http://www.ocert.org/advisories/ocert-2015-006.html
Created attachment 157240 [details] Tentative patch for dcraw issue in graphics/rawstudio For maintainer review, Per http://rawstudio.org/files/release/, no releases have been out since 2011. As such, patch attached for review that will fix the issue locally. Change log summary: - Apply "Avoid overflow in ljpeg_start()" from upstream git 983bda1f commit Ref: https://github.com/rawstudio/rawstudio/commit/983bda1f0fa5fa86884381208274198a620f006e TODO Items: Finish Poudriere tests on all release and post logs (running now... I will post tomorrow) Update vuxml entry for dcraw (I will post tomorrow)
Created attachment 157270 [details] Poudriere Build Logs from 10.1-RELEASE-p10 amd64 Also build tested on all supported releases: 8.4-RELEASE-p28 amd64 8.4-RELEASE-p28 i386 9.3-RELEASE-p14 amd64 9.3-RELEASE-p14 i386 10.1-RELEASE-p10 amd64 10.1-RELEASE-p10 i386 11.0-CURRENT r282869 amd64 11.0-CURRENT r282869 i386
Created attachment 157271 [details] security/vuxml update for existing dcraw entry # # Syntax validation # # make validate /bin/sh /usr/ports/security/vuxml/files/tidy.sh "/usr/ports/security/vuxml/files/tidy.xsl" "/usr/ports/security/vuxml/vuln.xml" > "/usr/ports/security/vuxml/vuln.xml.tidy" >>> Validating... /usr/local/bin/xmllint --valid --noout /usr/ports/security/vuxml/vuln.xml >>> Successful. Checking if tidy differs... ... seems okay Checking for space/tab... ... seems okay /usr/local/bin/python2.7 /usr/ports/security/vuxml/files/extra-validation.py /usr/ports/security/vuxml/vuln.xml # # Pkg audit validation # # env PKG_DBDIR=/usr/ports/security/vuxml pkg audit rawstudio-2.0_10 rawstudio-2.0_10 is vulnerable: rawstudio and ufraw -- integer overflow condition WWW: http://vuxml.FreeBSD.org/freebsd/57325ecf-facc-11e4-968f-b888e347c638.html 1 problem(s) in the installed packages found. # env PKG_DBDIR=/usr/ports/security/vuxml pkg audit rawstudio-2.0_11 0 problem(s) in the installed packages found.
thank you for pr, please commit. maintainer.
Created attachment 157277 [details] security/vuxml update for existing dcraw entry One minor correction to security/vuxml entry: Fix <reference> section from original entry. Use <cvename> tag for consistency with other vuxml entries rather than <url> link to cve.mitre.org.
Assign ports-secteam@ to CC to take PR. Maintainer feedback + was provided in comment 4. Proposed changelog: - Apply vendor patch for "Avoid overflow in ljpeg_start()" (changeset 983bda1f) to prevent a denial of service (crash) via a crafted image PR: 200199 Obtained from: https://github.com/rawstudio/rawstudio/commit/983bda1f0fa5fa86884381208274198a620f006e Security: CVE-2015-3885 Security: 57325ecf-facc-11e4-968f-b888e347c638 Submitted by: Jason Unovitch <jason unovitch gmail com> Reported by: Sevan Janiyan <venture37 geeklan co uk>
(In reply to Jason Unovitch from comment #6) Reply to myself... forgot maintainer approval in commit log. Corrected below. Proposed changelog: - Apply vendor patch for "Avoid overflow in ljpeg_start()" (changeset 983bda1f) to prevent a denial of service (crash) via a crafted image PR: 200199 Obtained from: https://github.com/rawstudio/rawstudio/commit/983bda1f0fa5fa86884381208274198a620f006e Security: CVE-2015-3885 Security: 57325ecf-facc-11e4-968f-b888e347c638 Submitted by: Jason Unovitch <jason unovitch gmail com> Reported by: Sevan Janiyan <venture37 geeklan co uk> Approved by: samm os2 kiev ua (maintainer)
A commit references this bug: Author: delphij Date: Sun May 31 08:08:17 UTC 2015 New revision: 388050 URL: https://svnweb.freebsd.org/changeset/ports/388050 Log: Extend 57325ecf-facc-11e4-968f-b888e347c638 to cover rawstudio as well. PR: 200199 Submitted by: Jason Unovitch Changes: head/security/vuxml/vuln.xml
A commit references this bug: Author: delphij Date: Sun May 31 09:14:03 UTC 2015 New revision: 388051 URL: https://svnweb.freebsd.org/changeset/ports/388051 Log: Apply vendor patch for "Avoid overflow in ljpeg_start()" (changeset 983bda1f) to prevent a denial of service (crash) via a crafted image PR: 200199 Obtained from: https://github.com/rawstudio/rawstudio/commit/983bda1f0fa5fa86884381208274198a620f006e Security: CVE-2015-3885 Security: 57325ecf-facc-11e4-968f-b888e347c638 Submitted by: Jason Unovitch <jason unovitch gmail com> Reported by: Sevan Janiyan <venture37 geeklan co uk> Approved by: samm os2 kiev ua (maintainer) MFH: 2015Q2 Changes: head/graphics/rawstudio/Makefile head/graphics/rawstudio/files/patch-plugins_load-dcraw_dcraw.cc
Committed, thanks!
A commit references this bug: Author: delphij Date: Sun May 31 09:15:27 UTC 2015 New revision: 388052 URL: https://svnweb.freebsd.org/changeset/ports/388052 Log: MFH: r388051 Apply vendor patch for "Avoid overflow in ljpeg_start()" (changeset 983bda1f) to prevent a denial of service (crash) via a crafted image PR: 200199 Obtained from: https://github.com/rawstudio/rawstudio/commit/983bda1f0fa5fa86884381208274198a620f006e Security: CVE-2015-3885 Security: 57325ecf-facc-11e4-968f-b888e347c638 Submitted by: Jason Unovitch <jason unovitch gmail com> Reported by: Sevan Janiyan <venture37 geeklan co uk> Approved by: ports-secteam@ Changes: _U branches/2015Q2/ branches/2015Q2/graphics/rawstudio/Makefile branches/2015Q2/graphics/rawstudio/files/patch-plugins_load-dcraw_dcraw.cc