Your message dated Wed, 06 Feb 2013 20:47:36 +0000
with message-id <e1u3bu4-0003bm...@franck.debian.org>
and subject line Bug#699820: fixed in imview 1.1.9c-10
has caused the Debian Bug report #699820,
regarding stack smashing when reading ics file
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
699820: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699820
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: imview
Version: 1.1.9c-9
Severity: grave
Tags: security
imview has stack smashing vulnerability when parsing ics header @
io/readics.cxx:320
/* get the filename from the ICS file */
t = temp1;
while (*bp != delim2)
*t++ = *bp++;
This bug can lead arbitrary code execution.
I am attaching a crashing input.
-- System Information:
Debian Release: 7.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages imview depends on:
ii libc6 2.13-37
ii libfontconfig1 2.9.0-7.1
ii libgcc1 1:4.7.2-5
ii libgomp1 4.7.2-5
ii libjpeg8 8d-1
ii libmagickcore5 8:6.7.7.10-5
ii libpng12-0 1.2.49-1
ii libstdc++6 4.7.2-5
ii libtiff4 3.9.6-11
ii libx11-6 2:1.5.0-1
ii libxext6 2:1.3.1-2
ii libxft2 2.3.1-1
ii libxinerama1 2:1.1.2-1
ii libxpm4 1:3.5.10-1
ii zlib1g 1:1.2.7.dfsg-13
imview recommends no packages.
Versions of packages imview suggests:
pn imview-doc <none>
-- no debconf information
A:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA:
--- End Message ---
--- Begin Message ---
Source: imview
Source-Version: 1.1.9c-10
We believe that the bug you reported is fixed in the latest version of
imview, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 699...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Anton Gladky <gl...@debian.org> (supplier of updated imview package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 06 Feb 2013 19:46:55 +0100
Source: imview
Binary: imview
Architecture: source i386
Version: 1.1.9c-10
Distribution: unstable
Urgency: low
Maintainer: Debian Science Maintainers
<debian-science-maintain...@lists.alioth.debian.org>
Changed-By: Anton Gladky <gl...@debian.org>
Description:
imview - Image viewing and analysis application
Closes: 681761 699820
Changes:
imview (1.1.9c-10) unstable; urgency=low
.
[ Anton Gladky ]
* [f6c935a] Update homepage. (Closes: #681761)
* [272f222] Add upstream-files.
.
[ Michael Terry ]
* [98e20d5] Prevent link fltk libraries statically.
.
[ Sebastian Ramacher ]
* [5832a2e] Fix stack smashing in ics-reader. (Closes: #699820)
Checksums-Sha1:
33b753696f59dda6365ba01e90085288b72abe12 2140 imview_1.1.9c-10.dsc
18652a017e08ab6b2c7d6a2ee5c3fb121a50c07d 566968 imview_1.1.9c.orig.tar.gz
6ef97c82ab838967500943416973aaa0b1cf71ac 30743 imview_1.1.9c-10.debian.tar.gz
dfe7d7b23729f0f343d9f88c3117a4f952203a43 418096 imview_1.1.9c-10_i386.deb
Checksums-Sha256:
0d6e1dd8a6d912e1fbda5ad047c959dc8b04ada714963cd7365c81715bd9f591 2140
imview_1.1.9c-10.dsc
11735ab4a110c88c894c258cd46e347342a8c3eccb39ae08084cb5840cc16582 566968
imview_1.1.9c.orig.tar.gz
a97c12bf29078ccb285918b9acf26982f7973bb19e9a5115ff984a46434e41f7 30743
imview_1.1.9c-10.debian.tar.gz
3eabd5766cc9977503a587db2346add8229b9fe1bb9b2ce04599a9872f93666f 418096
imview_1.1.9c-10_i386.deb
Files:
87e258c990e630ae1395f6035ff9c153 2140 science optional imview_1.1.9c-10.dsc
eb676d62f921e0819248af8444c7dd81 566968 science optional
imview_1.1.9c.orig.tar.gz
b858a8914cc428c323964e9932a4d4ee 30743 science optional
imview_1.1.9c-10.debian.tar.gz
67f830fe2cf1f7f45d6f6f3114555660 418096 science optional
imview_1.1.9c-10_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBAgAGBQJRErM6AAoJENPhc4PPp/8G5dEP/38YaujPuc495XtAuzn7V74L
qba63jy/K0EQMObUiwk+n/cnl7x90Y2hy0HxN/Cu90yZi6AFseq6wfsAzStfjgFd
L9LlwNuPMvaK2CuhF0cIHGWCQ5NEOrucQZFwnIv/fBFEI9mILQhOb0o5cFIjT7t7
m9d1rTy/V5vfywNe4DjGXtq9kgTc27Hpo1aYFlkumIKNw34g/e7/3wxBAOIuiMPl
73y184R22Sngs7fyzeq9RsPGDMIOT7X2Lm1EoPsHTaD/gnuKPdmn153tL4dzrfVg
5kPW4mwQg9xjjrr/sl0j7AhGDSkn8epP4PoTFMb336igAritpcVA/mFZqHG2rX1L
Teyh2wTVqMjDCr4F8Cf6zcnBjj2YILgV4hPDtfTctiFnO2BBVIVcswfR4osf1RVi
cloPcDgEev8eKhQ8C36ZCUgHngg2kqOiUIrxj7uou/EiX3BG/jDHwiWqaGYeHKiE
qxD0lHDYAsAyeaqf5JRkB8tJRDC+fMJxh92YnwT8myQjdNWPUKhh1ibn4/7ixu0x
/n6/59u7/4S/puXSTFnL08H/EbTNRshQW3BWWYxVxEZ771pABclb8+1d6Itf/2I/
+snQFmqxvNgdxPtlFi9ze3tMU7l/D+ATaqcZ1U7YoReAnHUaaDCOboOzjkCTTW5D
wdH8KQbFPqSSUTpOYOpl
=HUTY
-----END PGP SIGNATURE-----
--- End Message ---
