Bug#465598: marked as done (libsdl-image1.2: Security update 1.2.5-2etch1 is not installed)

[Debian Bug Tracking System]

Your message dated Sat, 12 Apr 2008 07:52:41 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#465598: fixed in sdl-image1.2 1.2.5-2+etch1
has caused the Debian Bug report #465598,
regarding libsdl-image1.2: Security update 1.2.5-2etch1 is not installed
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
465598: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=465598
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems

--- Begin Message ---

Package: libsdl-image1.2
Version: 1.2.5-2+b1
Severity: grave
Justification: user security hole
Tags: security

I am unsure where the error is, please reassign appropriately.

On Feb. 10th I got the mail about DSA 1493-1. I also "see" this DSA:
remaxp:~# env LANG=C apt-cache policy libsdl-image1.2
libsdl-image1.2:
  Installed: 1.2.5-2+b1
  Candidate: 1.2.5-2+b1
  Version table:
 *** 1.2.5-2+b1 0
        500 http://127.0.0.1 etch/main Packages
        100 /var/lib/dpkg/status
     1.2.5-2etch1 0
        500 http://127.0.0.1 etch/updates/main Packages

But as you can see, it is not going to be installed:
remaxp:~# env LANG=C apt-get install libsdl-image1.2
Reading package lists... Done
Building dependency tree... Done
libsdl-image1.2 is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.

Thus CVE-2007-6697 and CVE-2008-0544 are not yet fixed.


-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.19.2-grsec-cz01
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)

Versions of packages libsdl-image1.2 depends on:
ii  libc6                  2.3.6.ds1-13etch4 GNU C Library: Shared libraries
ii  libpng12-0             1.2.15~beta5-1    PNG library - runtime
ii  libsdl1.2debian        1.2.11-8          Simple DirectMedia Layer
ii  zlib1g                 1:1.2.3-13        compression library - runtime

libsdl-image1.2 recommends no packages.

-- no debconf information

-- 
      Dr. Helge Kreutzmann                     [EMAIL PROTECTED]
           Dipl.-Phys.                   http://www.helgefjell.de/debian.php
        64bit GNU powered                     gpg signed mail preferred
           Help keep free software "libre": http://www.ffii.de/

signature.asc
Description: Digital signature

--- End Message ---

--- Begin Message ---

Source: sdl-image1.2
Source-Version: 1.2.5-2+etch1

We believe that the bug you reported is fixed in the latest version of
sdl-image1.2, which is due to be installed in the Debian FTP archive:

libsdl-image1.2-dev_1.2.5-2+etch1_i386.deb
  to pool/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.5-2+etch1_i386.deb
libsdl-image1.2_1.2.5-2+etch1_i386.deb
  to pool/main/s/sdl-image1.2/libsdl-image1.2_1.2.5-2+etch1_i386.deb
sdl-image1.2_1.2.5-2+etch1.diff.gz
  to pool/main/s/sdl-image1.2/sdl-image1.2_1.2.5-2+etch1.diff.gz
sdl-image1.2_1.2.5-2+etch1.dsc
  to pool/main/s/sdl-image1.2/sdl-image1.2_1.2.5-2+etch1.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thijs Kinkhorst <[EMAIL PROTECTED]> (supplier of updated sdl-image1.2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 16 Mar 2008 00:39:46 +0100
Source: sdl-image1.2
Binary: libsdl-image1.2 libsdl-image1.2-dev
Architecture: source i386
Version: 1.2.5-2+etch1
Distribution: stable-security
Urgency: low
Maintainer: Michael Koch <[EMAIL PROTECTED]>
Changed-By: Thijs Kinkhorst <[EMAIL PROTECTED]>
Description: 
 libsdl-image1.2 - image loading library for Simple DirectMedia Layer 1.2
 libsdl-image1.2-dev - development files for SDL 1.2 image loading libray
Closes: 465598
Changes: 
 sdl-image1.2 (1.2.5-2+etch1) stable-security; urgency=low
 .
   * Rebuild with higher version number than binary NMU's,
     no other changes (closes: #465598).
Files: 
 7806c149bf53c0c3fbe09603b28a9e7f 991 libs optional 
sdl-image1.2_1.2.5-2+etch1.dsc
 84411d1b20a5081531b7ecc7a8fa6b98 12288 libs optional 
sdl-image1.2_1.2.5-2+etch1.diff.gz
 fe51b351e3eb72f315ed1b74f29138eb 29632 libs optional 
libsdl-image1.2_1.2.5-2+etch1_i386.deb
 6b98b1a5fd2eeaf25feaab7418583ec9 34404 libdevel optional 
libsdl-image1.2-dev_1.2.5-2+etch1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBR9xfzGz0hbPcukPfAQJE6wf6Ao53Pn/gHegz0l/fVTWo7/pgzp2cGxJH
tnqbkLKFxZlLAC+Mz01IsqnkqMV7RMOwq+6+P8GcoAuzbldUi2u4CXjV1wsjUN3X
iBNIBb1KKUx0hPpjFnMw/SIA3Y7/n7lfE0dHHR9htXAQLby5amJZEk7ILtBb1HY7
51e1ema+7qP3QYUJsMwZ9eo5CYFzV3MSos5CEZBNab5doq5BJGKgO1vHZO9GGFJH
zf54VEg+oWb3HQNuuBpOP0zaa9BTRUmmKlq1Rm6HSVaD+81B1/9Lh8Gpztl9cAAV
9E+P2+OZQuPwwfz2JODkv01ZgXPKh2iuttcwh8tKwbZlSKph4Y1r2Q==
=uTla
-----END PGP SIGNATURE-----

--- End Message ---