Bug 169963 - [PATCH] update graphics/libjpeg-turbo: update to 1.2.1
[PATCH] update graphics/libjpeg-turbo: update to 1.2.1
Status: Closed FIXED
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s)
Latest
Any Any
: Normal Affects Only Me
Assigned To: Carlo Strub
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-07-18 09:50 UTC by bytestore
Modified: 2012-08-03 08:10 UTC (History)
0 users

See Also:


Attachments
file.diff (130 bytes, patch)
2012-07-18 09:50 UTC, bytestore
no flags Details | Diff
patch.txt (288 bytes, TEXT/PLAIN)
2012-07-19 07:26 UTC, bytestore
no flags Details
libjpeg-turbo.shar (3.91 KB, application/octet-stream)
2012-07-24 09:38 UTC, bytestore
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description bytestore 2012-07-18 09:50:11 UTC
A Heap-based buffer overflow was found in the way libjpeg-turbo
decompressed certain corrupt JPEG images in which the component count
was erroneously set to a large value. An attacker could create a
specially-crafted JPEG image that, when opened, could cause an
application using libpng to crash or, possibly, execute arbitrary code
with the privileges of the user running the application.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=826849
http://libjpeg-turbo.svn.sourceforge.net/viewvc/libjpeg-turbo?view=revision&revision=830
This issue has been assigned CVE-2012-2806.

Upstream release of libjpeg-turbo-1.2.1 resolves this issue.

Thanx to Huzaifa Sidhpurwala / Red Hat Security Response Team

Fix: update to libjpeg-turbo-1.2.1

Patch attached with submission follows:
Comment 1 Edwin Groothuis freebsd_committer 2012-07-18 09:50:28 UTC
Class Changed
From-To: update->maintainer-update

Fix category (submitter is maintainer) (via the GNATS Auto Assign Tool)
Comment 2 Carlo Strub freebsd_committer 2012-07-18 20:47:06 UTC
State Changed
From-To: open->feedback

Where is the patch? Something is missing here.
Comment 3 dfilter freebsd_committer 2012-07-18 21:28:57 UTC
Author: cs
Date: Wed Jul 18 20:28:47 2012
New Revision: 301124
URL: http://svn.freebsd.org/changeset/ports/301124

Log:
  Document buffer overflow in jpeg-turbo
  
  PR:		ports/169963
  Submitted by:	Denis E Podolskiy <bytestore@yandex.ru>
  Security:	CVE-2012-2806

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Wed Jul 18 20:26:20 2012	(r301123)
+++ head/security/vuxml/vuln.xml	Wed Jul 18 20:28:47 2012	(r301124)
@@ -52,6 +52,41 @@ Note:  Please add new entries to the beg
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="a460035e-d111-11e1-aff7-001fd056c417">
+    <topic>libjpeg-turbo -- heap-based buffer overflow</topic>
+    <affects>
+      <package>
+	<name>libjpeg-turbo</name>
+	<range><lt>1.2.0</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<blockquote cite="http://sourceforge.net/projects/libjpeg-turbo/files/1.2.1/README.txt">
+	  <p>The Changelog for version 1.2.1 says: Fixed a regression caused by
+	  1.2.0[6] in which decompressing corrupt JPEG images (specifically,
+	  images in which the component count was erroneously set to a large
+	  value) would cause libjpeg-turbo to segfault.</p>
+	</blockquote>
+	<blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=826849">
+	  <p>A Heap-based buffer overflow was found in the way libjpeg-turbo
+	  decompressed certain corrupt JPEG images in which the component count
+	  was erroneously set to a large value. An attacker could create a
+	  specially-crafted JPEG image that, when opened, could cause an
+	  application using libpng to crash or, possibly, execute arbitrary code
+	  with the privileges of the user running the application.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+    <cvename>CVE-2012-2806</cvename>
+    </references>
+    <dates>
+      <discovery>2012-05-31</discovery>
+      <entry>2012-07-18</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="2fe4b57f-d110-11e1-ac76-10bf48230856">
     <topic>Dokuwiki -- cross site scripting vulnerability</topic>
     <affects>
_______________________________________________
svn-ports-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-ports-all
To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
Comment 4 bytestore 2012-07-19 07:26:33 UTC
cFo> Where is the patch? Something is missing here.
There was a failure when loading, here a patch once again
Comment 5 Carlo Strub freebsd_committer 2012-07-19 08:29:58 UTC
Responsible Changed
From-To: freebsd-ports-bugs->cs

I'll take it.
Comment 6 bytestore 2012-07-24 09:38:22 UTC
Tested in redports and portlint fine.
Comment 7 dfilter freebsd_committer 2012-08-03 08:04:10 UTC
Author: cs
Date: Fri Aug  3 07:03:55 2012
New Revision: 301942
URL: http://svn.freebsd.org/changeset/ports/301942

Log:
  Update to 1.2.1
  
  PR:		ports/169963
  Submitted by:	Denis E Podolskiy <bytestore@yandex.ru>

Modified:
  head/graphics/libjpeg-turbo/Makefile
  head/graphics/libjpeg-turbo/distinfo

Modified: head/graphics/libjpeg-turbo/Makefile
==============================================================================
--- head/graphics/libjpeg-turbo/Makefile	Fri Aug  3 06:57:00 2012	(r301941)
+++ head/graphics/libjpeg-turbo/Makefile	Fri Aug  3 07:03:55 2012	(r301942)
@@ -6,8 +6,7 @@
 #
 
 PORTNAME=	libjpeg-turbo
-PORTVERSION=	1.2.0
-PORTREVISION=	1
+PORTVERSION=	1.2.1
 CATEGORIES=	graphics
 MASTER_SITES=	SF/${PORTNAME}/${PORTVERSION}
 

Modified: head/graphics/libjpeg-turbo/distinfo
==============================================================================
--- head/graphics/libjpeg-turbo/distinfo	Fri Aug  3 06:57:00 2012	(r301941)
+++ head/graphics/libjpeg-turbo/distinfo	Fri Aug  3 07:03:55 2012	(r301942)
@@ -1,2 +1,2 @@
-SHA256 (libjpeg-turbo-1.2.0.tar.gz) = 629db2a9b1295a1b0e5fa8dddda36c5da61a90536bef8295e0b209cbcd50f98e
-SIZE (libjpeg-turbo-1.2.0.tar.gz) = 1752925
+SHA256 (libjpeg-turbo-1.2.1.tar.gz) = cb3323f054a02cedad193bd0ca418d46934447f995d19e678ea64f78e4903770
+SIZE (libjpeg-turbo-1.2.1.tar.gz) = 1755264
_______________________________________________
svn-ports-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-ports-all
To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
Comment 8 Carlo Strub freebsd_committer 2012-08-03 08:04:19 UTC
State Changed
From-To: feedback->closed

Committed. Thank you very much.