Debian Bug report logs - #511844
CVE-2008-5262: DevIL "iGetHdrHeader()" Buffer Overflow Vulnerabilities

version graph

Package: devil; Maintainer for devil is Debian QA Group <packages@qa.debian.org>;

Reported by: Moritz Muehlenhoff <jmm@debian.org>

Date: Wed, 14 Jan 2009 21:33:01 UTC

Severity: grave

Tags: security

Fixed in versions devil/1.7.5-3, devil/1.6.8-rc2-3+lenny1, devil/1.6.7-5+etch1

Done: Steffen Joeris <white@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Bradley Smith <bradsmith@debian.org>:
Bug#511844; Package devil. (Wed, 14 Jan 2009 21:33:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Bradley Smith <bradsmith@debian.org>. (Wed, 14 Jan 2009 21:33:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2008-5262: DevIL "iGetHdrHeader()" Buffer Overflow Vulnerabilities
Date: Wed, 14 Jan 2009 22:30:37 +0100
Package: devil
Severity: grave
Tags: security
Justification: user security hole

Hi,
please see http://secunia.com/secunia_research/2008-59/ for details.

Cheers,
        Moritz

-- System Information:
Debian Release: 5.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash




Reply sent to Bradley Smith <bradsmith@debian.org>:
You have taken responsibility. (Thu, 15 Jan 2009 19:39:05 GMT) Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Thu, 15 Jan 2009 19:39:06 GMT) Full text and rfc822 format available.

Message #10 received at 511844-close@bugs.debian.org (full text, mbox):

From: Bradley Smith <bradsmith@debian.org>
To: 511844-close@bugs.debian.org
Subject: Bug#511844: fixed in devil 1.7.5-3
Date: Thu, 15 Jan 2009 19:17:04 +0000
Source: devil
Source-Version: 1.7.5-3

We believe that the bug you reported is fixed in the latest version of
devil, which is due to be installed in the Debian FTP archive:

devil_1.7.5-3.diff.gz
  to pool/main/d/devil/devil_1.7.5-3.diff.gz
devil_1.7.5-3.dsc
  to pool/main/d/devil/devil_1.7.5-3.dsc
libdevil-dev_1.7.5-3_i386.deb
  to pool/main/d/devil/libdevil-dev_1.7.5-3_i386.deb
libdevil1c2_1.7.5-3_i386.deb
  to pool/main/d/devil/libdevil1c2_1.7.5-3_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 511844@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bradley Smith <bradsmith@debian.org> (supplier of updated devil package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 15 Jan 2009 18:50:11 +0000
Source: devil
Binary: libdevil1c2 libdevil-dev
Architecture: source i386
Version: 1.7.5-3
Distribution: unstable
Urgency: low
Maintainer: Bradley Smith <bradsmith@debian.org>
Changed-By: Bradley Smith <bradsmith@debian.org>
Description: 
 libdevil-dev - Cross-platform image loading and manipulation toolkit
 libdevil1c2 - Cross-platform image loading and manipulation toolkit
Closes: 511844
Changes: 
 devil (1.7.5-3) unstable; urgency=low
 .
   * 03_CVE-2008-5262.diff - Backport fix for CVE-2008-5262.
     Closes: #511844.
Checksums-Sha1: 
 b768bdc6598cbabdeb94d3b8ac178e11567b1ae1 1269 devil_1.7.5-3.dsc
 ae1ff3da1c4c4459544b998103883cf642746a73 13135 devil_1.7.5-3.diff.gz
 d1dfa48ed0de3620cddd828bae8caef087e80d15 225496 libdevil1c2_1.7.5-3_i386.deb
 ae7f642df0bc2ab13e44693453bfeeb8d28e3a64 267702 libdevil-dev_1.7.5-3_i386.deb
Checksums-Sha256: 
 4105736a5f217fe019aa930e50b52a4f437bc8def793f42913695e25be6b16f6 1269 devil_1.7.5-3.dsc
 c437a1e968dc0ed7d19ce724d5effc7f1618cc01ef8de87d3d5c6765f2a4df96 13135 devil_1.7.5-3.diff.gz
 ba5887cb706a97eab11d6cdbae26e70c42a925b96c5d3c9dd254bd1e00f3759b 225496 libdevil1c2_1.7.5-3_i386.deb
 461d71c0413db84904748221cb394acc2046ccd1a025e4ad18daad70d70dcce1 267702 libdevil-dev_1.7.5-3_i386.deb
Files: 
 7ff99460f9e552a02d52014c3857ee2c 1269 devel optional devil_1.7.5-3.dsc
 e1f5564a4cc62fce8cebfa5bc9eb97da 13135 devel optional devil_1.7.5-3.diff.gz
 a1f385610b4af80e4cd0615949d71088 225496 libs optional libdevil1c2_1.7.5-3_i386.deb
 3677e77c253d09fd7a4f8777a68d36ea 267702 libdevel optional libdevil-dev_1.7.5-3_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAklviQAACgkQj3BimscY00eRegCghGifrSrF2PTkIXx9OVQYnFPw
BEwAn00467iA257YtP4UtlnFN8UAJaN7
=KkUr
-----END PGP SIGNATURE-----





