Bug#946185: marked as done (stretch-pu: package fig2dev/1:3.2.6a-2+deb9u3)

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Subject: Bug#946185: marked as done (stretch-pu: package fig2dev/1:3.2.6a-2+deb9u3)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sat, 08 Feb 2020 14:27:56 +0000
Message-id: <[🔎] handler.946185.D946185.158117182916816.ackdone@bugs.debian.org>
Reply-to: 946185@bugs.debian.org
References: <a894a0233c2d264936953d7a69507573c4a5742a.camel@adam-barratt.org.uk> <20191204215252.r5euoyr4xu2i66z5@dinghy.sail.spinnaker.de>

Your message dated Sat, 08 Feb 2020 14:23:35 +0000
with message-id <a894a0233c2d264936953d7a69507573c4a5742a.camel@adam-barratt.org.uk>
and subject line Closing bugs included in 9.12
has caused the Debian Bug report #946185,
regarding stretch-pu: package fig2dev/1:3.2.6a-2+deb9u3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
946185: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946185
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: stretch-pu: package fig2dev/1:3.2.6a-2+deb9u3
From: Roland Rosenfeld <roland@spinnaker.de>
Date: Wed, 4 Dec 2019 22:52:52 +0100
Message-id: <20191204215252.r5euoyr4xu2i66z5@dinghy.sail.spinnaker.de>

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu

This fixes CVE-2019-19555 in stretch.  Since this is tagged
"unimportant" by the security team on
https://security-tracker.debian.org/tracker/CVE-2019-19555 they won't
publish a DSA, so I tend to send this into the next point release of
buster.

Attached you'll find the diff against 3.2.6a-2+deb9u2.

Greetings
Roland

diff -Nru fig2dev-3.2.6a/debian/changelog fig2dev-3.2.6a/debian/changelog
--- fig2dev-3.2.6a/debian/changelog	2019-07-27 10:22:45.000000000 +0200
+++ fig2dev-3.2.6a/debian/changelog	2019-12-04 22:22:00.000000000 +0100
@@ -1,3 +1,10 @@
+fig2dev (1:3.2.6a-2+deb9u3) stretch; urgency=medium
+
+  * 41_CVE-2019-19555: Allow Fig v2 text strings ending with multiple ^A.
+    This fixes CVE-2019-19555.  Closes (#946176).
+
+ -- Roland Rosenfeld <roland@debian.org>  Wed, 04 Dec 2019 22:22:00 +0100
+
 fig2dev (1:3.2.6a-2+deb9u2) stretch; urgency=medium
 
   * 40_circle_arrowhead: Do not segfault on circle/half circle arrowheads
diff -Nru fig2dev-3.2.6a/debian/patches/41_CVE-2019-19555.patch fig2dev-3.2.6a/debian/patches/41_CVE-2019-19555.patch
--- fig2dev-3.2.6a/debian/patches/41_CVE-2019-19555.patch	1970-01-01 01:00:00.000000000 +0100
+++ fig2dev-3.2.6a/debian/patches/41_CVE-2019-19555.patch	2019-12-04 22:22:00.000000000 +0100
@@ -0,0 +1,27 @@
+From: Thomas Loimer <thomas.loimer@tuwien.ac.at>
+Date:   Wed Dec 4 17:56:04 2019 +0100
+Bug: https://sourceforge.net/p/mcj/tickets/55
+Bug-Debian: https://bugs.debian.org/946176
+Origin: https://sourceforge.net/p/mcj/fig2dev/ci/19db5fe6f77ebad91af4b4ef0defd61bd0bb358f/
+Subject: Allow Fig v2 text strings ending with multiple ^A.
+ This fixes CVE-2019-19555
+
+--- a/fig2dev/read.c
++++ b/fig2dev/read.c
+@@ -3,6 +3,7 @@
+  * Copyright (c) 1991 by Micah Beck
+  * Parts Copyright (c) 1985-1988 by Supoj Sutanthavibul
+  * Parts Copyright (c) 1989-2002 by Brian V. Smith
++ * Parts Copyright (c) 2015-2019 by Thomas Loimer
+  *
+  * Any party obtaining a copy of these files is granted, free of charge, a
+  * full and unrestricted irrevocable, world-wide, paid up, royalty-free,
+@@ -1223,7 +1224,7 @@ read_textobject(FILE *fp)
+ 		If we do not find the CONTROL-A on this line then this must
+ 		be a multi-line text object and we will have to read more. */
+ 
+-	    n = sscanf(buf,"%*d%d%d%lf%d%d%d%lf%d%lf%lf%d%d%[^\1]%[\1]",
++	    n = sscanf(buf,"%*d%d%d%lf%d%d%d%lf%d%lf%lf%d%d%[^\1]%1[\1]",
+ 		&t->type, &t->font, &t->size, &t->pen,
+ 		&t->color, &t->depth, &t->angle,
+ 		&t->flags, &t->height, &t->length,
diff -Nru fig2dev-3.2.6a/debian/patches/series fig2dev-3.2.6a/debian/patches/series
--- fig2dev-3.2.6a/debian/patches/series	2019-07-27 10:22:45.000000000 +0200
+++ fig2dev-3.2.6a/debian/patches/series	2019-12-04 22:22:00.000000000 +0100
@@ -5,3 +5,4 @@
 31_input_sanitizing.patch
 32_fill-style-overflow.patch
 40_circle_arrowhead.patch
+41_CVE-2019-19555.patch

