Bug#537174: marked as done (CVE-2009-2369: Integer overflow in the wxImage::Create function)

Debian Bug Tracking System Tue, 04 Aug 2009 15:43:14 -0700

Your message dated Tue, 04 Aug 2009 22:23:57 +0000
with message-id <e1mysqh-0008u5...@ries.debian.org>
and subject line Bug#537174: fixed in wxwidgets2.8 2.8.7.1-2
has caused the Debian Bug report #537174,
regarding CVE-2009-2369: Integer overflow in the wxImage::Create function
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
537174: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=537174
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: wxwidgets2.8
Severity: grave
Tags: security patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for wxwidgets2.8.

CVE-2009-2369[0]:
| Integer overflow in the wxImage::Create function in
| src/common/image.cpp in wxWidgets 2.8.10 allows attackers to cause a
| denial of service (crash) and possibly execute arbitrary code via a
| crafted JPEG file, which triggers a heap-based buffer overflow.  NOTE:
| the provenance of this information is unknown; the details are
| obtained solely from third party information.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2369
    http://security-tracker.debian.net/tracker/CVE-2009-2369

Patch:
http://trac.wxwidgets.org/changeset/60875
http://trac.wxwidgets.org/changeset/60876
http://trac.wxwidgets.org/changeset/60897

Cheers,
Giuseppe

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkpeI6IACgkQNxpp46476ao5awCgjQl+5bM8qo94jOMVtWpZyGAK
5toAnjAKmNUXAkPypElmQY1l0q30hFZ3
=Comj
-----END PGP SIGNATURE-----

--- End Message ---

--- Begin Message ---

Source: wxwidgets2.8
Source-Version: 2.8.7.1-2

We believe that the bug you reported is fixed in the latest version of
wxwidgets2.8, which is due to be installed in the Debian FTP archive:

