Your message dated Thu, 09 Apr 2009 16:40:54 +0000
with message-id <e1lrxj8-0001lo...@ries.debian.org>
and subject line Bug#511844: fixed in devil 1.6.7-5+etch1
has caused the Debian Bug report #511844,
regarding CVE-2008-5262: DevIL "iGetHdrHeader()" Buffer Overflow Vulnerabilities
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
511844: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511844
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: devil
Severity: grave
Tags: security
Justification: user security hole
Hi,
please see http://secunia.com/secunia_research/2008-59/ for details.
Cheers,
Moritz
-- System Information:
Debian Release: 5.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
--- End Message ---
--- Begin Message ---
Source: devil
Source-Version: 1.6.7-5+etch1
We believe that the bug you reported is fixed in the latest version of
devil, which is due to be installed in the Debian FTP archive:
devil_1.6.7-5+etch1.diff.gz
to pool/main/d/devil/devil_1.6.7-5+etch1.diff.gz
devil_1.6.7-5+etch1.dsc
to pool/main/d/devil/devil_1.6.7-5+etch1.dsc
libdevil-dev_1.6.7-5+etch1_i386.deb
to pool/main/d/devil/libdevil-dev_1.6.7-5+etch1_i386.deb
libdevil1c2_1.6.7-5+etch1_i386.deb
to pool/main/d/devil/libdevil1c2_1.6.7-5+etch1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 511...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steffen Joeris <wh...@debian.org> (supplier of updated devil package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 3 Feb 2009 22:06:49 +0000
Source: devil
Binary: libdevil1c2 libdevil-dev
Architecture: source i386
Version: 1.6.7-5+etch1
Distribution: stable-security
Urgency: high
Maintainer: Marcelo E. Magallon <mmaga...@debian.org>
Changed-By: Steffen Joeris <wh...@debian.org>
Description:
libdevil-dev - Cross-platform image loading and manipulation toolkit
libdevil1c2 - DevIL image manipulation toolkit runtime support
Closes: 511844 512122
Changes:
devil (1.6.7-5+etch1) stable-security; urgency=high
.
* Non-maintainer upload by the security team
* Fix buffer overflows in the iGetHdrHeader() function that allow
arbitrary code execution via a crafted Radiance RGBE file
(Closes: #511844, #512122)
Fixes: CVE-2008-5262
Files:
00a9a200619160d990ed2a2deeb4238d 784 devel optional devil_1.6.7-5+etch1.dsc
0d0c3842196d85c4e24bedabcd84f626 3013312 devel optional devil_1.6.7.orig.tar.gz
414a516d9fef38921dbd538d78adcac0 8379 devel optional
devil_1.6.7-5+etch1.diff.gz
1f1bfc9efdd189ea5b430a50ca281cca 286098 devel optional
libdevil-dev_1.6.7-5+etch1_i386.deb
aca0fc8776489aba07f6a6a103fb52f9 252798 libs optional
libdevil1c2_1.6.7-5+etch1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkmI7zQACgkQ62zWxYk/rQfV1gCeLmOSvrAJKvFHeFrGJiSFjn5T
xLAAnR0sFQqDR77eA4CKkZZLYd2stHGE
=x/2E
-----END PGP SIGNATURE-----
--- End Message ---
