Bug#660026: marked as done (CVE-2011-3026)

Wed, 15 Feb 2012 13:51:34 -0800 

Your message dated Wed, 15 Feb 2012 21:47:52 +0000
with message-id <e1rxmhc-0003a9...@franck.debian.org>
and subject line Bug#660026: fixed in libpng 1.2.46-5
has caused the Debian Bug report #660026,
regarding CVE-2011-3026
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
660026: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660026
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: libpng
Severity: grave
Tags: security

This is CVE-2011-3026:
http://src.chromium.org/viewvc/chrome/branches/963/src/third_party/libpng/pngrutil.c?r1=121492&r2=121491&pathrev=121492

Please upload to unstable. I took care of a DSA.

Cheers,
        Moritz

--- End Message ---
--- Begin Message --- 
Source: libpng
Source-Version: 1.2.46-5

We believe that the bug you reported is fixed in the latest version of
libpng, which is due to be installed in the Debian FTP archive:

libpng12-0-udeb_1.2.46-5_mipsel.udeb
  to main/libp/libpng/libpng12-0-udeb_1.2.46-5_mipsel.udeb
libpng12-0_1.2.46-5_mipsel.deb
  to main/libp/libpng/libpng12-0_1.2.46-5_mipsel.deb
libpng12-dev_1.2.46-5_mipsel.deb
  to main/libp/libpng/libpng12-dev_1.2.46-5_mipsel.deb
libpng3_1.2.46-5_mipsel.deb
  to main/libp/libpng/libpng3_1.2.46-5_mipsel.deb
libpng_1.2.46-5.debian.tar.bz2
  to main/libp/libpng/libpng_1.2.46-5.debian.tar.bz2
libpng_1.2.46-5.dsc
  to main/libp/libpng/libpng_1.2.46-5.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 660...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Anibal Monsalve Salazar <ani...@debian.org> (supplier of updated libpng package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 16 Feb 2012 08:21:54 +1100
Source: libpng
Binary: libpng12-0 libpng12-dev libpng3 libpng12-0-udeb
Architecture: source mipsel
Version: 1.2.46-5
Distribution: unstable
Urgency: high
Maintainer: Anibal Monsalve Salazar <ani...@debian.org>
Changed-By: Anibal Monsalve Salazar <ani...@debian.org>
Description: 
 libpng12-0 - PNG library - runtime
 libpng12-0-udeb - PNG library - minimal runtime library (udeb)
 libpng12-dev - PNG library - development
 libpng3    - PNG library - runtime
Closes: 660026
Changes: 
 libpng (1.2.46-5) unstable; urgency=high
 .
   * Check for both truncation (64-bit platforms) and integer overflow
     Fix CVE-2011-3026
     Add 02-660026-CVE-2011-3026.patch
     Closes: 660026
Checksums-Sha1: 
 f0e4a3f8eb7dfd359ac3b8d4c9102b9eb612a926 1976 libpng_1.2.46-5.dsc
 db34b3668b35e168ae6fa4d150a323677dc8db45 16059 libpng_1.2.46-5.debian.tar.bz2
 cd9057ec57b98efb8e92ace1bf6f5b25e8bc9318 184938 libpng12-0_1.2.46-5_mipsel.deb
 9bb6d144c6a883a1c42773a79ba6b0a3057cc9c9 274938 
libpng12-dev_1.2.46-5_mipsel.deb
 67dcb3e4d6644f15d8dc20932b9f14bb0d35d46e 954 libpng3_1.2.46-5_mipsel.deb
 895eae48f485cbfa68e6fd8aa7a58c68b2c27587 71304 
libpng12-0-udeb_1.2.46-5_mipsel.udeb
Checksums-Sha256: 
 ec0a0e774c7ab69702596a57a0f43b5bbb24fcb4d9671895ad72497500f4ec09 1976 
libpng_1.2.46-5.dsc
 f182e95443cd61f14080c3180e99e640fad56f8aed1824760cfb3aaad40c6c70 16059 
libpng_1.2.46-5.debian.tar.bz2
 39bc279aeb12a7d61eb9fa3f8bfceca0a6aa9e84af9eacd70a15a51ef96f2a5b 184938 
libpng12-0_1.2.46-5_mipsel.deb
 2aa61d9f96dc8588e495050c6a7d158f34240648fd771e7be1ce8060f192f028 274938 
libpng12-dev_1.2.46-5_mipsel.deb
 2d378675784e6ab5dcca102a8355f205060638c04e4871097fca772455403e6b 954 
libpng3_1.2.46-5_mipsel.deb
 0d57ab700d5a46be7c8675fe76acd4f2973797c5fa462d4588ed4393990484d9 71304 
libpng12-0-udeb_1.2.46-5_mipsel.udeb
Files: 
 aa226d0598693967bc4d0075c1f03753 1976 libs optional libpng_1.2.46-5.dsc
 f7dfce7c286866dbff4d9f84d7ae4443 16059 libs optional 
libpng_1.2.46-5.debian.tar.bz2
 fe3e75b783c798df672357943df09ec0 184938 libs optional 
libpng12-0_1.2.46-5_mipsel.deb
 56d4220aff30a4ef2bd15e7ae8283703 274938 libdevel optional 
libpng12-dev_1.2.46-5_mipsel.deb
 c78fe367bfcbb6e2ebf2e0262def12c7 954 oldlibs optional 
libpng3_1.2.46-5_mipsel.deb
 4a1112a679b398537830f171fcba292d 71304 debian-installer extra 
libpng12-0-udeb_1.2.46-5_mipsel.udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCAAGBQJPPCbnAAoJEHxWrP6UeJfYztQQAIVkJcCEszQgom7ZhBHMw2SC
WKi8/7OKWhC6zx6dlhxj/kXV5yVzDnlgPTgfnfBsA89szLPuek5r/EZOmZk77Zw6
clq6HdB9ymF4m22GSUjmSlum6GKy+Nr6ouWbnyMHF68kEm3msVlarwHOcn4mYBUX
ldF/H47YvCvGFwbJry2uifubb6Gzh2AXIPBXGw+EC9ISvenZ0UbB/Nm9yM6L3Q69
EVnX5+YaYiCHrkCbcGkkv9Rzrw5zqPGLJIRuqYM6AYyUen8vOEHFsvZf8smDtMzK
PIvbVGrMiapllQwghlG5muHA2BWgTY9XKhKnDs3g1qk3QTiSpfjTn8jApC0TAdE2
Pswfv0OC+C8/K8rMxT2teVYA5MWIRNmhoRtmrBi3vVPpHm6XV6rRToUbhkavvlnC
7kPUKjhP85opggxFuS7U0dvv/lBcz+QFxosiWvNNd7nJWpykD4ogPEvCS0+l1zkI
LkuBd1EX3LVQqxhcO3FuN2GnY/lI2E7nsFQX/A+dkEhDM9+um9YHJLPIzjTb2kD5
pGGk447QPiMfHgKlEQg9/0p0a0xXoQec63FMMt5xD9wAYQvvJz8rhD5ZJ0jCkK5W
mYXRjtrQlcvo3H3iswl3sDI8Ws7OrsziOwb0BV4z28BkWt/gTXP6x89oSzlzNacz
cEaCIrjdOv1QMWwhI6GX
=15RX
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to