libwxbase2.8-0_2.8.7.1-2_amd64.deb
  to pool/main/w/wxwidgets2.8/libwxbase2.8-0_2.8.7.1-2_amd64.deb
libwxbase2.8-dbg_2.8.7.1-2_amd64.deb
  to pool/main/w/wxwidgets2.8/libwxbase2.8-dbg_2.8.7.1-2_amd64.deb
libwxbase2.8-dev_2.8.7.1-2_amd64.deb
  to pool/main/w/wxwidgets2.8/libwxbase2.8-dev_2.8.7.1-2_amd64.deb
libwxgtk2.8-0_2.8.7.1-2_amd64.deb
  to pool/main/w/wxwidgets2.8/libwxgtk2.8-0_2.8.7.1-2_amd64.deb
libwxgtk2.8-dbg_2.8.7.1-2_amd64.deb
  to pool/main/w/wxwidgets2.8/libwxgtk2.8-dbg_2.8.7.1-2_amd64.deb
libwxgtk2.8-dev_2.8.7.1-2_amd64.deb
  to pool/main/w/wxwidgets2.8/libwxgtk2.8-dev_2.8.7.1-2_amd64.deb
python-wxgtk2.8-dbg_2.8.7.1-2_amd64.deb
  to pool/main/w/wxwidgets2.8/python-wxgtk2.8-dbg_2.8.7.1-2_amd64.deb
python-wxgtk2.8_2.8.7.1-2_amd64.deb
  to pool/main/w/wxwidgets2.8/python-wxgtk2.8_2.8.7.1-2_amd64.deb
wx2.8-doc_2.8.7.1-2_all.deb
  to pool/main/w/wxwidgets2.8/wx2.8-doc_2.8.7.1-2_all.deb
wx2.8-examples_2.8.7.1-2_all.deb
  to pool/main/w/wxwidgets2.8/wx2.8-examples_2.8.7.1-2_all.deb
wx2.8-headers_2.8.7.1-2_amd64.deb
  to pool/main/w/wxwidgets2.8/wx2.8-headers_2.8.7.1-2_amd64.deb
wx2.8-i18n_2.8.7.1-2_all.deb
  to pool/main/w/wxwidgets2.8/wx2.8-i18n_2.8.7.1-2_all.deb
wxwidgets2.8_2.8.7.1-2.diff.gz
  to pool/main/w/wxwidgets2.8/wxwidgets2.8_2.8.7.1-2.diff.gz
wxwidgets2.8_2.8.7.1-2.dsc
  to pool/main/w/wxwidgets2.8/wxwidgets2.8_2.8.7.1-2.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 537...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Giuseppe Iuculano <giuse...@iuculano.it> (supplier of updated wxwidgets2.8 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 29 Jul 2009 21:03:42 +0200
Source: wxwidgets2.8
Binary: libwxbase2.8-0 libwxbase2.8-dev libwxbase2.8-dbg libwxgtk2.8-0 
libwxgtk2.8-dev libwxgtk2.8-dbg python-wxgtk2.8 python-wxgtk2.8-dbg 
python-wxversion python-wxaddons python-wxtools wx-common wx2.8-headers 
wx2.8-i18n wx2.8-doc wx2.8-examples libwxmsw2.8-dev libwxmsw2.8-dbg 
wx2.8-headers-msw
Architecture: source amd64 all
Version: 2.8.7.1-2
Distribution: unstable
Urgency: high
Maintainer: Debian QA Group <packa...@qa.debian.org>
Changed-By: Giuseppe Iuculano <giuse...@iuculano.it>
Description: 
 libwxbase2.8-0 - wxBase library (runtime) - non-GUI support classes of 
wxWidgets t
 libwxbase2.8-dbg - wxBase library (debug) - non-GUI support classes of 
wxWidgets too
 libwxbase2.8-dev - wxBase library (development) - non-GUI support classes of 
wxWidge
 libwxgtk2.8-0 - wxWidgets Cross-platform C++ GUI toolkit (GTK+ runtime)
 libwxgtk2.8-dbg - wxWidgets Cross-platform C++ GUI toolkit (GTK+ development)
 libwxgtk2.8-dev - wxWidgets Cross-platform C++ GUI toolkit (GTK+ development)
 libwxmsw2.8-dbg - wxMSW mingw32msvc-cross (debug)
 libwxmsw2.8-dev - wxMSW mingw32msvc-cross
 python-wxaddons - wxWidgets Cross-platform C++ GUI toolkit (wxPython add-on 
package
 python-wxgtk2.8 - wxWidgets Cross-platform C++ GUI toolkit (wxPython binding)
 python-wxgtk2.8-dbg - wxWidgets Cross-platform C++ GUI toolkit (wxPython 
binding, debug
 python-wxtools - wxWidgets Cross-platform C++ GUI toolkit (wxPython common 
files)
 python-wxversion - wxWidgets Cross-platform C++ GUI toolkit (wxPython version 
select
 wx-common  - wxWidgets Cross-platform C++ GUI toolkit (common support files)
 wx2.8-doc  - wxWidgets Cross-platform C++ GUI toolkit (documentation)
 wx2.8-examples - wxWidgets Cross-platform C++ GUI toolkit (examples)
 wx2.8-headers - wxWidgets Cross-platform C++ GUI toolkit (header files)
 wx2.8-headers-msw - Extra wxWidgets headers for mingw32msvc-cross
 wx2.8-i18n - wxWidgets Cross-platform C++ GUI toolkit (i18n support)
Closes: 537174
Changes: 
 wxwidgets2.8 (2.8.7.1-2) unstable; urgency=high
 .
   * Package orphaned, change Maintainer to Debian QA Group.
   * debian/patches/CVE-2009-2369.dpatch: Fixed Integer overflow in the
     wxImage::Create function (CVE-2009-2369) (Closes: #537174)
Checksums-Sha1: 
 de390fed5cc2798878d88f405d770dda95ef3ffb 1764 wxwidgets2.8_2.8.7.1-2.dsc
 90fb0c57a3dd99cda55e0e453ff15388b0996649 40278 wxwidgets2.8_2.8.7.1-2.diff.gz
 61981409498d3808d09ea3d1de54fb78cf23a20e 675170 