Reply sent to Nico Golde <nion@debian.org>:
You have taken responsibility. (Sat, 17 Jan 2009 17:39:05 GMT) Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Sat, 17 Jan 2009 17:39:06 GMT) Full text and rfc822 format available.

Message #15 received at 511844-close@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: 511844-close@bugs.debian.org
Subject: Bug#511844: fixed in devil 1.6.8-rc2-3+lenny1
Date: Sat, 17 Jan 2009 17:17:05 +0000
Source: devil
Source-Version: 1.6.8-rc2-3+lenny1

We believe that the bug you reported is fixed in the latest version of
devil, which is due to be installed in the Debian FTP archive:

devil_1.6.8-rc2-3+lenny1.diff.gz
  to pool/main/d/devil/devil_1.6.8-rc2-3+lenny1.diff.gz
devil_1.6.8-rc2-3+lenny1.dsc
  to pool/main/d/devil/devil_1.6.8-rc2-3+lenny1.dsc
libdevil-dev_1.6.8-rc2-3+lenny1_amd64.deb
  to pool/main/d/devil/libdevil-dev_1.6.8-rc2-3+lenny1_amd64.deb
libdevil1c2_1.6.8-rc2-3+lenny1_amd64.deb
  to pool/main/d/devil/libdevil1c2_1.6.8-rc2-3+lenny1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 511844@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nico Golde <nion@debian.org> (supplier of updated devil package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 17 Jan 2009 15:21:31 +0100
Source: devil
Binary: libdevil1c2 libdevil-dev
Architecture: source amd64
Version: 1.6.8-rc2-3+lenny1
Distribution: testing-security
Urgency: high
Maintainer: Bradley Smith <brad@brad-smith.co.uk>
Changed-By: Nico Golde <nion@debian.org>
Description: 
 libdevil-dev - Cross-platform image loading and manipulation toolkit
 libdevil1c2 - DevIL image manipulation toolkit runtime support
Closes: 511844
Changes: 
 devil (1.6.8-rc2-3+lenny1) testing-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fix stack-based buffer overflows in iGetHdrHeader allowing
     context-dependent attackers to execute arbitrary code via a
     crafted Radiance RGBE file (CVE-2008-5262; Closes: #511844).
Checksums-Sha1: 
 2f444b367b84e956ec4c0ead0b2c8ede0d9b7004 1155 devil_1.6.8-rc2-3+lenny1.dsc
 aa9c2012d15c511ec2db34463a21f84fcfb40170 2915570 devil_1.6.8-rc2.orig.tar.gz
 2731c6ceb221c594ce7663adbddcd4ffbfa9e495 9047 devil_1.6.8-rc2-3+lenny1.diff.gz
 ca3c825270091da7709204322f5fc58f2b1fa3cf 213724 libdevil1c2_1.6.8-rc2-3+lenny1_amd64.deb
 c544d097f0140a3ce094e7948d0a63de916ce8f3 243542 libdevil-dev_1.6.8-rc2-3+lenny1_amd64.deb
Checksums-Sha256: 
 e89dd7760430d5d7ef2ffdcb417eaebd4c2e6e4e1f27472f2ff5d211c457cd9f 1155 devil_1.6.8-rc2-3+lenny1.dsc
 c08437df485b241e88b84e5c0731b016a0a49a0f894c23394de12c7620a82c8e 2915570 devil_1.6.8-rc2.orig.tar.gz
 c8b71b206616a2f0e6fc7f345e10b4d1cdf70726bae58c3245338e0e423cb187 9047 devil_1.6.8-rc2-3+lenny1.diff.gz
 3802720b9a56b96ca896ce1eafa45e93b7f2a58f331593e3c0dc086b8a81cec9 213724 libdevil1c2_1.6.8-rc2-3+lenny1_amd64.deb
 261cd7fc961a2dd549ee2ce7fa7885d4050ea264f1cd3e8aba559c5287bfcd49 243542 libdevil-dev_1.6.8-rc2-3+lenny1_amd64.deb
Files: 
 b465a033ccb446b952db2bdd7488d180 1155 devel optional devil_1.6.8-rc2-3+lenny1.dsc
 9d815c8637adb6fb6c25c38dc178aca2 2915570 devel optional devil_1.6.8-rc2.orig.tar.gz
 58e6e9d9be79b980b6a48690402c47fb 9047 devel optional devil_1.6.8-rc2-3+lenny1.diff.gz
 4b6aca6a4579ab86b8d9299e34d8fb8b 213724 libs optional libdevil1c2_1.6.8-rc2-3+lenny1_amd64.deb
 963a32298859b5a3906ca2e616f57cfb 243542 libdevel optional libdevil-dev_1.6.8-rc2-3+lenny1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAklx72YACgkQHYflSXNkfP+tqwCffsN5b9c9TVqAyk6rR2nIF3dR
nMAAn1MGIIeV7hEcpJp8CDk+4o6U6YUf
=1lAF
-----END PGP SIGNATURE-----





