Bug#685970: marked as done (openjpeg: CVE-2012-3535)

Tue, 26 Feb 2013 04:21:19 -0800 

Your message dated Tue, 26 Feb 2013 12:17:04 +0000
with message-id <e1uajsy-0001fc...@franck.debian.org>
and subject line Bug#685970: fixed in openjpeg 1.3+dfsg-4+squeeze1
has caused the Debian Bug report #685970,
regarding openjpeg: CVE-2012-3535
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
685970: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685970
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: openjpeg
Severity: grave
Tags: security
Justification: user security hole

Please see http://seclists.org/oss-sec/2012/q3/299 for details.

Cheers,
        Moritz

--- End Message ---
--- Begin Message --- 
Source: openjpeg
Source-Version: 1.3+dfsg-4+squeeze1

We believe that the bug you reported is fixed in the latest version of
openjpeg, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 685...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Gilbert <mgilb...@debian.org> (supplier of updated openjpeg package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 18 Feb 2013 18:55:32 +0000
Source: openjpeg
Binary: libopenjpeg-dev libopenjpeg2 libopenjpeg2-dbg openjpeg-tools
Architecture: source amd64
Version: 1.3+dfsg-4+squeeze1
Distribution: stable-security
Urgency: high
Maintainer: Debian PhotoTools Maintainers 
<pkg-phototools-de...@lists.alioth.debian.org>
Changed-By: Michael Gilbert <mgilb...@debian.org>
Description: 
 libopenjpeg-dev - development files for libopenjpeg2, a JPEG 2000 image library
 libopenjpeg2 - JPEG 2000 image compression/decompression library
 libopenjpeg2-dbg - debug symbols for libopenjpeg2, a JPEG 2000 image library
 openjpeg-tools - command-line tools using the JPEG 2000 library
Closes: 672455 685970
Changes: 
 openjpeg (1.3+dfsg-4+squeeze1) stable-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fix cve-2012-3535: buffer overflow in JPEG2000 decoding (closes: #685970).
   * Fix cve-2012-3358: another buffer overflow in JPEG2000 image file handling.
     Fix cve-2009-5030: avoid memory overrun (Closes: #672455).
Checksums-Sha1: 
 732749852ee1b24b438f2854ceec736c34cfd5cd 2721 openjpeg_1.3+dfsg-4+squeeze1.dsc
 bac94ef1e288aaf122f1c45605236bac6b47dabd 895482 openjpeg_1.3+dfsg.orig.tar.gz
 af209d8cfef4cab04c62937cf52c5edaff675aa5 13429 
openjpeg_1.3+dfsg-4+squeeze1.diff.gz
 8960d632bba1407d580c359c02925322fa26e415 95034 
libopenjpeg-dev_1.3+dfsg-4+squeeze1_amd64.deb
 775e3e8c22315d9a1721e17754ff36ca49b7b62e 82040 
libopenjpeg2_1.3+dfsg-4+squeeze1_amd64.deb
 a5b3f6c3d681c97e736ed28f104a5904598b7d01 315416 
libopenjpeg2-dbg_1.3+dfsg-4+squeeze1_amd64.deb
 d8b24ad9b0e88e3b64e62a955856e753799fe122 210010 
openjpeg-tools_1.3+dfsg-4+squeeze1_amd64.deb
Checksums-Sha256: 
 98d749a3c8607d00b8a63e79a00b30968d0c67b14e0c83ca833e353c8f9448ca 2721 
openjpeg_1.3+dfsg-4+squeeze1.dsc
