Your message dated Thu, 18 Oct 2012 00:02:32 +0000 with message-id <e1todzi-0007jl...@franck.debian.org> and subject line Bug#685970: fixed in openjpeg 1.3+dfsg-4.6 has caused the Debian Bug report #685970, regarding openjpeg: CVE-2012-3535 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 685970: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685970 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: openjpeg Severity: grave Tags: security Justification: user security hole Please see http://seclists.org/oss-sec/2012/q3/299 for details. Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: openjpeg Source-Version: 1.3+dfsg-4.6 We believe that the bug you reported is fixed in the latest version of openjpeg, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 685...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Gilbert <mgilb...@debian.org> (supplier of updated openjpeg package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 19 Sep 2012 00:34:07 -0400 Source: openjpeg Binary: libopenjpeg-dev libopenjpeg2 libopenjpeg2-dbg openjpeg-tools Architecture: source amd64 Version: 1.3+dfsg-4.6 Distribution: unstable Urgency: low Maintainer: Debian PhotoTools Maintainers <pkg-phototools-de...@lists.alioth.debian.org> Changed-By: Michael Gilbert <mgilb...@debian.org> Description: libopenjpeg-dev - development files for libopenjpeg2, a JPEG 2000 image library libopenjpeg2 - JPEG 2000 image compression/decompression library libopenjpeg2-dbg - debug symbols for libopenjpeg2, a JPEG 2000 image library openjpeg-tools - command-line tools using the JPEG 2000 library Closes: 685970 Changes: openjpeg (1.3+dfsg-4.6) unstable; urgency=low . * Non-maintainer upload. * Reduce debhelper dependency and debian/compat to 5 - Don't include openjpeg-tools binaries in the debug package since those files are not multiarch co-installable at this compat level. * Fix cve-2012-3535: buffer overflow in JPEG2000 decoding (closes: #685970). Checksums-Sha1: 6a9d21a67b621fc6e0a824aab4831ec6a789e7bd 2869 openjpeg_1.3+dfsg-4.6.dsc 110bd7142a9915ae8a45525198c8e71b814389d7 13822 openjpeg_1.3+dfsg-4.6.diff.gz 577c713dafeab5e5ec76aae1dc16c40e6f87953a 98670 libopenjpeg-dev_1.3+dfsg-4.6_amd64.deb 2683b40b30d7ef450623f41eaa05b2dfe5595f15 85892 libopenjpeg2_1.3+dfsg-4.6_amd64.deb d4f8cea18589cb22bb103f3c02785e9c12d1a598 161766 libopenjpeg2-dbg_1.3+dfsg-4.6_amd64.deb 9232d647014f988d4bfd5dc0a84bd7c067ac84e3 217470 openjpeg-tools_1.3+dfsg-4.6_amd64.deb Checksums-Sha256: 3a0d48e3db703daa3023a859f202cc4e742b85fcb16c01c1ad8ae8ae062083bf 2869 openjpeg_1.3+dfsg-4.6.dsc 