libwxbase2.8-0_2.8.7.1-2_amd64.deb
 507fbd95004970ddbe1f6925f932ec5756e58eaf 90926 
libwxbase2.8-dev_2.8.7.1-2_amd64.deb
 98950de1b2f0f29b057705cd57d2bff742928f93 3803028 
libwxbase2.8-dbg_2.8.7.1-2_amd64.deb
 affb2911e2884c9a05d25b7f77944dfe816c8d26 3444566 
libwxgtk2.8-0_2.8.7.1-2_amd64.deb
 783906bd9cac89273cd53c14adc772f175949816 91176 
libwxgtk2.8-dev_2.8.7.1-2_amd64.deb
 286f15f56e6cbbaf5795bd6273f0a56b9f67790e 24500698 
libwxgtk2.8-dbg_2.8.7.1-2_amd64.deb
 0432bb1fa21cb41d2d591e238cf76127403a0307 10810428 
python-wxgtk2.8_2.8.7.1-2_amd64.deb
 1549fae8dafb217ca5f8ff0336f9ac738bb5ccb8 36409630 
python-wxgtk2.8-dbg_2.8.7.1-2_amd64.deb
 5469aee06d478764a7768d4883b87f18ade190b9 1100880 
wx2.8-headers_2.8.7.1-2_amd64.deb
 5ecacf78db7a4f11a431dcba25fe681698ecdae8 780966 wx2.8-i18n_2.8.7.1-2_all.deb
 d8f6b4e88cc1ae6dd6e94e940655ea3eadf5c0ca 2076906 wx2.8-doc_2.8.7.1-2_all.deb
 90cf44a50e0e7dd47745399577efe8934f3e6041 6602978 
wx2.8-examples_2.8.7.1-2_all.deb
Checksums-Sha256: 
 a7da65b24fb1e0c69654e81bbd0cfe19ad43eb292dd043b7e17e06bf15a229b0 1764 
wxwidgets2.8_2.8.7.1-2.dsc
 f369ecadef9f73ac461ea1304fa1598d2775bfc009a70a0fd79a15b7191f4a91 40278 
wxwidgets2.8_2.8.7.1-2.diff.gz
 1cfe8da493c882def1e909814879834fbb0c62238e09e4e2dac2e2be9aa2895c 675170 
libwxbase2.8-0_2.8.7.1-2_amd64.deb
 daa129cb6da572c3b3bf80ee93f002542bce3bcfba0f6038db8810888e9e0778 90926 
libwxbase2.8-dev_2.8.7.1-2_amd64.deb
 07cddd9211ad26c61a306a30a913769d184a81adda4d542f6a23a0fa39e56bd0 3803028 
libwxbase2.8-dbg_2.8.7.1-2_amd64.deb
 7d00b7d474a7894c50b04e62afeeeaa8ded9e1087848cb897e74d1f80f5ad7ef 3444566 
libwxgtk2.8-0_2.8.7.1-2_amd64.deb
 f6b94d7410da2637fe2642b4f040374bd09b33bb27bb618148c993bdb286dac8 91176 
libwxgtk2.8-dev_2.8.7.1-2_amd64.deb
 e19d57a6f75dd7212d39cd25d4ddc14d38662adf491df467b7338f486bad35c8 24500698 
libwxgtk2.8-dbg_2.8.7.1-2_amd64.deb
 ec58f8f14079d1e2d0a69a553858779655d7141072d05ffedd20a1c709d6244d 10810428 
python-wxgtk2.8_2.8.7.1-2_amd64.deb
 f16432b6320c4afd845b531e9b1c326bd51854072ccd107f838c48e540193e93 36409630 
python-wxgtk2.8-dbg_2.8.7.1-2_amd64.deb
 05ef488fe34bbdf1aed2ba4c2cbb8f0179b3292f1905f5fed344ba5de15582e0 1100880 
wx2.8-headers_2.8.7.1-2_amd64.deb
 7bc69d714d2cc17c905e5d1bae2e924a4623b91b4d3c9032771841c56c31c3c9 780966 
wx2.8-i18n_2.8.7.1-2_all.deb
 00f13b866187e5fce4e32598dc3624dae67f5c08608a08a81f6e216886a5e31f 2076906 
wx2.8-doc_2.8.7.1-2_all.deb
 b0a43334a0173d92ccd25e9b1da88f9df69edb39262cf8d4cf6c19c05185c78a 6602978 
wx2.8-examples_2.8.7.1-2_all.deb
Files: 
 cf85bfd540376b3e36556bb925ec351a 1764 libs optional wxwidgets2.8_2.8.7.1-2.dsc
 b363ee800d91bae10c1d646208c0cb0a 40278 libs optional 
wxwidgets2.8_2.8.7.1-2.diff.gz
 b98f28a29096b2e74b80969a637a6698 675170 libs optional 
libwxbase2.8-0_2.8.7.1-2_amd64.deb
 322650b0e37d01ec9326ae64ab04fe0d 90926 libdevel optional 
libwxbase2.8-dev_2.8.7.1-2_amd64.deb
 078f324ff280e575b57d9c1bfab887da 3803028 libdevel extra 
libwxbase2.8-dbg_2.8.7.1-2_amd64.deb
 c914a941de3a57f3b973dd906b0e0234 3444566 libs optional 
libwxgtk2.8-0_2.8.7.1-2_amd64.deb
 8ca91705a3597d8a7314b34e0fdecc88 91176 libdevel optional 
libwxgtk2.8-dev_2.8.7.1-2_amd64.deb
 ea1793d883040c503593b5354ce5bb80 24500698 libdevel extra 
libwxgtk2.8-dbg_2.8.7.1-2_amd64.deb
 5c270ab1417db19afc0040119e2b9929 10810428 python optional 
python-wxgtk2.8_2.8.7.1-2_amd64.deb
 228e6ed61cf5bcc1bda584512dbf1c37 36409630 python extra 
python-wxgtk2.8-dbg_2.8.7.1-2_amd64.deb
 50c84540894557b520cd390cc026cd78 1100880 devel optional 
wx2.8-headers_2.8.7.1-2_amd64.deb
 c4403726aa564fd5184ba3ef25d17b5a 780966 libs optional 
wx2.8-i18n_2.8.7.1-2_all.deb
 980978bb3abc084e1426cc1e8dbb16c0 2076906 doc optional 
wx2.8-doc_2.8.7.1-2_all.deb
 48748437a2b03c75970e81c032256b56 6602978 devel optional 
wx2.8-examples_2.8.7.1-2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkp4q8cACgkQHYflSXNkfP/4UACgtb/6Cc5nqxNlrtsr3i8PVkL2
c00An0Vc1v6naAtyDaUXVgJs6rAV6tUr
=gsCo
-----END PGP SIGNATURE-----

--- End Message ---

Bug#537174: marked as done (CVE-2009-2369: Integer overflow in the wxImage::Create function)

Reply via email to