ushort *img; + double sum[]={0,0}; + ++#define IMG2D(row,col) \ ++ img[(row)*width+(col)] ++ ++ img = (ushort *) malloc(2*width*sizeof(ushort)); ++ merror (img, "find_green()"); ++ + FORC(2) { + fseek (ifp, c ? off1:off0, SEEK_SET); + for (vbits=col=0; col < width; col++) { +@@ -8516,13 +8522,14 @@ float CLASS find_green (int bps, int bit + for (i=0; i < bite; i+=8) + bitbuf |= (unsigned) (fgetc(ifp) << i); + } +- img[c][col] = bitbuf << (64-bps-vbits) >> (64-bps); ++ IMG2D(c,col) = bitbuf << (64-bps-vbits) >> (64-bps); + } + } + FORC(width-1) { +- sum[ c & 1] += ABS(img[0][c]-img[1][c+1]); +- sum[~c & 1] += ABS(img[1][c]-img[0][c+1]); ++ sum[ c & 1] += ABS(IMG2D(0,c)-IMG2D(1,c+1)); ++ sum[~c & 1] += ABS(IMG2D(1,c)-IMG2D(0,c+1)); + } ++ free(img); + return 100 * log(sum[0]/sum[1]); + } + diff -Nru ufraw-0.22/debian/patches/series ufraw-0.22/debian/patches/series --- ufraw-0.22/debian/patches/series 2017-10-21 03:37:33.000000000 +0200 +++ ufraw-0.22/debian/patches/series 2018-12-02 10:55:01.000000000 +0100 @@ -2,3 +2,4 @@ 02_CVE-2015-8366.patch 03_fix-unsigned-char.patch 04_fix-abs-gcc-7.patch +05_CVE-2018-19655.patch