5e3481bcbb3e30b0a35277ef4f7783935eab9af7aa5060851a7458247e2c7a0e 13822 openjpeg_1.3+dfsg-4.6.diff.gz aeaa6eb822a68725edd3dfa720dc57a5ccfb99b252181b66ffdc14b136e80dc9 98670 libopenjpeg-dev_1.3+dfsg-4.6_amd64.deb 314499fa725984097546ab3bc790de59ee3ae274c78ebf4f59b4a113295b0d05 85892 libopenjpeg2_1.3+dfsg-4.6_amd64.deb 6d24dece02cf6fe9a1234ee3e707768e8dd52e0d1647f05bc5897b4fa99ab134 161766 libopenjpeg2-dbg_1.3+dfsg-4.6_amd64.deb 625a24a47f4e2186ab1fc87def3a22644942c27d373f4e5f381cf2e99f56525c 217470 openjpeg-tools_1.3+dfsg-4.6_amd64.deb Files: 2e524dba9906158cf42fdd527e9cf036 2869 libs extra openjpeg_1.3+dfsg-4.6.dsc 2db26d52ae818424bda30d86c0125f56 13822 libs extra openjpeg_1.3+dfsg-4.6.diff.gz 27327cc377d67bde35ef512cb0c63e55 98670 libdevel extra libopenjpeg-dev_1.3+dfsg-4.6_amd64.deb 12c77ff028d906e38620400ac59e60f3 85892 libs extra libopenjpeg2_1.3+dfsg-4.6_amd64.deb 8416510c5c1667b5260ca5db2a6a0e7a 161766 libdevel extra libopenjpeg2-dbg_1.3+dfsg-4.6_amd64.deb 1034da49c2ad6c4ce241681e71374441 217470 graphics extra openjpeg-tools_1.3+dfsg-4.6_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQQcBAEBCAAGBQJQeeNcAAoJELjWss0C1vRzIjsf/36OXEVQjeRFLkSAMxAgL5Ku ztjm2sNLhnOqhswESGi70mHM23AYBnvUt+TuPUvfhzwik8LOnz4LIYrCcc+MGbt1 cKWrwkyYckyIKJs815AVQZXhHtzNK60HTOx008UjJeNYg52lLoqZq2oKJxvK2PZV JJ61d36teUeXfr7XtgYo07Q4biOdc3Yca2S6KZqPATim19e8sol38wsU6t+jETBr uJzqTWEktreNJrvai19Ttub8+vEHRjA3WQ+uU5HMZbt/4kk8KqHLiLRUQyszHSWZ Pk2B9QS6vBSxFUjHu80ZsPP7AhwaWzNSQfu9ZkjMclgDIIVw4rKfArDdsxUQlfyo FVq9LXu3vs7n1dUx/femKNsyTIAs1xSRUtvDMTTvadUuCG0qzwvZBQoAwtAVGPPW rY5KKBxxxNQhyQ4ngsXRwzGLAbmPaw5OBMm6vw7hyAaOkzHGBeQaTD2KPT4TlUcL j9l4yaKj2owMOEPEkdBcWul8ATt4qIyxm/28tc8uNfGEbjC0bR69HdWGDik4n08r QXbXuSBZofwcpkK+jbfE/ULWAGlW/r6plRFgVE0vaInOvG/f/DoHEjwAZgW1Tppt izIITgjuoUyVQRCDPoJ0kmkrMNqon2NIZz/iV4IJmVjrH9NtG/hYyGs2QVfrLVQc sJdQ/neWNaa/gMUvw9q6TgRtskZr4OescS30XH9II6hjGFQfxCl/ZOYNk4Z+AyXj h2IT1UHJoNgWgxv4DzNpBQ9XuxhJQqJMsjkxYKGftTMXHv5qr+klkGgPd6lCN0Kw LW4XmG1dzPHbOH5CIs4rkhQ2Wq5XXrx0m8SyRS3qZixFNu8bCoAxc61uhk0H/EaW jtFDXGWyPQPkqxZ0tu8AJZWL/NuAcHhR3FCg7FVL1ernnt5I5VhFfPr7YmMK9v/6 /ndPJwoAFiMKPKHPpfuN4gEsr95iLpVBn68BNdli0M6iSjlZmS7G1qxiTkYcuXo4 76KWU/QuVpuaH1iAFNkO+KnLzWFnQ6dd+YyVIK+sSNrn0FXVyvEuOK81a2ZwnEMr h5JJfukYxxJnCiz6x0c2+rDfuPj2+Xohk0JG1zVILFLpMJJz4N6brX616MkwEfhK acWsTmR10S2RXPrCqONj0QtO92yn7nG3FZ348rOUezwBQ2pGE25PnDK+4zzx7Wa+ e3sKoURB4ywIqxqCklYEI64DnLLe+XX+Du3tRZ64xb8ezttdVXW0iNboN80S/jTV gVprDdAlrMKlxylpdTdl/EsNbHYrMY736CG+YkMWVblXXB0vAc2ZjRttm9diliiS ffdEIUm4wqQwosxucBidMvQeSNjTuzL2iZiQ+kHfyjD7weaiFNaKa5N13yOtkkY= =hMmV -----END PGP SIGNATURE-----
--- End Message ---