Reply sent to Steffen Joeris <white@debian.org>:
You have taken responsibility. (Sun, 15 Mar 2009 20:48:05 GMT) Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Sun, 15 Mar 2009 20:48:05 GMT) Full text and rfc822 format available.

Message #20 received at 511844-close@bugs.debian.org (full text, mbox):

From: Steffen Joeris <white@debian.org>
To: 511844-close@bugs.debian.org
Subject: Bug#511844: fixed in devil 1.6.7-5+etch1
Date: Sun, 15 Mar 2009 19:54:29 +0000
Source: devil
Source-Version: 1.6.7-5+etch1

We believe that the bug you reported is fixed in the latest version of
devil, which is due to be installed in the Debian FTP archive:

devil_1.6.7-5+etch1.diff.gz
  to pool/main/d/devil/devil_1.6.7-5+etch1.diff.gz
devil_1.6.7-5+etch1.dsc
  to pool/main/d/devil/devil_1.6.7-5+etch1.dsc
libdevil-dev_1.6.7-5+etch1_i386.deb
  to pool/main/d/devil/libdevil-dev_1.6.7-5+etch1_i386.deb
libdevil1c2_1.6.7-5+etch1_i386.deb
  to pool/main/d/devil/libdevil1c2_1.6.7-5+etch1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 511844@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steffen Joeris <white@debian.org> (supplier of updated devil package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue,  3 Feb 2009 22:06:49 +0000
Source: devil
Binary: libdevil1c2 libdevil-dev
Architecture: source i386
Version: 1.6.7-5+etch1
Distribution: stable-security
Urgency: high
Maintainer: Marcelo E. Magallon <mmagallo@debian.org>
Changed-By: Steffen Joeris <white@debian.org>
Description: 
 libdevil-dev - Cross-platform image loading and manipulation toolkit
 libdevil1c2 - DevIL image manipulation toolkit runtime support
Closes: 511844 512122
Changes: 
 devil (1.6.7-5+etch1) stable-security; urgency=high
 .
   * Non-maintainer upload by the security team
   * Fix buffer overflows in the iGetHdrHeader() function that allow
     arbitrary code execution via a crafted Radiance RGBE file
     (Closes: #511844, #512122)
     Fixes: CVE-2008-5262
Files: 
 00a9a200619160d990ed2a2deeb4238d 784 devel optional devil_1.6.7-5+etch1.dsc
 0d0c3842196d85c4e24bedabcd84f626 3013312 devel optional devil_1.6.7.orig.tar.gz
 414a516d9fef38921dbd538d78adcac0 8379 devel optional devil_1.6.7-5+etch1.diff.gz
 1f1bfc9efdd189ea5b430a50ca281cca 286098 devel optional libdevil-dev_1.6.7-5+etch1_i386.deb
 aca0fc8776489aba07f6a6a103fb52f9 252798 libs optional libdevil1c2_1.6.7-5+etch1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkmI7zQACgkQ62zWxYk/rQfV1gCeLmOSvrAJKvFHeFrGJiSFjn5T
xLAAnR0sFQqDR77eA4CKkZZLYd2stHGE
=x/2E
-----END PGP SIGNATURE-----





