Bug#692435: marked as done (gegl: CVE-2012-4433 - Integer overflow, leading to heap-based buffer overflow by parsing PPM image headers)

Thu, 22 Nov 2012 01:06:15 -0800 

Your message dated Thu, 22 Nov 2012 09:03:03 +0000
with message-id <e1tbsgz-0006sk...@franck.debian.org>
and subject line Bug#692435: fixed in gegl 0.2.0-2+nmu1
has caused the Debian Bug report #692435,
regarding gegl: CVE-2012-4433 - Integer overflow, leading to heap-based buffer 
overflow by parsing PPM image headers
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
692435: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692435
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: gegl
Severity: grave
Tags: security
Justification: user security hole

Hi,
please see :
http://seclists.org/oss-sec/2012/q4/215

Can you confirm if any of the Debian packages are affected?

Cheers,
luciano

--- End Message ---
--- Begin Message --- 
Source: gegl
Source-Version: 0.2.0-2+nmu1

We believe that the bug you reported is fixed in the latest version of
gegl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 692...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Gilbert <mgilb...@debian.org> (supplier of updated gegl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 22 Nov 2012 08:04:44 +0000
Source: gegl
Binary: gegl libgegl-0.2-0 libgegl-dev libgegl-doc libgegl-0.2-0-dbg
Architecture: source all amd64
Version: 0.2.0-2+nmu1
Distribution: unstable
Urgency: high
Maintainer: Matteo F. Vescovi <mfv.deb...@gmail.com>
Changed-By: Michael Gilbert <mgilb...@debian.org>
Description: 
 gegl       - Generic Graphics Library Test Program
 libgegl-0.2-0 - Generic Graphics Library
 libgegl-0.2-0-dbg - Generic Graphics Library (debugging symbols)
 libgegl-dev - Generic Graphics Library (development files)
 libgegl-doc - Generic Graphics Library (documentation)
Closes: 692435
Changes: 
 gegl (0.2.0-2+nmu1) unstable; urgency=high
 .
   * Non-maintainer upload.
   * Fix cve-2012-4433: multiple buffer overflow issues (closes: #692435).
Checksums-Sha1: 
 0bc4504d4a5d3a40bc7c09ba564d8b29dc4e2ff1 3189 gegl_0.2.0-2+nmu1.dsc
 d1b01a823851f39d3ed739ac8b47abc9482253e0 8864 gegl_0.2.0-2+nmu1.debian.tar.gz
 26114732cabeb35c02d4b6f91cd401eebdc51bcd 1520978 
libgegl-doc_0.2.0-2+nmu1_all.deb
 d24fd9b08fe0044160645d40e7b9fa8beeea9627 167916 gegl_0.2.0-2+nmu1_amd64.deb
 c6c63ac4ea59129eab1f77d9450d3be6ca2005d5 782526 
libgegl-0.2-0_0.2.0-2+nmu1_amd64.deb
 c98b820273605644214c7bd1387d0790a650a2a0 220456 
libgegl-dev_0.2.0-2+nmu1_amd64.deb
 96fcf6b75be5b4c91e11d14edd900075b057059e 2184062 
libgegl-0.2-0-dbg_0.2.0-2+nmu1_amd64.deb
Checksums-Sha256: 
 679894d0ab18b31c3c2504f9bcec20e24b32255f0426703783c237913f5ab6e1 3189 
gegl_0.2.0-2+nmu1.dsc
 4236bde5922170f19f0417e755143e411cac9e60c0f333267d2fd5261a379fa5 8864 
