Debian Bug report logs - #533361
xcftools: 'xcf2pnm -C ... layer' crashes on some valid XCF files

version graph

Package: xcftools; Maintainer for xcftools is Jan Hauke Rahm <jhr@debian.org>; Source for xcftools is src:xcftools.

Reported by: Jorgen Grahn <grahn+src@snipabacken.se>

Date: Tue, 16 Jun 2009 20:21:02 UTC

Severity: serious

Tags: fixed-upstream, patch, security

Found in version xcftools/1.0.4-1

Fixed in versions xcftools/1.0.4-1+lenny1, xcftools/1.0.7-1

Done: Jan Hauke Rahm <info@jhr-online.de>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#533361; Package xcftools. (Tue, 16 Jun 2009 20:21:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jorgen Grahn <grahn+src@snipabacken.se>:
New Bug report received and forwarded. Copy sent to Debian QA Group <packages@qa.debian.org>. (Tue, 16 Jun 2009 20:21:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Jorgen Grahn <grahn+src@snipabacken.se>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: xcftools: 'xcf2pnm -C ... layer' crashes on some valid XCF files
Date: Tue, 16 Jun 2009 22:16:52 +0200
[Message part 1 (text/plain, inline)]
Package: xcftools
Version: 1.0.4-1
Severity: important


I really like the xcftools package, because it lets me author things
in Gimp and then automate operations on them (e.g. let a Makefile
generate jpeg images from a sandwhich of layers). However, this bug is
a problem for me currently:

I try to extract individual layers, clipped to the canvas size. It
seems that at least sometimes, for at least some layers which extends
past the edges of the canvas, xcf2pnm fails.  On this amd64 system, it
passes an unreasonable size to malloc().  On my PPC Debian 4.0 system
and xcftools (1.0.4-1) it dies with SIGILL instead. Possibly, almost
anything can happen.

xcf2png fails in the same way.

Some might suspect that this as a security issue. I have chosen not to
file it as such, but feel free to raise the severity if you think it's
important.

I have attached two minimal example files (gzipped).  The -bigcanvas
variant was created in Gimp with "Fit canvas to layers". And here is a
terminal session which shows the problem:

salix:/tmp/xcfbug% ls -l 
total 84
-rw-r--r-- 1 grahn grahn 46351 Jun 16 21:50 djuras_white_bigcanvas.xcf
-rw-r--r-- 1 grahn grahn 32939 Jun 16 21:49 djuras_white.xcf

salix:/tmp/xcfbug% md5sum *xcf
a1b5381579a94af0822a09d3f37b3e4b  djuras_white_bigcanvas.xcf
7812863507ddd7e486bfabdb468f6d78  djuras_white.xcf

salix:/tmp/xcfbug% xcfinfo djuras_white.xcf 
Version 0, 1600x1600 RGB color, 2 layers, compressed RLE
- 1670x1653-38-27 RGB-alpha Normal eniro
+ 1600x1600+0+0 RGB-alpha Normal ekon

salix:/tmp/xcfbug% xcfinfo djuras_white_bigcanvas.xcf 
Version 0, 1670x1653 RGB color, 2 layers, compressed RLE
- 1670x1653+0+0 RGB-alpha Normal eniro
+ 1600x1600+38+27 RGB-alpha Normal ekon

salix:/tmp/xcfbug% xcf2pnm -b black -C djuras_white_bigcanvas.xcf ekon |md5sum
141f57dbe4df3f07eb00b58297112e91  -

salix:/tmp/xcfbug% xcf2pnm -b black -C djuras_white.xcf ekon |md5sum 
141f57dbe4df3f07eb00b58297112e91  -

salix:/tmp/xcfbug% xcf2pnm -b black -C djuras_white_bigcanvas.xcf eniro |md5sum
95a6ef319b81ae9f552b6f0ef3c164d9  -

salix:/tmp/xcfbug% xcf2pnm -b black -C djuras_white.xcf eniro |md5sum 
xcf2pnm: Out of memory
d41d8cd98f00b204e9800998ecf8427e  -
zsh: exit 127   xcf2pnm -b black -C djuras_white.xcf eniro | 
zsh: done       md5sum

salix:/tmp/xcfbug% valgrind -q xcf2pnm -b black -C djuras_white.xcf eniro |md5sum
==2403== Warning: silly arg (-1794832372) to malloc()
xcf2pnm: Out of memory
d41d8cd98f00b204e9800998ecf8427e  -
zsh: exit 127   valgrind -q xcf2pnm -b black -C djuras_white.xcf eniro | 
zsh: done       md5sum
salix:/tmp/xcfbug% 

