Your message dated Sun, 12 Apr 2015 12:49:42 +0000 with message-id <e1yhhky-0007qo...@franck.debian.org> and subject line Bug#778646: fixed in potrace 1.12-1 has caused the Debian Bug report #778646, regarding potrace: CVE-2013-7437: possible heap overflow to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 778646: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778646 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: potrace Version: 1.11-2 Severity: grave Tags: security Hi, please see https://bugzilla.redhat.com/show_bug.cgi?id=955808 Could you report this upstream? A CVE ID has been requested, but not yet assigned: http://www.openwall.com/lists/oss-security/2015/02/06/12 Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: potrace Source-Version: 1.12-1 We believe that the bug you reported is fixed in the latest version of potrace, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 778...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bartosz Fenski <fe...@debian.org> (supplier of updated potrace package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 12 Apr 2015 10:46:32 +0200 Source: potrace Binary: potrace libpotrace0 libpotrace-dev Architecture: source amd64 Version: 1.12-1 Distribution: unstable Urgency: high Maintainer: Bartosz Fenski <fe...@debian.org> Changed-By: Bartosz Fenski <fe...@debian.org> Description: libpotrace-dev - development files for potrace library libpotrace0 - library for tracing bitmaps potrace - utility to transform bitmaps into vector graphics Closes: 778646 Changes: potrace (1.12-1) unstable; urgency=high . * New upstream version. - fixes memory overflow bug CVE-2013-7437 (Closes: #778646) Checksums-Sha1: 478b57d64bb6f02859d4841909a65fb052990981 1829 potrace_1.12-1.dsc e66bd7d6ff74fe45a07d4046f6303dec5d23847f 604946 potrace_1.12.orig.tar.gz 9b1e0c90561e397b0b529d085778de29033747e2 3648 potrace_1.12-1.debian.tar.xz 4f7bae052abbb418c9fa2eebe3b3c89b677bdf95 76092 potrace_1.12-1_amd64.deb 291c08a85ab0d51ee70f09181b7b84d69a0a2577 24946 libpotrace0_1.12-1_amd64.deb 1bd3a613210ede8e4d1c05c34b712bdddd1d86bc 11606 libpotrace-dev_1.12-1_amd64.deb Checksums-Sha256: a0b710ef2716cb0521807940b675a86f21aae2600a01e65834a48cb985633afb 1829 potrace_1.12-1.dsc b0bbf1d7badbebfcb992280f038936281b47ddbae212e8ae91e863ce0b76173b 604946 potrace_1.12.orig.tar.gz d7f19dec52e68cb6bbd3b2f91145e850cdbe83c94ba58882c9fe438e7baa83d7 3648 potrace_1.12-1.debian.tar.xz dc1e20634f7bdca12bab320fe509abdc89492acbdb7c2a1d6f6a22f0cc5cc659 76092 potrace_1.12-1_amd64.deb 167244443908986874f41011e41bfc6dbd45dc15ae3b243431825507859e4b20 24946 libpotrace0_1.12-1_amd64.deb e525846df725205baa65f06aff5c91472efa8bba1c4042a57094782e48fc369f 11606 libpotrace-dev_1.12-1_amd64.deb Files: c16d3b08c50b40697b3770ae1bc99c16 1829 graphics optional potrace_1.12-1.dsc 314850e30ae4319f0615efdae485abaa 604946 graphics optional potrace_1.12.orig.tar.gz a9f3673cc885e2b67ddeafb95e499b6e 3648 graphics optional potrace_1.12-1.debian.tar.xz a75831ca4d7866d856ae8c8805f360ba 76092 graphics optional potrace_1.12-1_amd64.deb 175861d7e6843dceb196877743d66b62 24946 libs optional libpotrace0_1.12-1_amd64.deb 9bc41f055bf27678c55549ea815da648 11606 libdevel optional libpotrace-dev_1.12-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJVKmWGAAoJELDZ1Kg807vBeaoP/A3bTuBd2+f7krUK85VO9awE 94GMwVum1BTl05lAppPHcqCOeA+Md2+PWTjui1+5zeN9wNZ/kSpAMIhdrmCrV+sh Z+xo0o4tFi5EiV7Kw7y9cLM+GqQp6PkHAt4El5iwuqXPqsWMC/5OHxH72cuOqMA3 x5NmSU1VBUeOu9TGSyok8svl0diJCd35IyavvviKJHPsoSCELWsx5Lj0kFfuvYw1 Gnd9RkgawEPAgfLwgd6sRLKOslo6x4btHSkMEpv5JF51wTpakIahPmVK0waRZh6H uTM39SIzJUSMEUNlZkxRFb1n5SeOZDYJdNTf2+vdlF40XWBdpgYFpa5bjo2xWgch 7X0CobSADOSUuVuzJhsBLtfLs/VEMrVqGAGyYHHjzA2J7Ox5T0zbU5tHUB/SK0Xn 8SnOaAYdnchOw/egIHjycTEU8Rg6Vv6Y5mk3NNZzhwswCBDbRysJU4yNeU6AOcdw gKJ4iSkZPKDvRNZ3JTxanfe/WWz/bir5dFdnvp4wJr57GBwvdcN4aQIgY9Rkzew1 Cv2MyW9LfCAhRFcAxLXzXUmKHqInv/Tc+UN6VfOYzRRx5S1BwaOWVDiMESoffMSI 8Q9aI07MM6RSx3B+DZsHEmx91WnFH7QWsEhawqpGcH17Bcq9hldG5F/dX+k90ozF FJQ7FxkYxzruIzpurdfl =2TjE -----END PGP SIGNATURE-----
--- End Message ---