 5ba9a6653931907c5b7cc67443470f1b23a5be846ab11ccaf8ca7e2ffa6387af 895482 
openjpeg_1.3+dfsg.orig.tar.gz
 15a3c457f5770575cf6a2b23353cb8b852bc3c992155bb261559f56d8cbd904b 13429 
openjpeg_1.3+dfsg-4+squeeze1.diff.gz
 92924f30eb78ab612719b2ddec4a54a30341ac1c6b0006c008a6b7447b466182 95034 
libopenjpeg-dev_1.3+dfsg-4+squeeze1_amd64.deb
 dfc7a895749150eedcea53eeca1fe90a817e913fe70087d830434c2b375ae998 82040 
libopenjpeg2_1.3+dfsg-4+squeeze1_amd64.deb
 ea1f1fad67e57f6c543edff429952d02da610f7b7aeeec04702dec9735d774e7 315416 
libopenjpeg2-dbg_1.3+dfsg-4+squeeze1_amd64.deb
 51fa15cf42d6fc9580ed0249131fcf209cdd88661dbdfdc25723a77331f49cc2 210010 
openjpeg-tools_1.3+dfsg-4+squeeze1_amd64.deb
Files: 
 e0e28bafe79e4ceb345aa1382462a527 2721 libs extra 
openjpeg_1.3+dfsg-4+squeeze1.dsc
 5fd807abf8a71adb021181d2790eda86 895482 libs extra 
openjpeg_1.3+dfsg.orig.tar.gz
 d0960b4d7a4911c4778c9e9a2d8d31d5 13429 libs extra 
openjpeg_1.3+dfsg-4+squeeze1.diff.gz
 84a7a3719f6d3e8847778d6f3eca83c5 95034 libdevel extra 
libopenjpeg-dev_1.3+dfsg-4+squeeze1_amd64.deb
 538b78e4b7e38c4064e7c25f2a5b0c78 82040 libs extra 
libopenjpeg2_1.3+dfsg-4+squeeze1_amd64.deb
 a08d5395af6ccd86e0301bf1e513a260 315416 libdevel extra 
libopenjpeg2-dbg_1.3+dfsg-4+squeeze1_amd64.deb
 c85abfdfe50560033abb34ad4e8aea9c 210010 graphics extra 
openjpeg-tools_1.3+dfsg-4+squeeze1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQQcBAEBAgAGBQJRInlIAAoJELjWss0C1vRz+Jgf/j7zqlWpVGp7UNusQdozofjf
6sHJZPKKr0FL0rIgXDwt/P83KJ6bwN+JKRCzODabGSeO4yIBzBFhCh86tAqwP+vO
3p5ij4WnXLNxVpQEuzCZH+iD0w8celgfzN/PN7/YHZRQiLoG4Ee1CRqyyIm27rOb
Mq0o2XWP0UsajoTnUuf6ThHNJiCE5PytrKe2QI6RhEHPIYzer0s2Z9Imc7x76GQA
E5C/EaBLLSrl7cm9La13DB1d9yljbZfDiIu8SvwhTu5JNdN/e2aAX5HPVC3BThr4
qQ7O1OLyhjz5yhLDJTGr2kz971sm1bj+JIqSB+Vze7r8CxRyTjHIPkFvC9KwoIT3
eUlXUWXBKa2bMy/jmv/wLTDucWXMy34gSgM62RXlnLdODroaiPDmKYHDGx0FovF0
L1ldGzyvxKHF1G3kkAil1p5qHgAyQW43dJ6wgBDuJcX75J3tUJbduZMSh+ZeJLzd
1M3dclnf8BErZFci+InwL0e9G5wiE+sn2Nkwx33Zl2+hae4s16GhiYKle41eLWXI
5oTZWwDMOWx43hRufEQsfg842SrxVVdwceBLKSDxjYUUr17X9hdk/x088c2jsQAt
nJAWuxCdW769UQjcDMgRhlqHEH3PwUF0XnCsk5S5pHzulH3D+2S4HGCg64Kkzcv8
FoNkVEskXzHJP3zVKzhzwBXkUH40+Ahf6CuvC0xUhFl3A6SuqgxCbhVXubtC1Pc6
WKe9VToHKzj7Wzxoy38SKpASB5nCEr54F0H8/lU2uXLdzdjRq7CHyAGgiqVPx8ko
YdWXYD0HqPuiCxeuAYJUpxRfxJ//+vRfvBo7e9r++QqZNDjOQnHs1dP0TLASEWCy
o74/vGlrcx1cmUku1NbOnYvjrwOhrvnqluvvkfJANxjzc11zSzljqLJ4surgKmOo
/9azDhqShmZXIr8Bxd/FgBCPvVEI3GS4t9yRSbQPSlM833GBUdRv6q5bgIkYoStm
76ART5dEvndYZpYXJZNRhy1+7li1DlJZdrrAc0JjvDU5VN54ePbmx+xA4+gEUDyG
pNjpvx/fiaB3NCeDryxdW1bVMdgzLU+BNyIHfIFmWEjnXKC/anN++i6BnjZMW7KF
P/mfVZ8WJ0t/FvB7jItsjg2Iz3FBehnZC8F6vjz/pZyE/++Gh9CSTA6DaX2em035
+TJd4kWBbWHgeiUaCZf7X4wArJ09z5lMbrok1Man4vsFCQ5JhvV4YNMuLG63cchW
BbAalahTSrxeVIEXJSNUZKuh5Ldbx9cAd5qlkUxryPtQro+HuSPdDcgbuZ9cuhcW
bKKDaKd0FQ4N2PHPgCSMgC8epV4OpBD3cJSaBeT2qKfcCS3kyC9zkAID1murwWE=
=nT6y
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to