I'd really appreciate a fix. I could try debugging it myself, but I have a
feeling someone else (e.g. the upstream author) who knows XXF better can
succeed in an hour or so.

regards,
Jörgen

-- System Information:
Debian Release: 5.0.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26.7 (PREEMPT)
Locale: LANG=sv_SE, LC_CTYPE=sv_SE (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash

Versions of packages xcftools depends on:
ii  libc6                    2.7-18          GNU C Library: Shared libraries
ii  libpng12-0               1.2.27-2+lenny2 PNG library - runtime

Versions of packages xcftools recommends:
pn  feh | gimageview | gqview | i <none>     (no description available)
ii  mime-support                  3.44-1     MIME files 'mime.types' & 'mailcap
ii  x11-common                    1:7.3+18   X Window System (X.Org) infrastruc

Versions of packages xcftools suggests:
ii  gimp                          2.4.7-1    The GNU Image Manipulation Program

-- no debconf information
[djuras_white.xcf.gz (application/x-gzip, attachment)]
[djuras_white_bigcanvas.xcf.gz (application/x-gzip, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#533361; Package xcftools. (Thu, 18 Jun 2009 23:30:10 GMT) Full text and rfc822 format available.

Acknowledgement sent to Henning Makholm <henning@makholm.net>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>. (Thu, 18 Jun 2009 23:30:10 GMT) Full text and rfc822 format available.

Message #10 received at 533361@bugs.debian.org (full text, mbox):

From: Henning Makholm <henning@makholm.net>
To: 533361@bugs.debian.org
Cc: control@bugs.debian.org
Subject: xcftools: 'xcf2pnm -C ... layer' crashes on some valid XCF files
Date: Fri, 19 Jun 2009 01:27:49 +0200
[Message part 1 (text/plain, inline)]
tags 533361 patch security
thanks

Upstream auhor of xcftools here.
Thanks for this bug report.

There is indeed a possible buffer overflow when the converted part of
the image extends above or to the left of the canvas. It was caused by
me foolishly assuming that C's modulus operator bevhaves sanely on
negative numbers.

A patch that ought to fix this is attached.
Jörgen, can you check whether this does fix your problem?
If so, I'll release a fixed version as 1.0.5 asap.

I don't THINK we need to go into a full-tilt security panic for this
one. Yes, the stack gets overwritten, but only if the -C or -O options
are used to shift the origin. Therefore, in order to mount an attack
one not only has to trick the victim into converting an appropriately
crafted image, but also to use one of these "advanced" options.
I'll tag it "security" nonetheless, so that others get a chance
to weigh in.

-- 
Henning Makholm                   "We will discuss your youth another time."
[533361.patch (text/x-diff, attachment)]

Tags added: patch, security Request was from Henning Makholm <henning@makholm.net> to control@bugs.debian.org. (Thu, 18 Jun 2009 23:30:17 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#533361; Package xcftools. (Thu, 25 Jun 2009 16:42:20 GMT) Full text and rfc822 format available.

Acknowledgement sent to Giuseppe Iuculano <giuseppe@iuculano.it>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>. (Thu, 25 Jun 2009 16:42:20 GMT) Full text and rfc822 format available.

Message #17 received at 533361@bugs.debian.org (full text, mbox):

From: Giuseppe Iuculano <giuseppe@iuculano.it>
To: 533361@bugs.debian.org
Cc: control@bugs.debian.org
Subject: got a CVE id
Date: Thu, 25 Jun 2009 18:23:08 +0200
[Message part 1 (text/plain, inline)]
severity 533361 serious
thanks

Hi,

this issue got a CVE id:

CVE-2009-2175[0]:
| Stack-based buffer overflow in the flattenIncrementally function in
| flatten.c in xcftools 1.0.4, as reachable from the (1) xcf2pnm and (2)
| xcf2png utilities, allows remote attackers to cause a denial of
| service (crash) and possibly execute arbitrary code via a crafted
| image that causes a consersion to a location "above or to the left of
| the canvas." NOTE: some of these details are obtained from third party
| information.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2175
    http://security-tracker.debian.net/tracker/CVE-2009-2175

Cheers,
Giuseppe.

