Discussion:
Bug#988325: unblock: htmldoc/1.9.11-3
(too old to reply)
Håvard Flaget Aasen
2021-05-10 15:00:01 UTC
Permalink
Package: release.debian.org
Severity: normal
User: ***@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: ***@yahoo.no

Please unblock package htmldoc

The bug #984765 [0] is only of severity normal, but it got a CVE number some days
ago, it has been deemed unimportant by the security team.

The patch is cherry-picked from upstream.

[ Reason ]
buffer-overflow caused by integer-overflow in image_load_gif(), which is
CVE-2021-20308 [1]

[ Impact ]
Probably quite small.

[ Tests ]
None.

[ Risks ]
Small risk.

[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing

unblock htmldoc/1.9.11-3

Regards,
HÃ¥vard

[0] https://bugs.debian.org/#984765
[1] https://security-tracker.debian.org/tracker/CVE-2021-20308
Debian Bug Tracking System
2021-05-10 20:10:01 UTC
Permalink
tags -1 confirmed moreinfo
Bug #988325 [release.debian.org] unblock: htmldoc/1.9.11-3
Added tag(s) confirmed and moreinfo.
--
988325: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988325
Debian Bug Tracking System
Contact ***@bugs.debian.org with problems
Sebastian Ramacher
2021-05-10 20:10:02 UTC
Permalink
Control: tags -1 confirmed moreinfo
Post by Håvard Flaget Aasen
Package: release.debian.org
Severity: normal
Usertags: unblock
Please unblock package htmldoc
Please go ahead and remove the moreinfo tag once the new version is
available in unstable.

Cheers
Post by Håvard Flaget Aasen
The bug #984765 [0] is only of severity normal, but it got a CVE number some days
ago, it has been deemed unimportant by the security team.
The patch is cherry-picked from upstream.
[ Reason ]
buffer-overflow caused by integer-overflow in image_load_gif(), which is
CVE-2021-20308 [1]
[ Impact ]
Probably quite small.
[ Tests ]
None.
[ Risks ]
Small risk.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
unblock htmldoc/1.9.11-3
Regards,
Håvard
[0] https://bugs.debian.org/#984765
[1] https://security-tracker.debian.org/tracker/CVE-2021-20308
diff -Nru htmldoc-1.9.11/debian/changelog htmldoc-1.9.11/debian/changelog
--- htmldoc-1.9.11/debian/changelog 2021-02-08 15:46:44.000000000 +0100
+++ htmldoc-1.9.11/debian/changelog 2021-05-10 16:10:41.000000000 +0200
@@ -1,3 +1,10 @@
+htmldoc (1.9.11-3) unstable; urgency=medium
+
+ * Add patch to mitigate buffer-overflow caused by integer-overflow in
+ image_load_gif() Closes: 984765 and fixes CVE-2021-20308
+
+
htmldoc (1.9.11-2) unstable; urgency=medium
* Update build-dependency to libfltk1.3-dev Closes: #982276
diff -Nru htmldoc-1.9.11/debian/patches/Fix-crash-bug-with-bad-GIFs-Issue-423.patch htmldoc-1.9.11/debian/patches/Fix-crash-bug-with-bad-GIFs-Issue-423.patch
--- htmldoc-1.9.11/debian/patches/Fix-crash-bug-with-bad-GIFs-Issue-423.patch 1970-01-01 01:00:00.000000000 +0100
+++ htmldoc-1.9.11/debian/patches/Fix-crash-bug-with-bad-GIFs-Issue-423.patch 2021-05-10 16:10:41.000000000 +0200
@@ -0,0 +1,27 @@
+Date: Wed, 31 Mar 2021 20:18:00 -0400
+Subject: Fix crash bug with bad GIFs (Issue #423)
+
+CVE-2021-20308
+
+Origin: upstream, https://github.com/michaelrsweet/htmldoc/commit/6a8322a718b2ba5c440bd33e6f26d9e281c39654
+Bug: https://github.com/michaelrsweet/htmldoc/issues/423
+Bug-Debian: https://bugs.debian.org/#984765
+---
+ htmldoc/image.cxx | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/htmldoc/image.cxx b/htmldoc/image.cxx
+index 68d6b92..8f53050 100644
+--- a/htmldoc/image.cxx
++++ b/htmldoc/image.cxx
+ img->height = (buf[9] << 8) | buf[8];
+ ncolors = 2 << (buf[10] & 0x07);
+
++ if (img->width <= 0 || img->width > 32767 || img->height <= 0 || img->height > 32767)
++ return (-1);
++
+ // If we are writing an encrypted PDF file, bump the use count so we create
+ // an image object (Acrobat 6 bug workaround)
+ if (Encryption)
diff -Nru htmldoc-1.9.11/debian/patches/series htmldoc-1.9.11/debian/patches/series
--- htmldoc-1.9.11/debian/patches/series 2021-02-08 14:38:12.000000000 +0100
+++ htmldoc-1.9.11/debian/patches/series 2021-05-10 16:10:41.000000000 +0200
@@ -5,3 +5,4 @@
autoheader_support.patch
disable_libz.patch
remove-os-check.patch
+Fix-crash-bug-with-bad-GIFs-Issue-423.patch
--
Sebastian Ramacher
Debian Bug Tracking System
2021-05-11 10:10:01 UTC
Permalink
Your message dated Tue, 11 May 2021 10:00:44 +0000
with message-id <E1lgPC0-0001TG-***@respighi.debian.org>
and subject line unblock htmldoc
has caused the Debian Bug report #988325,
regarding unblock: htmldoc/1.9.11-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ***@bugs.debian.org
immediately.)
--
988325: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988325
Debian Bug Tracking System
Contact ***@bugs.debian.org with problems
Loading...