gegl_0.2.0-2+nmu1.debian.tar.gz
 6906868c945c7b6782c47adf0bdb39bf992932a1be4637f038c35f123df83698 1520978 
libgegl-doc_0.2.0-2+nmu1_all.deb
 d653beb2d70fdc1c72ae51ac7a1c78dcf7248d85c3cc333bd57d0cb2338b3628 167916 
gegl_0.2.0-2+nmu1_amd64.deb
 4907baa40d817ec7728abd6fc040f8c0bb739e11a6298a01903b54c3062d830c 782526 
libgegl-0.2-0_0.2.0-2+nmu1_amd64.deb
 d3586a3fd4ecd18b760ecb34c98563afe45dcebea1908388b84cb9c6f716092a 220456 
libgegl-dev_0.2.0-2+nmu1_amd64.deb
 14ce5d00b358aaafdce3d129e1a1cb69de9114522955595f6a1b6cb93c6a7d8f 2184062 
libgegl-0.2-0-dbg_0.2.0-2+nmu1_amd64.deb
Files: 
 e86c7025972846893b8ff911a380a833 3189 libs optional gegl_0.2.0-2+nmu1.dsc
 01ea918ee0f09ed5596a50c188a60bb8 8864 libs optional 
gegl_0.2.0-2+nmu1.debian.tar.gz
 6c8f35de9c7aec837f7376fb52a77fed 1520978 doc optional 
libgegl-doc_0.2.0-2+nmu1_all.deb
 ebff39d97896bbdaabf5cc71955cb37c 167916 libs optional 
gegl_0.2.0-2+nmu1_amd64.deb
 8eeb1bd6580c22fe0ba90f971a21aea5 782526 libs optional 
libgegl-0.2-0_0.2.0-2+nmu1_amd64.deb
 00ac8dee9b3bfb56e1dbba7753506709 220456 libdevel optional 
libgegl-dev_0.2.0-2+nmu1_amd64.deb
 809204bdf9615a1beef49de4ff1e0ff1 2184062 debug extra 
libgegl-0.2-0-dbg_0.2.0-2+nmu1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQQcBAEBCAAGBQJQreWXAAoJELjWss0C1vRz7zYf/27SBBIxzR2hzDe6G10m2O3W
pqmq2q9Laex4C7CtWAxawdr7yaFWE+YfhfcJDz6dtWrW63xWSffR3/Y+cSksZweR
zrKI0ygYXgiBwTtopGdb2yfoWUBv3Uu/uJ1XfLrP1yWQrYXsmlzfUkZaKuG5Hmhg
elYvuDILv4u92jrI2zeyWm5DhJE5D9cxyWPxW1n0YlNBSxB//R7d1TPfJpCbYwHX
+laGGaEYvwPc573zfK7PKeEQfBvAAGFpEBvAKZYw9hMyLgO73Eaq7eWN9zGYZo6j
zoGVI2/aQZnSImuxk/I729Rl3KExtQwuVOaXjwQLG/IuSe9wKSVuI7efQxE1rAP3
peubmOSbTWYi5QZrnrIk4+Hv4IydQNByBvYwkHBu0sz/SfPo33BoimF86iwoDtUN
Rahf3mR9I6+LX4rhNFYGOW0wRZ//Ll8sQM2dsMxFTQaZz5SY9AFZSZRT2ut61T9L
sjDivn2cWFoz0KKisGer4K7LFjDHOPFyDIIk/KD4PDjQFWZviWpt52PnPkAmfvdg
eFrACI/nv2gAtO4iCLQ8INjvq6/akVnJ+1hJoVMxrLbeEWB2KHkN8LjtBJf2taje
na8d34R8VF80T1IdgK57j4ubElQgvCn52FThOhTg6LvA/NPusroRHxp1F+USrKWU
T657GC5OvOXXZ+P7ToN7Qgr/L188k6i6KJgBsQzyjh/L86OjpvizjDjzz/Qh135x
MTOiU5COn6yAFxV9nTDW+cYqx21RBpUgE3LYnHTSmCcszJiLytM4NvFbfM5AOm4M
bGzQNT90d6bjE4Wgpn/DgTzb5GzlKfdublKPtc7cNuJR+X6akFH2RXR+I1fjdeYY
j/na9Ay+2nmhjZjb2yn1550qiHbBrorjhCtEFVGcTWkNt2Z+oM5uqUU0ommQb6pF
ZvKQz54FQVlIkOQnKBON5zLZAZJSlAu7X3ikinee9ayM14YqPezcNbNgqXChrrNU
VK4ZWWGjazafIkyXtrJpV7EruYwI3H6LSwL748XbZi9rcG4SzJpI63J4NVIO3r/R
RkeCrqS572UuTJurXn20XOAsmEpuom4YRpYkl52ih9bCGzsxVJzXhtsD47cd/44J
WmPeMdr4TH4nh7N6HoAWpNKzvQAjWiBu5KdjulvH9QcoQnzBRWoclmxsL0j7PAyf
Kafz2x63n3oNqPw1BPxlQQMu09nmkI08XgoOQ8Lz9ZWYpn8MTxRqsk9xXHQHm400
nhx/vLILc8IhWzO0y7mvCa9d9saVOXm3RH68WWbMhEH0NKZCOrz18FpNIxegF3QY
eIJvNXauNpz2d5hXIdrqC6aweoEwy9FX8/vkaxC2D/ESB2nb647oXorCb0RSueU=
=50hn
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to