[signature.asc (application/pgp-signature, attachment)]

Severity set to `serious' from `important' Request was from Giuseppe Iuculano <giuseppe@iuculano.it> to control@bugs.debian.org. (Thu, 25 Jun 2009 16:42:21 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#533361; Package xcftools. (Thu, 25 Jun 2009 20:21:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jörgen Grahn <grahn@snipabacken.se>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>. (Thu, 25 Jun 2009 20:21:02 GMT) Full text and rfc822 format available.

Message #24 received at 533361@bugs.debian.org (full text, mbox):

From: Jörgen Grahn <grahn@snipabacken.se>
To: 533361@bugs.debian.org
Subject: Henning's patch tested, and kind of working
Date: Thu, 25 Jun 2009 22:19:58 +0200
[Message part 1 (text/plain, inline)]
Henning, sorry for not replying earlier -- I somehow believed the BTS
would Cc: me on everything, and didn't check the web interface until
today.

I tested your patch 533361.patch posted on the 19th, and of course it
fixed the crash (on amd64 and ppc) for both the test data attached to
the bug, and for my real data. Thanks for the quick response!

However, the resulting image still looks strange. I have attached yet
another example.

    salix:/tmp/xcfbug% xcfinfo debian-logo.xcf
    Version 0, 10x10 RGB color, 3 layers, compressed RLE
    + 48x48-18-18 RGB-alpha Normal L3
    + 48x48-18-18 RGB-alpha Normal L2
    + 48x48-18-18 RGB-alpha Normal L1
    salix:/tmp/xcfbug% xcf2png -b white -C debian-logo.xcf L2 > L2.png

At first I expected L2.png to contain only the visible 10x10 center
part of layer L2. Then I reread the man page and realized that -C was
documented as the other way around.

What L2.png actually contains is the 10x10 canvas-visible part and
everything to the south and east of that. The rest is clipped, i.e.
filled -b white. I have other examples where *parts* of the layer
to the N and W of the canvas are retained, while others are filled
with the background color.

This *feels* like a bug. But I won't insist, since (a) it's not clear
which behavior a user would want in this case and (b) the
documentation for -C only talks about *cropping* to the layers, not
*expanding*.

Also, for me personally, this doesn't matter because now that xcf2pnm
no longer crashes, I can see that I do not want the -C effect. I want
my layers clipped to the canvas, just like xcf2pnm does by default.

many thanks,
/Jörgen

-- 
  // Jörgen Grahn                  | mot du jour: TRIAL SEPARATION    
\X/ <grahn@snipabacken.se>         |                                  
[debian-logo.xcf (application/x-xcf, attachment)]
[L2.png (image/png, attachment)]
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#533361; Package xcftools. (Mon, 29 Jun 2009 22:30:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Henning Makholm <henning@makholm.net>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>. (Mon, 29 Jun 2009 22:30:06 GMT) Full text and rfc822 format available.

Message #29 received at 533361@bugs.debian.org (full text, mbox):

From: Henning Makholm <henning@makholm.net>
To: Jörgen Grahn <grahn@snipabacken.se>
Cc: 533361@bugs.debian.org
Subject: Re: [grahn: Henning's patch tested, and kind of working]
Date: Tue, 30 Jun 2009 00:28:16 +0200
[Message part 1 (text/plain, inline)]
Scripsit Jörgen Grahn

> Just in case you too do not get mail notifications whenever a Debian
> bug gets updated.  I wrote this:

Oops, thanks for the heads-up. I meant to subscribe to the PTS for
xcftools, but never got it done after I resigned as a Debian dev a
couple of months ago.

> Henning, sorry for not replying earlier -- I somehow believed the BTS
> would Cc: me on everything, and didn't check the web interface until
> today.

I thought that too -- otherwise I'd have Cc'ed you directly.

> However, the resulting image still looks strange.
...
> What L2.png actually contains is the 10x10 canvas-visible part and
> everything to the south and east of that. The rest is clipped, i.e.
> filled -b white.

Yes, this is a bug. There were a few more places where I had stored
canvas-based coordinates in unsigned variables. Embarassing.

The attached patch ought to fix fixed all known cases. It is based on
the clean 1.0.4 source.