--- End Message ---

--- Begin Message ---

To: 887324-done@bugs.debian.org, 902487-done@bugs.debian.org, 933263-done@bugs.debian.org, 935728-done@bugs.debian.org, 935970-done@bugs.debian.org, 939364-done@bugs.debian.org, 939897-done@bugs.debian.org, 939907-done@bugs.debian.org, 939967-done@bugs.debian.org, 940246-done@bugs.debian.org, 940477-done@bugs.debian.org, 940714-done@bugs.debian.org, 940715-done@bugs.debian.org, 941126-done@bugs.debian.org, 941169-done@bugs.debian.org, 941350-done@bugs.debian.org, 941452-done@bugs.debian.org, 942024-done@bugs.debian.org, 942110-done@bugs.debian.org, 942839-done@bugs.debian.org, 942840-done@bugs.debian.org, 942841-done@bugs.debian.org, 943352-done@bugs.debian.org, 943564-done@bugs.debian.org, 943606-done@bugs.debian.org, 944186-done@bugs.debian.org, 944233-done@bugs.debian.org, 944282-done@bugs.debian.org, 944794-done@bugs.debian.org, 944866-done@bugs.debian.org, 945821-done@bugs.debian.org, 945944-done@bugs.debian.org, 946159-done@bugs.debian.org, 946185-done@bugs.debian.org, 946558-done@bugs.debian.org, 946560-done@bugs.debian.org, 946570-done@bugs.debian.org, 946654-done@bugs.debian.org, 946704-done@bugs.debian.org, 946824-done@bugs.debian.org, 946907-done@bugs.debian.org, 947204-done@bugs.debian.org, 947255-done@bugs.debian.org, 947747-done@bugs.debian.org, 947834-done@bugs.debian.org, 948219-done@bugs.debian.org, 948391-done@bugs.debian.org, 948401-done@bugs.debian.org, 948465-done@bugs.debian.org, 948649-done@bugs.debian.org, 948704-done@bugs.debian.org, 948715-done@bugs.debian.org, 948730-done@bugs.debian.org, 948737-done@bugs.debian.org, 948898-done@bugs.debian.org, 949838-done@bugs.debian.org, 949853-done@bugs.debian.org, 949900-done@bugs.debian.org, 949905-done@bugs.debian.org, 949907-done@bugs.debian.org, 949909-done@bugs.debian.org, 950156-done@bugs.debian.org, 950256-done@bugs.debian.org, 950281-done@bugs.debian.org, 950309-done@bugs.debian.org

Subject: Closing bugs included in 9.12

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Date: Sat, 08 Feb 2020 14:23:35 +0000

Message-id: <a894a0233c2d264936953d7a69507573c4a5742a.camel@adam-barratt.org.uk>
Package: release.debian.org
Version: 9.12

Hi,

Each of the uploads referred to by these bugs was included in today's
oldstable point release.

Regards,

Adam
--- End Message ---

Reply to:

Prev by Date: Bug#946159: marked as done (stretch-pu: package libxslt/1.1.29-2.1+deb9u2)
Next by Date: Bug#946570: marked as done (stretch-pu: package libpst/0.6.59-1+deb9u1)
Previous by thread: Bug#946159: marked as done (stretch-pu: package libxslt/1.1.29-2.1+deb9u2)
Next by thread: Bug#946570: marked as done (stretch-pu: package libpst/0.6.59-1+deb9u1)
Index(es):
- Date
- Thread