Bug 50148 - libcaca: Multiple issues (4.4)
libcaca: Multiple issues (4.4)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.4
All Linux
: P5 normal (vote)
: UCS 4.4-1-errata
Assigned To: Quality Assurance
Philipp Hahn
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-09-09 15:29 CEST by Quality Assurance
Modified: 2019-09-11 15:25 CEST (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 0.0 () Debian


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Quality Assurance univentionstaff 2019-09-09 15:29:28 CEST
New Debian libcaca 0.99.beta19-2.1~deb9u1 fixes:
This update addresses the following issues:
* There is floating point exception at caca/dither.c (function  caca_dither_bitmap) in libcaca 0.99.beta19. (CVE-2018-20544)
* There is an illegal WRITE memory access at common-image.c (function  load_image) in libcaca 0.99.beta19 for 4bpp data. (CVE-2018-20545)
* There is an illegal READ memory access at caca/dither.c (function  get_rgba_default) in libcaca 0.99.beta19 for the default bpp case.  (CVE-2018-20546)
* There is an illegal READ memory access at caca/dither.c (function  get_rgba_default) in libcaca 0.99.beta19 for 24bpp data. (CVE-2018-20547)
* There is an illegal WRITE memory access at common-image.c (function  load_image) in libcaca 0.99.beta19 for 1bpp data. (CVE-2018-20548)
* There is an illegal WRITE memory access at caca/file.c (function  caca_file_read) in libcaca 0.99.beta19. (CVE-2018-20549)
Comment 1 Quality Assurance univentionstaff 2019-09-09 16:01:18 CEST
--- mirror/ftp/4.3/unmaintained/4.3-0/source/libcaca_0.99.beta19-2.dsc
+++ apt/ucs_4.4-0-errata4.4-1/source/libcaca_0.99.beta19-2.1~deb9u1.dsc
@@ -1,3 +1,15 @@
+0.99.beta19-2.1~deb9u1 [Wed, 28 Aug 2019 18:09:58 +0200] Andreas Beckmann <anbe@debian.org>:
+
+  * Non-maintainer upload.
+  * Rebuild for stretch.
+
+0.99.beta19-2.1 [Sat, 06 Apr 2019 22:18:41 +0200] Tobias Frost <tobi@debian.org>:
+
+  * Non-maintainer upload.
+  * Cherry-Pick fixes from upstream git repository:
+    - CVE-2018-20545, CVE-2018-20546, CVE-2018-20547,CVE-2018-20548 and
+      CVE-2018-20549 (Closes: #917807)
+
 0.99.beta19-2 [Mon, 02 Jun 2014 22:38:19 +0200] Sam Hocevar <sho@debian.org>:
 
   * debian/patches/100_doxygen.diff: remove deprecated Doxygen variables.

<http://10.200.17.11/4.4-1/#5476950221731122545>
Comment 2 Philipp Hahn univentionstaff 2019-09-10 12:32:47 CEST
OK: yaml
OK: announce_errata
OK: patch
OK: piuparts

[4.4-1] 8569be0010 Bug #50148: libcaca 0.99.beta19-2.1~deb9u1
 doc/errata/staging/libcaca.yaml | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

[4.4-1] ff8f9886b9 Bug #50148: libcaca 0.99.beta19-2.1~deb9u1
 doc/errata/staging/libcaca.yaml | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
Comment 3 Erik Damrose univentionstaff 2019-09-11 15:25:42 CEST
<http://errata.software-univention.de/ucs/4.4/257.html>