I don't think any of the newly fixed places are security
relevant. They just cause parts of the source image to be ignored, or
in certain cases wrong pixels to be read. So if someone does a
security upload to lenny, the previous patch is probably the least
invasive one to use.

I plan to release 1.0.5 with the fixes Thursday or Friday -- other
stuff gets in the way until then.

> Also, for me personally, this doesn't matter because now that xcf2pnm
> no longer crashes, I can see that I do not want the -C effect. I want
> my layers clipped to the canvas, just like xcf2pnm does by default.

I will try to think of improvements to the wording of the manpage such
that others will not be similarly confused. Suggestions welcome.

-- 
Henning Makholm                         "Al lykken er i ét ord: Overvægtig!"
[533361b.patch (text/x-diff, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#533361; Package xcftools. (Fri, 03 Jul 2009 00:57:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Henning Makholm <henning@makholm.net>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>. (Fri, 03 Jul 2009 00:57:04 GMT) Full text and rfc822 format available.

Message #34 received at 533361@bugs.debian.org (full text, mbox):

From: Henning Makholm <henning@makholm.net>
To: 533361@bugs.debian.org, control@bugs.debian.org
Cc: Jörgen Grahn <grahn@snipabacken.se>
Subject: Xcftools 1.0.5 fixes #533361 and other bugs
Date: Fri, 3 Jul 2009 02:55:12 +0200
tags 533361 + fixed-upstream
thanks

This bug, and a few minor other ones, are fixed in a new upstream
version, 1.0.5. See release announcement at
http://blog.henning.makholm.net/2009/07/xcftools-105-security-fix-release.html
and new tarball at http://henning.makholm.net/xcftools/xcftools-1.0.5.tar.gz

-- 
Henning Makholm




Tags added: fixed-upstream Request was from Henning Makholm <henning@makholm.net> to control@bugs.debian.org. (Fri, 03 Jul 2009 00:57:05 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#533361; Package xcftools. (Fri, 03 Jul 2009 11:24:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jan Hauke Rahm <info@jhr-online.de>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>. (Fri, 03 Jul 2009 11:24:02 GMT) Full text and rfc822 format available.

Message #41 received at 533361@bugs.debian.org (full text, mbox):

From: Jan Hauke Rahm <info@jhr-online.de>
To: Henning Makholm <henning@makholm.net>, 533361@bugs.debian.org
Cc: Jörgen Grahn <grahn@snipabacken.se>, debian-qa@lists.debian.org
Subject: Re: Bug#533361: Xcftools 1.0.5 fixes #533361 and other bugs
Date: Fri, 3 Jul 2009 13:20:51 +0200
[Message part 1 (text/plain, inline)]
On Fri, Jul 03, 2009 at 02:55:12AM +0200, Henning Makholm wrote:
> This bug, and a few minor other ones, are fixed in a new upstream
> version, 1.0.5. See release announcement at
> http://blog.henning.makholm.net/2009/07/xcftools-105-security-fix-release.html
> and new tarball at http://henning.makholm.net/xcftools/xcftools-1.0.5.tar.gz

Good, I've prepared a QA upload to fix this serious bug. CC'ing
debian-qa to get attention of possible sponsors.

http://mentors.debian.net/debian/pool/main/x/xcftools/xcftools_1.0.5-1.dsc

Cheers,
Hauke
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#533361; Package xcftools. (Fri, 03 Jul 2009 11:30:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Henning Makholm <henning@makholm.net>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>. (Fri, 03 Jul 2009 11:30:06 GMT) Full text and rfc822 format available.

Message #46 received at 533361@bugs.debian.org (full text, mbox):

From: Henning Makholm <henning@makholm.net>
To: Jan Hauke Rahm <info@jhr-online.de>
Cc: 533361@bugs.debian.org, Jörgen Grahn <grahn@snipabacken.se>, debian-qa@lists.debian.org
Subject: Re: Bug#533361: Xcftools 1.0.5 fixes #533361 and other bugs
Date: Fri, 3 Jul 2009 13:26:16 +0200
> Good, I've prepared a QA upload to fix this serious bug. CC'ing
> debian-qa to get attention of possible sponsors.

> http://mentors.debian.net/debian/pool/main/x/xcftools/xcftools_1.0.5-1.dsc

Oops, hold that thought. There's already an 1.0.6, upstream source at
http://henning.makholm.net/xcftools/

It fixes two completely unrelated bugs that I ran into mere hours
after releasing 1.0.5. It also changes license terms from GPL2 to
Publid Domain.

