Debian Bug report logs - #531631
[SA35205] GStreamer Good Plug-ins PNG Processing Integer Overflow Vulnerability

version graph

Package: gst-plugins-good0.10; Maintainer for gst-plugins-good0.10 is Maintainers of GStreamer packages <pkg-gstreamer-maintainers@lists.alioth.debian.org>;

Reported by: Giuseppe Iuculano <giuseppe@iuculano.it>

Date: Tue, 2 Jun 2009 20:36:02 UTC

Severity: serious

Tags: patch, security

Fixed in version gst-plugins-good0.10/0.10.15-2

Done: Sebastian Dröge <slomo@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Maintainers of GStreamer packages <pkg-gstreamer-maintainers@lists.alioth.debian.org>:
Bug#531631; Package gst-plugins-good0.10. (Tue, 02 Jun 2009 20:36:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Giuseppe Iuculano <giuseppe@iuculano.it>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Maintainers of GStreamer packages <pkg-gstreamer-maintainers@lists.alioth.debian.org>. (Tue, 02 Jun 2009 20:36:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Giuseppe Iuculano <giuseppe@iuculano.it>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: [SA35205] GStreamer Good Plug-ins PNG Processing Integer Overflow Vulnerability
Date: Tue, 02 Jun 2009 22:31:47 +0200
Package: gst-plugins-good0.10
Severity: serious
Tags: security patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

The following SA (Secunia Advisory) id was published for GStreamer Good Plug-ins:

SA35205[0]:

Description:
A vulnerability has been discovered in GStreamer Good Plug-ins, which can be exploited by malicious people to potentially compromise an application using the library.

The vulnerability is caused due to an integer overflow error in ext/libpng/gstpngdec.c, which can be exploited to cause a heap-based buffer overflow via a specially crafted PNG file.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in version 0.10.15. Other versions may also be affected.




If you fix the vulnerability please also make sure to include the CVE id
(if will be available) in the changelog entry.

[0]http://secunia.com/advisories/35205/

Patch: http://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=d9544bcc44adcef769cbdf7f6453e140058a3adc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkoljC4ACgkQNxpp46476apAbACfQCKt2JpnLvwauaxT9UkJB4qU
npIAnRJe+IBqfdXFhp9DgQNkLpcNFYeE
=F5iP
-----END PGP SIGNATURE-----




Reply sent to Sebastian Dröge <slomo@debian.org>:
You have taken responsibility. (Wed, 03 Jun 2009 07:12:17 GMT) Full text and rfc822 format available.

Notification sent to Giuseppe Iuculano <giuseppe@iuculano.it>:
Bug acknowledged by developer. (Wed, 03 Jun 2009 07:12:18 GMT) Full text and rfc822 format available.

Message #10 received at 531631-close@bugs.debian.org (full text, mbox):

From: Sebastian Dröge <slomo@debian.org>
To: 531631-close@bugs.debian.org
Subject: Bug#531631: fixed in gst-plugins-good0.10 0.10.15-2
Date: Wed, 03 Jun 2009 06:47:07 +0000
Source: gst-plugins-good0.10
Source-Version: 0.10.15-2

We believe that the bug you reported is fixed in the latest version of
gst-plugins-good0.10, which is due to be installed in the Debian FTP archive:

gst-plugins-good0.10_0.10.15-2.diff.gz
  to pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.15-2.diff.gz
gst-plugins-good0.10_0.10.15-2.dsc
  to pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.15-2.dsc
gstreamer0.10-esd_0.10.15-2_amd64.deb
  to pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.15-2_amd64.deb
gstreamer0.10-plugins-good-dbg_0.10.15-2_amd64.deb
  to pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.15-2_amd64.deb
gstreamer0.10-plugins-good-doc_0.10.15-2_all.deb
  to pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-doc_0.10.15-2_all.deb
gstreamer0.10-plugins-good_0.10.15-2_amd64.deb
  to pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.15-2_amd64.deb
gstreamer0.10-pulseaudio_0.10.15-2_amd64.deb
  to pool/main/g/gst-plugins-good0.10/gstreamer0.10-pulseaudio_0.10.15-2_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 531631@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastian Dröge <slomo@debian.org> (supplier of updated gst-plugins-good0.10 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 03 Jun 2009 08:22:36 +0200
Source: gst-plugins-good0.10
Binary: gstreamer0.10-plugins-good-doc gstreamer0.10-esd gstreamer0.10-pulseaudio gstreamer0.10-plugins-good gstreamer0.10-plugins-good-dbg
Architecture: source all amd64
Version: 0.10.15-2
Distribution: unstable
Urgency: high
Maintainer: Maintainers of GStreamer packages <pkg-gstreamer-maintainers@lists.alioth.debian.org>
Changed-By: Sebastian Dröge <slomo@debian.org>
Description: 
 gstreamer0.10-esd - GStreamer plugin for ESD
 gstreamer0.10-plugins-good - GStreamer plugins from the "good" set
 gstreamer0.10-plugins-good-dbg - GStreamer plugins from the "good" set
 gstreamer0.10-plugins-good-doc - GStreamer documentation for plugins from the "good" set
 gstreamer0.10-pulseaudio - GStreamer plugin for PulseAudio
Closes: 531631
Changes: 
 gst-plugins-good0.10 (0.10.15-2) unstable; urgency=high
 .
   * debian/patches/01_equalizer-integer-arithmetic-distortions.patch:
     + Patch from upstream GIT to fix distortions when the integer
       arithmetic mode of the equalizer is used.
   * debian/patches/02_SA35205-pngdec-integer-overflow.patch:
     + SECURITY: SA35205 - PNG Processing Integer Overflow Vulnerability
       Patch from upstream GIT to fix an integer overflow in pngdec:
       A malformed (or simply huge) PNG file can lead to integer overflow in
       calculating the size of the output buffer, leading to crashes or buffer
       overflows later (Closes: #531631).
Checksums-Sha1: 
 014c372ace8aee0492c0f56fb4f782724e39adbd 2777 gst-plugins-good0.10_0.10.15-2.dsc
 43a395154a61c75726157e4b2c3c0ffb31289ea4 27787 gst-plugins-good0.10_0.10.15-2.diff.gz
 2a1c6faab7d3e6a361609060ca9113424b9823b5 252198 gstreamer0.10-plugins-good-doc_0.10.15-2_all.deb
 e7afdcaf0613468f65f5d4f4a808cf7057306ebb 54026 gstreamer0.10-esd_0.10.15-2_amd64.deb
 fdc2a4100f9a872706849bb06ab125a600231317 79588 gstreamer0.10-pulseaudio_0.10.15-2_amd64.deb
 6633dc1a6b5bf478f131626b7d687f44136e5b9b 1284016 gstreamer0.10-plugins-good_0.10.15-2_amd64.deb
 3b5f755e2a3f0ab9c59ade3d202929358cc1bdbd 3403802 gstreamer0.10-plugins-good-dbg_0.10.15-2_amd64.deb
Checksums-Sha256: 
 a2fdf7d1c4b73b70d0dd1a3c3e2589015e15be33b1c87d09da8056a25bb69b58 2777 gst-plugins-good0.10_0.10.15-2.dsc
 0bdac866ae8f7413ee96e7886342b72bd42378e9e7ffb349181affacd2d297f5 27787 gst-plugins-good0.10_0.10.15-2.diff.gz
 cfd37a1fda40c74b9af013f1fe578cb73d5fd2d677799078e77d072b05346e59 252198 gstreamer0.10-plugins-good-doc_0.10.15-2_all.deb
 05efe2869cf61458653f593ea2d6a5f8ec69d9de93af5422a8a99feab2a042a8 54026 gstreamer0.10-esd_0.10.15-2_amd64.deb
 89af6a3c490badf12e4432bde3b52c5258689c561bd05d7d7c76bca92b9c7b56 79588 gstreamer0.10-pulseaudio_0.10.15-2_amd64.deb
 07fe48474f58897c7f741f3cd1952318128579d63da9fce9ce4cab006e80f410 1284016 gstreamer0.10-plugins-good_0.10.15-2_amd64.deb
 e3ad78b70efcefb6f87a2a3ee0e068d5d4fb62c88abeeed5acbccf3826f8f36a 3403802 gstreamer0.10-plugins-good-dbg_0.10.15-2_amd64.deb
Files: 
 d70d336c04b4860f00afda4d4d8b5c59 2777 libs optional gst-plugins-good0.10_0.10.15-2.dsc
 4aeedb22cc6770d35add3cd1907d9414 27787 libs optional gst-plugins-good0.10_0.10.15-2.diff.gz
 bf936789f8ad5d8f7bc1dd8e74b6ba17 252198 doc optional gstreamer0.10-plugins-good-doc_0.10.15-2_all.deb
 406eb8a9326f01b7ba0d9f2271fd760f 54026 libs optional gstreamer0.10-esd_0.10.15-2_amd64.deb
 05f832ef6c942cc91db23aea1ca662d7 79588 sound optional gstreamer0.10-pulseaudio_0.10.15-2_amd64.deb
 209b84f059a3985fc6b68aa25c4dddca 1284016 libs optional gstreamer0.10-plugins-good_0.10.15-2_amd64.deb
 7b2bd32e73a8111bb28d3dd80a0b4c1f 3403802 debug extra gstreamer0.10-plugins-good-dbg_0.10.15-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkomGeUACgkQBsBdh1vkHyHjTgCdHe7v72zRg/V30anYk+bFNFoM
Hz0AnRYJPfn/7ir5f52fgvhoWbsEO/h8
=a1Rc
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 08 Jul 2009 07:28:50 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 14:34:41 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.