Anton Gladky: 2021/06, FLOSS activity
LTS
This is my fourth month of working for LTS. I was assigned 12 hrs and worked all of them.
Released DLAs
-
DLA 2672-1 imagemagick_6.9.7.4+dfsg-11+deb9u13
-
CVE-2020-27751
A flaw was found in MagickCore/quantum-export.c. An attacker who submits a
crafted file that is processed by ImageMagick could trigger undefined behavior
in the form of values outside the range of type
unsigned long long
as well as a shift exponent that is too large for
64-bit type. This would most likely lead to an impact to application availability,
but could potentially cause other problems related to undefined behavior.
-
CVE-2021-20243
A flaw was found in MagickCore/resize.c. An attacker who submits a crafted
file that is processed by ImageMagick could trigger undefined behavior
in the form of math division by zero.
-
CVE-2021-20245
A flaw was found in coders/webp.c. An attacker who submits a crafted file that
is processed by ImageMagick could trigger undefined behavior in the form of
math division by zero.
-
CVE-2021-20309
A division by zero in WaveImage() of MagickCore/visual-effects.c may trigger
undefined behavior via a crafted image file submitted to an application using
ImageMagick.
-
CVE-2021-20312
An integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger
undefined behavior via a crafted image file that is submitted by an attacker
and processed by an application using ImageMagick.
-
CVE-2021-20313
A potential cipher leak when the calculate signatures in TransformSignature is possible.
-
DLA 2677-1 libwebp_0.5.2-1+deb9u1
-
CVE-2018-25009
An out-of-bounds read was found in function WebPMuxCreateInternal.
The highest threat from this vulnerability is to data confidentiality
and to the service availability.
-
CVE-2018-25010
An out-of-bounds read was found in function ApplyFilter.
The highest threat from this vulnerability is to data confidentiality
and to the service availability.
-
CVE-2018-25011
A heap-based buffer overflow was found in PutLE16().
The highest threat from this vulnerability is to data confidentiality
and integrity as well as system availability.
-
CVE-2018-25012
An out-of-bounds read was found in function WebPMuxCreateInternal.
The highest threat from this vulnerability is to data confidentiality
and to the service availability.
-
CVE-2018-25013
An out-of-bounds read was found in function ShiftBytes.
The highest threat from this vulnerability is to data confidentiality
and to the service availability.
-
CVE-2018-25014
An unitialized variable is used in function ReadSymbol.
The highest threat from this vulnerability is to data confidentiality
and integrity as well as system availability.
-
CVE-2020-36328
A heap-based buffer overflow in function WebPDecodeRGBInto is possible
due to an invalid check for buffer size. The highest threat from this
vulnerability is to data confidentiality and integrity as well as system
availability.
-
CVE-2020-36329
A use-after-free was found due to a thread being killed too early.
The highest threat from this vulnerability is to data confidentiality
and integrity as well as system availability.
-
CVE-2020-36330
An out-of-bounds read was found in function ChunkVerifyAndAssign.
The highest threat from this vulnerability is to data confidentiality
and to the service availability.
-
CVE-2020-36331
An out-of-bounds read was found in function ChunkAssignData.
The highest threat from this vulnerability is to data confidentiality
and to the service availability.
CVE-2020-36332 was marked as ignored
for stretch due to too disruptive patch for older versions of libwebp.
-
DLA-2687-1 prosody_0.9.12-2+deb9u3
-
CVE-2021-32917
The proxy65 component allows open access by default, even if neither
of the users has an XMPP account on the local server, allowing
unrestricted use of the server s bandwidth.
-
CVE-2021-32921
Authentication module does not use a constant-time algorithm for
comparing certain secret strings when running under Lua 5.2 or later.
This can potentially be used in a timing attack to reveal the
contents of secret strings to an attacker.
-
DLA-2687-2 prosody_0.9.12-2+deb9u4
Upload prosody_0.9.12-2+deb9u3 introduced a regression in the
mod_auth_internal_hashed module. Big thanks to Andre Bianchi for the
reporting an issue and for testing the update.
CVE-2021-32918,
CVE-2021-32920,
were marked as ignored for stretch: the affected code is not existing in that version of prosody.
LTS-Meeting
I attended the Debian LTS team Jitsi-meeting.
Debian Science Team
openpiv-python
I started to package python-openpiv.
The software implements PIV (Particle Image Velocimetry) method to compare two images and
obtain velocity field.
Other FLOSS activities
Admesh
Admesh is the first package which I adopted over 10 years ago! Upstream is not active for a very long time,
so I created a github-repo back in 2013.
The software helps to manipulate STL-files. STL is the file format for meshes, mostly developed for CAD programs.
This month I decided to clean the build system. It was switched to cmake. CI was updated, now it compiles
the sources under Linux/Windows environment, runs tests, AddressSanitizer and UndefinedBehaviourSanitizer
were employed. Work is ongoing.
-
DLA 2672-1 imagemagick_6.9.7.4+dfsg-11+deb9u13
-
CVE-2020-27751
A flaw was found in MagickCore/quantum-export.c. An attacker who submits a
crafted file that is processed by ImageMagick could trigger undefined behavior
in the form of values outside the range of type
unsigned long long
as well as a shift exponent that is too large for 64-bit type. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. - CVE-2021-20243 A flaw was found in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero.
- CVE-2021-20245 A flaw was found in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero.
- CVE-2021-20309 A division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick.
- CVE-2021-20312 An integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick.
- CVE-2021-20313 A potential cipher leak when the calculate signatures in TransformSignature is possible.
-
CVE-2020-27751
A flaw was found in MagickCore/quantum-export.c. An attacker who submits a
crafted file that is processed by ImageMagick could trigger undefined behavior
in the form of values outside the range of type
-
DLA 2677-1 libwebp_0.5.2-1+deb9u1
- CVE-2018-25009 An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability.
- CVE-2018-25010 An out-of-bounds read was found in function ApplyFilter. The highest threat from this vulnerability is to data confidentiality and to the service availability.
- CVE-2018-25011 A heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
- CVE-2018-25012 An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability.
- CVE-2018-25013 An out-of-bounds read was found in function ShiftBytes. The highest threat from this vulnerability is to data confidentiality and to the service availability.
- CVE-2018-25014 An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
- CVE-2020-36328 A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
- CVE-2020-36329 A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
- CVE-2020-36330 An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.
- CVE-2020-36331 An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.
-
DLA-2687-1 prosody_0.9.12-2+deb9u3
- CVE-2021-32917 The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use of the server s bandwidth.
- CVE-2021-32921 Authentication module does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a timing attack to reveal the contents of secret strings to an attacker.
- DLA-2687-2 prosody_0.9.12-2+deb9u4 Upload prosody_0.9.12-2+deb9u3 introduced a regression in the mod_auth_internal_hashed module. Big thanks to Andre Bianchi for the reporting an issue and for testing the update. CVE-2021-32918, CVE-2021-32920, were marked as ignored for stretch: the affected code is not existing in that version of prosody.