Such flurry of activity after 2+ years of stasis ...

Thanks, Jan, for taking hand of this.

-- 
Henning Makholm                     "The practical reason for continuing our
                                  system is the same as the practical reason
                          for continuing anything: It works satisfactorily."




Information forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#533361; Package xcftools. (Fri, 03 Jul 2009 20:45:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Henning Makholm <henning@makholm.net>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>. (Fri, 03 Jul 2009 20:45:05 GMT) Full text and rfc822 format available.

Message #51 received at 533361@bugs.debian.org (full text, mbox):

From: Henning Makholm <henning@makholm.net>
To: Jan Hauke Rahm <info@jhr-online.de>
Cc: 533361@bugs.debian.org
Subject: Re: Bug#533361: Xcftools 1.0.5 fixes #533361 and other bugs
Date: Fri, 3 Jul 2009 22:38:38 +0200
[Message part 1 (text/plain, inline)]
Scripsit Jan Hauke Rahm

> Now, if you would like to do me a big favour, you could send me a patch
> (as small as possible) for the security bug found in 1.0.4.

Here is an absolutely minimal patch that fixes only the security issue.

-- 
Henning Makholm       "It was intended to compile from some approximation to
                 the M-notation, but the M-notation was never fully defined,
                because representing LISP functions by LISP lists became the
 dominant programming language when the interpreter later became available."
[533361-minimal.patch (text/x-diff, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#533361; Package xcftools. (Fri, 03 Jul 2009 20:48:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jan Hauke Rahm <info@jhr-online.de>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>. (Fri, 03 Jul 2009 20:48:08 GMT) Full text and rfc822 format available.

Message #56 received at 533361@bugs.debian.org (full text, mbox):

From: Jan Hauke Rahm <info@jhr-online.de>
To: Henning Makholm <henning@makholm.net>
Cc: 533361@bugs.debian.org
Subject: Re: Bug#533361: Xcftools 1.0.5 fixes #533361 and other bugs
Date: Fri, 3 Jul 2009 22:43:58 +0200
[Message part 1 (text/plain, inline)]
On Fri, Jul 03, 2009 at 10:38:38PM +0200, Henning Makholm wrote:
> Scripsit Jan Hauke Rahm
> 
> > Now, if you would like to do me a big favour, you could send me a patch
> > (as small as possible) for the security bug found in 1.0.4.
> 
> Here is an absolutely minimal patch that fixes only the security issue.

Wow, that was fast. Thank you very much! I'll prepare a package for
stable and oldstable hopefully tomorrow is the security team doesn't do
it before I come to it... :)

Hauke
[signature.asc (application/pgp-signature, inline)]

Reply sent to Jan Hauke Rahm <info@jhr-online.de>:
You have taken responsibility. (Mon, 06 Jul 2009 20:24:05 GMT) Full text and rfc822 format available.

Notification sent to Jorgen Grahn <grahn+src@snipabacken.se>:
Bug acknowledged by developer. (Mon, 06 Jul 2009 20:24:05 GMT) Full text and rfc822 format available.

Message #61 received at 533361-close@bugs.debian.org (full text, mbox):

From: Jan Hauke Rahm <info@jhr-online.de>
To: 533361-close@bugs.debian.org
Subject: Bug#533361: fixed in xcftools 1.0.4-1+lenny1
Date: Mon, 06 Jul 2009 19:54:46 +0000
Source: xcftools
Source-Version: 1.0.4-1+lenny1

We believe that the bug you reported is fixed in the latest version of
xcftools, which is due to be installed in the Debian FTP archive:

