diff -Nru icoutils-0.31.0/debian/changelog icoutils-0.31.0/debian/changelog --- icoutils-0.31.0/debian/changelog 2017-01-19 18:37:07.000000000 +0000 +++ icoutils-0.31.0/debian/changelog 2017-03-13 14:51:13.000000000 +0000 @@ -1,8 +1,14 @@ -icoutils (0.31.0-2+deb8u2build0.14.04.1) trusty-security; urgency=medium +icoutils (0.31.0-2+deb8u3build0.14.04.1) trusty-security; urgency=medium * fake sync from Debian - -- Emily Ratliff Thu, 19 Jan 2017 12:37:07 -0600 + -- Tyler Hicks Mon, 13 Mar 2017 14:51:13 +0000 + +icoutils (0.31.0-2+deb8u3) jessie-security; urgency=medium + + * CVE-2017-6009 CVE-2017-6010 CVE-2017-6011 + + -- Moritz Mühlenhoff Fri, 10 Mar 2017 00:11:04 +0100 icoutils (0.31.0-2+deb8u2) jessie-security; urgency=high diff -Nru icoutils-0.31.0/debian/patches/CVE-2017-6009_CVE-2017-6010_CVE-2017-6011.patch icoutils-0.31.0/debian/patches/CVE-2017-6009_CVE-2017-6010_CVE-2017-6011.patch --- icoutils-0.31.0/debian/patches/CVE-2017-6009_CVE-2017-6010_CVE-2017-6011.patch 1970-01-01 00:00:00.000000000 +0000 +++ icoutils-0.31.0/debian/patches/CVE-2017-6009_CVE-2017-6010_CVE-2017-6011.patch 2017-03-10 13:50:54.000000000 +0000 @@ -0,0 +1,64 @@ +Backport of these upstream fixes: + +http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=bf97b99109607d4367a4e57df9a37cbcac02e220 +http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=45a0207225df4cd4b82f41eee636e21f11a7db74 +http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=f148ae5af1c9eeb85610a5653a7f625dd6c3ac2e + + +--- icoutils-0.31.0.orig/icotool/extract.c ++++ icoutils-0.31.0/icotool/extract.c +@@ -138,7 +138,8 @@ extract_icons(FILE *in, char *inname, bo + Win32RGBQuad *palette = NULL; + uint32_t palette_count = 0; + uint32_t image_size, mask_size; +- uint32_t width, height, bit_count; ++ int32_t width, height; ++ uint32_t bit_count; + uint8_t *image_data = NULL, *mask_data = NULL; + png_structp png_ptr = NULL; + png_infop info_ptr = NULL; +@@ -154,16 +155,19 @@ extract_icons(FILE *in, char *inname, bo + /* Vista icon: it's just a raw PNG */ + if (bitmap.size == ICO_PNG_MAGIC) + { ++ uint32_t unsigned_width, unsigned_height; + fseek(in, offset, SEEK_SET); + + image_size = entries[c].dib_size; + image_data = xmalloc(image_size); + if (!xfread(image_data, image_size, in)) + goto done; +- +- if (!read_png (image_data, image_size, &bit_count, &width, &height)) ++ ++ if (!read_png (image_data, image_size, &bit_count, &unsigned_width, &unsigned_height)) + goto done; +- ++ ++ width = (int32_t)unsigned_width; ++ height = (int32_t)unsigned_height; + completed++; + + if (!filter(completed, width, height, bitmap.bit_count, palette_count, dir.type == 1, +@@ -234,6 +238,10 @@ extract_icons(FILE *in, char *inname, bo + goto done; + offset += sizeof(Win32RGBQuad) * palette_count; + } ++ if (abs(bitmap.width) > INT32_MAX/max(4, bitmap.bit_count)) { ++ warn(_("bitmap width too large")); ++ goto done; ++ } + + width = bitmap.width; + height = abs(bitmap.height)/2; +--- icoutils-0.31.0.orig/wrestool/restable.c ++++ icoutils-0.31.0/wrestool/restable.c +@@ -223,7 +223,7 @@ decode_ne_resource_id (WinLibrary *fi, W + /* translate id into a string */ + snprintf(wr->id, WINRES_ID_MAXLEN, "%d", value & ~NE_RESOURCE_NAME_IS_NUMERIC); + } else { /* ASCII string id */ +- int len; ++ unsigned char len; + char *mem = (char *) NE_HEADER(fi->memory) + + NE_HEADER(fi->memory)->rsrctab + + value; diff -Nru icoutils-0.31.0/debian/patches/series icoutils-0.31.0/debian/patches/series --- icoutils-0.31.0/debian/patches/series 2017-01-14 07:46:39.000000000 +0000 +++ icoutils-0.31.0/debian/patches/series 2017-03-10 13:50:11.000000000 +0000 @@ -2,3 +2,4 @@ wrestool-Make-check_offset-more-stringent.patch prevent-access-to-unallocated-memory-in-wrestool-BZ-.patch wrestool-Fix-an-index-additional-check.patch +CVE-2017-6009_CVE-2017-6010_CVE-2017-6011.patch