Reply sent to Steffen Joeris <white@debian.org>:
You have taken responsibility. (Thu, 09 Apr 2009 16:48:04 GMT) Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Thu, 09 Apr 2009 16:48:04 GMT) Full text and rfc822 format available.

Message #25 received at 511844-close@bugs.debian.org (full text, mbox):

From: Steffen Joeris <white@debian.org>
To: 511844-close@bugs.debian.org
Subject: Bug#511844: fixed in devil 1.6.7-5+etch1
Date: Thu, 09 Apr 2009 16:40:54 +0000
Source: devil
Source-Version: 1.6.7-5+etch1

We believe that the bug you reported is fixed in the latest version of
devil, which is due to be installed in the Debian FTP archive:

devil_1.6.7-5+etch1.diff.gz
  to pool/main/d/devil/devil_1.6.7-5+etch1.diff.gz
devil_1.6.7-5+etch1.dsc
  to pool/main/d/devil/devil_1.6.7-5+etch1.dsc
libdevil-dev_1.6.7-5+etch1_i386.deb
  to pool/main/d/devil/libdevil-dev_1.6.7-5+etch1_i386.deb
libdevil1c2_1.6.7-5+etch1_i386.deb
  to pool/main/d/devil/libdevil1c2_1.6.7-5+etch1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 511844@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steffen Joeris <white@debian.org> (supplier of updated devil package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue,  3 Feb 2009 22:06:49 +0000
Source: devil
Binary: libdevil1c2 libdevil-dev
Architecture: source i386
Version: 1.6.7-5+etch1
Distribution: stable-security
Urgency: high
Maintainer: Marcelo E. Magallon <mmagallo@debian.org>
Changed-By: Steffen Joeris <white@debian.org>
Description: 
 libdevil-dev - Cross-platform image loading and manipulation toolkit
 libdevil1c2 - DevIL image manipulation toolkit runtime support
Closes: 511844 512122
Changes: 
 devil (1.6.7-5+etch1) stable-security; urgency=high
 .
   * Non-maintainer upload by the security team
   * Fix buffer overflows in the iGetHdrHeader() function that allow
     arbitrary code execution via a crafted Radiance RGBE file
     (Closes: #511844, #512122)
     Fixes: CVE-2008-5262
Files: 
 00a9a200619160d990ed2a2deeb4238d 784 devel optional devil_1.6.7-5+etch1.dsc
 0d0c3842196d85c4e24bedabcd84f626 3013312 devel optional devil_1.6.7.orig.tar.gz
 414a516d9fef38921dbd538d78adcac0 8379 devel optional devil_1.6.7-5+etch1.diff.gz
 1f1bfc9efdd189ea5b430a50ca281cca 286098 devel optional libdevil-dev_1.6.7-5+etch1_i386.deb
 aca0fc8776489aba07f6a6a103fb52f9 252798 libs optional libdevil1c2_1.6.7-5+etch1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkmI7zQACgkQ62zWxYk/rQfV1gCeLmOSvrAJKvFHeFrGJiSFjn5T
xLAAnR0sFQqDR77eA4CKkZZLYd2stHGE
=x/2E
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 08 May 2009 07:29:03 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Mon Apr 21 16:20:51 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.