xcftools_1.0.4-1+lenny1.diff.gz
  to pool/main/x/xcftools/xcftools_1.0.4-1+lenny1.diff.gz
xcftools_1.0.4-1+lenny1.dsc
  to pool/main/x/xcftools/xcftools_1.0.4-1+lenny1.dsc
xcftools_1.0.4-1+lenny1_amd64.deb
  to pool/main/x/xcftools/xcftools_1.0.4-1+lenny1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 533361@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jan Hauke Rahm <info@jhr-online.de> (supplier of updated xcftools package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 06 Jul 2009 13:55:00 +0200
Source: xcftools
Binary: xcftools
Architecture: source amd64
Version: 1.0.4-1+lenny1
Distribution: stable
Urgency: high
Maintainer: Henning Makholm <henning@makholm.net>
Changed-By: Jan Hauke Rahm <info@jhr-online.de>
Description: 
 xcftools   - command-line tools for extracting data for XCF files
Closes: 533361
Changes: 
 xcftools (1.0.4-1+lenny1) stable; urgency=high
 .
   * QA upload.
   * Fix "'xcf2pnm -C ... layer' crashes on some valid XCF files", thanks
     Henning Makholm (upstream) (Closes: #533361, CVE-2009-2175)
Checksums-Sha1: 
 8fcd2fb4afc48e0a7bef8a944da323026e3ec75e 1031 xcftools_1.0.4-1+lenny1.dsc
 67b07af232926b99238ddeac73e1cf4917787224 8608 xcftools_1.0.4-1+lenny1.diff.gz
 41bad844aa140ce957b9d28a7c50c9bf6e738f7c 99102 xcftools_1.0.4-1+lenny1_amd64.deb
Checksums-Sha256: 
 58b83be25f1e552cdcb8cb9c1db0ebe344df34e8a9cd705daac16b63b33977ea 1031 xcftools_1.0.4-1+lenny1.dsc
 e827deba9e82de9725f1311f40f6bbb2c63bee5b270994da1df549c111c7240d 8608 xcftools_1.0.4-1+lenny1.diff.gz
 a157fd3a99b86c3c1770c89127d9e91cc8089fb2c376d0f924e43f1ce22ff79d 99102 xcftools_1.0.4-1+lenny1_amd64.deb
Files: 
 b74ec80118df05975ad5650b7b3504cb 1031 graphics optional xcftools_1.0.4-1+lenny1.dsc
 07962e901b71169bc334b03212e78737 8608 graphics optional xcftools_1.0.4-1+lenny1.diff.gz
 e962f6c4dab4e867eab7aa1c0aa6ae10 99102 graphics optional xcftools_1.0.4-1+lenny1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkpSB2UACgkQeGfVPHR5Nd1YWgCfcjL34B4s8RSmfpUUUpgNbJ8+
+TUAnRgGaWhwTFNKtFtdrV+cLSGJyRqs
=iaWk
-----END PGP SIGNATURE-----





Reply sent to Jan Hauke Rahm <info@jhr-online.de>:
You have taken responsibility. (Tue, 14 Jul 2009 20:06:11 GMT) Full text and rfc822 format available.

Notification sent to Jorgen Grahn <grahn+src@snipabacken.se>:
Bug acknowledged by developer. (Tue, 14 Jul 2009 20:06:12 GMT) Full text and rfc822 format available.

Message #66 received at 533361-close@bugs.debian.org (full text, mbox):

From: Jan Hauke Rahm <info@jhr-online.de>
To: 533361-close@bugs.debian.org
Subject: Bug#533361: fixed in xcftools 1.0.7-1
Date: Tue, 14 Jul 2009 19:32:38 +0000
Source: xcftools
Source-Version: 1.0.7-1

We believe that the bug you reported is fixed in the latest version of
xcftools, which is due to be installed in the Debian FTP archive:

xcftools_1.0.7-1.diff.gz
  to pool/main/x/xcftools/xcftools_1.0.7-1.diff.gz
xcftools_1.0.7-1.dsc
  to pool/main/x/xcftools/xcftools_1.0.7-1.dsc
xcftools_1.0.7-1_i386.deb
  to pool/main/x/xcftools/xcftools_1.0.7-1_i386.deb
xcftools_1.0.7.orig.tar.gz
  to pool/main/x/xcftools/xcftools_1.0.7.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 533361@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jan Hauke Rahm <info@jhr-online.de> (supplier of updated xcftools package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 14 Jul 2009 17:02:09 +0200
Source: xcftools
Binary: xcftools
Architecture: source i386
Version: 1.0.7-1
Distribution: unstable
Urgency: high
Maintainer: Jan Hauke Rahm <info@jhr-online.de>
Changed-By: Jan Hauke Rahm <info@jhr-online.de>
Description: 
 xcftools   - command-line tools for extracting data for XCF files
Closes: 525920 533361
Changes: 
 xcftools (1.0.7-1) unstable; urgency=high
 .
   * Adopted (Closes: #525920)
     + with urgency=high for the security issue
     + with new debian/copyright according to upstream's relicensing
   * New upstream release (1.0.7)
     + Fix GPL-to-PD transition: missed copyright blurb in online banner.
   * IMPORTANT CHANGE: xcfview is rewritten to use xdg-utils in order to find
     an image viewer instead of parsing /etc/mailcap on its own
 .
   * New upstream release (1.0.6)
     + Change licensing from GPL-2 to PD.
     + Fix bug: A layer without an alpha channel bug with an active layer mask
       was wrongly considered to obscure all lower layers.
     + Fix bug: xcf2pnm would guess PBM as the output format even if the
       background was explicitly set to an intermediate gray, or if -T might
       produce grays.
 .
   * New upstream release (1.0.5)
     + Fix various bugs if extracted part of image contains pixels with
       negative canvas-based coordinates. Thanks Jörgen Grahn (Closes: #533361,
       CVE-2009-2175)
     + Minor manpage fixes; -C description should be less confusing now.
     + $(DESTDIR) honored in Makefile's install target
   * Use quilt for patches
   * Bump standards-version: 3.8.2
   * Added debian/watch
   * Switched to debhelper 7
   * debian/control: Reorganized Recommends and Suggests
Checksums-Sha1: 
 2c686b29d2137f732d941b849d7aac5501c61202 1650 xcftools_1.0.7-1.dsc
 3c3cf07ad6183605a3febf5a8af9f2bd4cb4ef83 273455 xcftools_1.0.7.orig.tar.gz
 994a280a3d4cc5fd7cc9d974b7ecfaa636830d49 6925 xcftools_1.0.7-1.diff.gz
 d094d30bbf0f3638fe13a2d97ebd7a0387d5b81f 91082 xcftools_1.0.7-1_i386.deb
Checksums-Sha256: 
 86bc5d158a988b91e7fe340771ff1f7838ba8d545ad945d8670091a40dc0196d 1650 xcftools_1.0.7-1.dsc
 1ebf6d8405348600bc551712d9e4f7c33cc83e416804709f68d0700afde920a6 273455 xcftools_1.0.7.orig.tar.gz
 8f7225aaced1fa6ee5982b7a3c7afd68ea714e249f1d2db8fce0cf1964349787 6925 xcftools_1.0.7-1.diff.gz
 5e3e5df4b3f85a6d9e4837dc96c9fc67c21e1315dfcc1a76f6614bd24b12b12e 91082 xcftools_1.0.7-1_i386.deb
Files: 
 6acd733059f3a2bb4b5a3b4f7b700239 1650 graphics optional xcftools_1.0.7-1.dsc
 fd960b6470fb23520fc4b1ade6cf6e25 273455 graphics optional xcftools_1.0.7.orig.tar.gz
 873f68d4b99c550f850e61bc32637e12 6925 graphics optional xcftools_1.0.7-1.diff.gz
 2ad54a1ec9e6983f39a8d7dd1fab2841 91082 graphics optional xcftools_1.0.7-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQIcBAEBAgAGBQJKXNsFAAoJEBxXDIkOS9CrP2IP/Rn+wBx/xouOK3pz7cMpg2aY
G4HI07ip1BLKxqgY6DnJqk7+PShPBjHS+MKx24V0wkyj734cfz6plLc/LmSR5k/R
JIEXrG5mQa6q3G4qBQzmFWCkyM/KHQbFja1BYMWWH7HHmd+eJ82D2Hiv+EuKybVG
kxEfkfquBY8CYhdQaoJHbq6ASgwKWYLpH2UKhgY0vbBi5Hn1kKE2oE+a5Z2DDOdz
ysukrFxxBp3vEb8BKhGHggf1fwChiDszWC9Lnc/ugW3R3dd5FRUoZScVImfBV4lD
1IzypcL/IWmVCXpOJMezG7IryT/3R8SuZkf5Klv5XYwFXBKCOAuRlZC4Rma/g/iN
stHLRlUhixMF/bZdnyXadnc2oEd37mKtc8Yg4ZzK7x49qjow94DtniDARTqIuVYs
Roy7f+9oha9LwpP7bB/v9KNAcyXrYYBDujWiMxfrC7Inkq+UJGKBpcVHnVF2gCoo
Okkq7PvYjbEtBqewlbFGGXP0NnDAoM1fkdRiNSgBNlVbUsUqSavHDZ9rVy9mYI2M
6ugYGVFJQ1sNN7wSUuLPb1eWAedsXRzalNyx8V7+DHyvbKxpRMOAwkb6tzh/lNfx
lTL7s734LbM+q6AIreHObeSWZ3CK9/JmZk/0N1J26pqMuyOJjV0pybosauof58G3
Npcs2HqHUNA0JqB5jEjb
=czGz
-----END PGP SIGNATURE-----





Reply sent to Jan Hauke Rahm <info@jhr-online.de>:
You have taken responsibility. (Fri, 04 Sep 2009 19:21:21 GMT) Full text and rfc822 format available.

