Bug#511844: marked as done (CVE-2008-5262: DevIL "iGetHdrHeader()" Buffer Overflow Vulnerabilities)

Sat, 17 Jan 2009 09:44:03 -0800 

Your message dated Sat, 17 Jan 2009 17:17:05 +0000
with message-id <e1loenb-0006dp...@ries.debian.org>
and subject line Bug#511844: fixed in devil 1.6.8-rc2-3+lenny1
has caused the Debian Bug report #511844,
regarding CVE-2008-5262: DevIL "iGetHdrHeader()" Buffer Overflow Vulnerabilities
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
511844: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511844
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: devil
Severity: grave
Tags: security
Justification: user security hole

Hi,
please see http://secunia.com/secunia_research/2008-59/ for details.

Cheers,
        Moritz

-- System Information:
Debian Release: 5.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

--- End Message ---
--- Begin Message --- 
Source: devil
Source-Version: 1.6.8-rc2-3+lenny1

We believe that the bug you reported is fixed in the latest version of
devil, which is due to be installed in the Debian FTP archive:

devil_1.6.8-rc2-3+lenny1.diff.gz
  to pool/main/d/devil/devil_1.6.8-rc2-3+lenny1.diff.gz
devil_1.6.8-rc2-3+lenny1.dsc
  to pool/main/d/devil/devil_1.6.8-rc2-3+lenny1.dsc
libdevil-dev_1.6.8-rc2-3+lenny1_amd64.deb
  to pool/main/d/devil/libdevil-dev_1.6.8-rc2-3+lenny1_amd64.deb
libdevil1c2_1.6.8-rc2-3+lenny1_amd64.deb
  to pool/main/d/devil/libdevil1c2_1.6.8-rc2-3+lenny1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 511...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nico Golde <n...@debian.org> (supplier of updated devil package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 17 Jan 2009 15:21:31 +0100
Source: devil
Binary: libdevil1c2 libdevil-dev
Architecture: source amd64
Version: 1.6.8-rc2-3+lenny1
Distribution: testing-security
Urgency: high
Maintainer: Bradley Smith <b...@brad-smith.co.uk>
Changed-By: Nico Golde <n...@debian.org>
Description: 
 libdevil-dev - Cross-platform image loading and manipulation toolkit
 libdevil1c2 - DevIL image manipulation toolkit runtime support
Closes: 511844
Changes: 
 devil (1.6.8-rc2-3+lenny1) testing-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fix stack-based buffer overflows in iGetHdrHeader allowing
     context-dependent attackers to execute arbitrary code via a
     crafted Radiance RGBE file (CVE-2008-5262; Closes: #511844).
Checksums-Sha1: 
 2f444b367b84e956ec4c0ead0b2c8ede0d9b7004 1155 devil_1.6.8-rc2-3+lenny1.dsc
 aa9c2012d15c511ec2db34463a21f84fcfb40170 2915570 devil_1.6.8-rc2.orig.tar.gz
 2731c6ceb221c594ce7663adbddcd4ffbfa9e495 9047 devil_1.6.8-rc2-3+lenny1.diff.gz
 ca3c825270091da7709204322f5fc58f2b1fa3cf 213724 
libdevil1c2_1.6.8-rc2-3+lenny1_amd64.deb
 c544d097f0140a3ce094e7948d0a63de916ce8f3 243542 
libdevil-dev_1.6.8-rc2-3+lenny1_amd64.deb
Checksums-Sha256: 
 e89dd7760430d5d7ef2ffdcb417eaebd4c2e6e4e1f27472f2ff5d211c457cd9f 1155 
devil_1.6.8-rc2-3+lenny1.dsc
 c08437df485b241e88b84e5c0731b016a0a49a0f894c23394de12c7620a82c8e 2915570 
devil_1.6.8-rc2.orig.tar.gz
 c8b71b206616a2f0e6fc7f345e10b4d1cdf70726bae58c3245338e0e423cb187 9047 
devil_1.6.8-rc2-3+lenny1.diff.gz
 3802720b9a56b96ca896ce1eafa45e93b7f2a58f331593e3c0dc086b8a81cec9 213724 
libdevil1c2_1.6.8-rc2-3+lenny1_amd64.deb
 261cd7fc961a2dd549ee2ce7fa7885d4050ea264f1cd3e8aba559c5287bfcd49 243542 
libdevil-dev_1.6.8-rc2-3+lenny1_amd64.deb
Files: 
 b465a033ccb446b952db2bdd7488d180 1155 devel optional 
devil_1.6.8-rc2-3+lenny1.dsc
 9d815c8637adb6fb6c25c38dc178aca2 2915570 devel optional 
devil_1.6.8-rc2.orig.tar.gz
 58e6e9d9be79b980b6a48690402c47fb 9047 devel optional 
devil_1.6.8-rc2-3+lenny1.diff.gz
 4b6aca6a4579ab86b8d9299e34d8fb8b 213724 libs optional 
libdevil1c2_1.6.8-rc2-3+lenny1_amd64.deb
 963a32298859b5a3906ca2e616f57cfb 243542 libdevel optional 
libdevil-dev_1.6.8-rc2-3+lenny1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAklx72YACgkQHYflSXNkfP+tqwCffsN5b9c9TVqAyk6rR2nIF3dR
nMAAn1MGIIeV7hEcpJp8CDk+4o6U6YUf
=1lAF
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to