Your message dated Wed, 23 Feb 2005 21:02:17 +0100
with message-id <[EMAIL PROTECTED]>
and subject line Bug#278625: Bug #278625: CAN-2004-0990: integer and buffer
overflows
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 28 Oct 2004 09:48:50 +0000
>From [EMAIL PROTECTED] Thu Oct 28 02:48:49 2004
Return-path: <[EMAIL PROTECTED]>
Received: from box79162.elkhouse.de [213.9.79.162]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CN6tl-0002Oo-00; Thu, 28 Oct 2004 02:48:49 -0700
Received: from martin by box79162.elkhouse.de with local (Exim 4.34)
id 1CN6tk-0003f1-N6; Thu, 28 Oct 2004 11:48:48 +0200
Date: Thu, 28 Oct 2004 11:48:48 +0200
From: Martin Pitt <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: CAN-2004-0990: integer and buffer overflows
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="3MwIy2ne0vdjdPXF"
Content-Disposition: inline
X-Reportbug-Version: 2.63
User-Agent: Mutt/1.5.6+20040722i
Sender: Martin Pitt <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
--3MwIy2ne0vdjdPXF
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Package: libgd2
Version: 2.0.28-3
Severity: critical
Tags: security
Justification: breaks unrelated software
Hi!
libgd2 is apparently vulnerable to CAN-2004-0990. Please see=20
http://www.securityfocus.com/archive/1/379382/2004-10-24/2004-10-30/0
for details.
Thanks,
Martin
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.7
Locale: LANG=3Dde_DE.UTF-8, LC_CTYPE=3Dde_DE.UTF-8
--=20
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntulinux.org
Debian GNU/Linux Developer http://www.debian.org
--3MwIy2ne0vdjdPXF
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBgMCADecnbV4Fd/IRAmyDAKCBL9FMmPmwjWsH6ybTurAJS8QFIwCggS/u
ogZMO3WkUvOWXV3ug4VbFW4=
=62zy
-----END PGP SIGNATURE-----
--3MwIy2ne0vdjdPXF--
---------------------------------------
Received: (at 278625-done) by bugs.debian.org; 23 Feb 2005 20:02:56 +0000
>From [EMAIL PROTECTED] Wed Feb 23 12:02:56 2005
Return-path: <[EMAIL PROTECTED]>
Received: from 0x3ef3a55b.virnxx2.adsl-dhcp.tele.dk (xayide.jones.dk)
[62.243.165.91] (postfix)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1D42il-0002SV-00; Wed, 23 Feb 2005 12:02:56 -0800
Received: from localhost (localhost [127.0.0.1])
by xayide.jones.dk (Postfix) with ESMTP id 71FDF1AB2DC;
Wed, 23 Feb 2005 21:02:53 +0100 (CET)
Received: from xayide.jones.dk ([127.0.0.1])
by localhost (xayide.jones.dk [127.0.0.1]) (amavisd-new, port 10024)
with SMTP id 31437-04; Wed, 23 Feb 2005 21:02:43 +0100 (CET)
Received: from [192.168.102.136] (unknown [192.168.102.136])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by xayide.jones.dk (Postfix) with ESMTP id 54AB71AB2B9;
Wed, 23 Feb 2005 21:02:43 +0100 (CET)
Message-ID: <[EMAIL PROTECTED]>
Date: Wed, 23 Feb 2005 21:02:17 +0100
From: Jonas Smedegaard <[EMAIL PROTECTED]>
User-Agent: Debian Thunderbird 1.0 (X11/20050117)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Niko Tyni <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: Re: Bug#278625: Bug #278625: CAN-2004-0990: integer and buffer
overflows
References: <[EMAIL PROTECTED]>
In-Reply-To: <[EMAIL PROTECTED]>
X-Enigmail-Version: 0.90.0.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at jones.dk
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 23-02-2005 20:16, Niko Tyni wrote:
> this security bug (CAN-2004-0990) against libgd2 in woody seems to be
> fixed:
Indeed. Thanks alot for spotting this!
> AFAICT, the bug report should be closed. I'll leave that for somebody
> else to verify, though. Apologies if I'm missing something.
Done!
- Jonas
- --
* Jonas Smedegaard - idealist og Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
- Enden er n=E6r: http://www.shibumi.org/eoti.htm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCHOFJn7DbMsAkQLgRAnAMAJ9oJZzTEknB83CE2+ySPCaAKTnNJgCbBiJ6
JmZfWpHDO+0RO2xsEbn8VjY=3D
=3D//gN
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