Notification sent to Jorgen Grahn <grahn+src@snipabacken.se>:
Bug acknowledged by developer. (Fri, 04 Sep 2009 19:21:21 GMT) Full text and rfc822 format available.

Message #71 received at 533361-close@bugs.debian.org (full text, mbox):

From: Jan Hauke Rahm <info@jhr-online.de>
To: 533361-close@bugs.debian.org
Subject: Bug#533361: fixed in xcftools 1.0.4-1+lenny1
Date: Fri, 04 Sep 2009 18:33:06 +0000
Source: xcftools
Source-Version: 1.0.4-1+lenny1

We believe that the bug you reported is fixed in the latest version of
xcftools, which is due to be installed in the Debian FTP archive:

xcftools_1.0.4-1+lenny1.diff.gz
  to pool/main/x/xcftools/xcftools_1.0.4-1+lenny1.diff.gz
xcftools_1.0.4-1+lenny1.dsc
  to pool/main/x/xcftools/xcftools_1.0.4-1+lenny1.dsc
xcftools_1.0.4-1+lenny1_amd64.deb
  to pool/main/x/xcftools/xcftools_1.0.4-1+lenny1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 533361@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jan Hauke Rahm <info@jhr-online.de> (supplier of updated xcftools package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 06 Jul 2009 13:55:00 +0200
Source: xcftools
Binary: xcftools
Architecture: source amd64
Version: 1.0.4-1+lenny1
Distribution: stable
Urgency: high
Maintainer: Henning Makholm <henning@makholm.net>
Changed-By: Jan Hauke Rahm <info@jhr-online.de>
Description: 
 xcftools   - command-line tools for extracting data for XCF files
Closes: 533361
Changes: 
 xcftools (1.0.4-1+lenny1) stable; urgency=high
 .
   * QA upload.
   * Fix "'xcf2pnm -C ... layer' crashes on some valid XCF files", thanks
     Henning Makholm (upstream) (Closes: #533361, CVE-2009-2175)
Checksums-Sha1: 
 8fcd2fb4afc48e0a7bef8a944da323026e3ec75e 1031 xcftools_1.0.4-1+lenny1.dsc
 67b07af232926b99238ddeac73e1cf4917787224 8608 xcftools_1.0.4-1+lenny1.diff.gz
 41bad844aa140ce957b9d28a7c50c9bf6e738f7c 99102 xcftools_1.0.4-1+lenny1_amd64.deb
Checksums-Sha256: 
 58b83be25f1e552cdcb8cb9c1db0ebe344df34e8a9cd705daac16b63b33977ea 1031 xcftools_1.0.4-1+lenny1.dsc
 e827deba9e82de9725f1311f40f6bbb2c63bee5b270994da1df549c111c7240d 8608 xcftools_1.0.4-1+lenny1.diff.gz
 a157fd3a99b86c3c1770c89127d9e91cc8089fb2c376d0f924e43f1ce22ff79d 99102 xcftools_1.0.4-1+lenny1_amd64.deb
Files: 
 b74ec80118df05975ad5650b7b3504cb 1031 graphics optional xcftools_1.0.4-1+lenny1.dsc
 07962e901b71169bc334b03212e78737 8608 graphics optional xcftools_1.0.4-1+lenny1.diff.gz
 e962f6c4dab4e867eab7aa1c0aa6ae10 99102 graphics optional xcftools_1.0.4-1+lenny1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkpSB2UACgkQeGfVPHR5Nd1YWgCfcjL34B4s8RSmfpUUUpgNbJ8+
+TUAnRgGaWhwTFNKtFtdrV+cLSGJyRqs
=iaWk
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 03 Oct 2009 07:41:49 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Mon Apr 21 12:30:54 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.