Your message dated Fri, 31 Jul 2015 09:41:13 +0000 with message-id <e1zl6ot-0002nt...@franck.debian.org> and subject line Bug#787644: fixed in libwmf 0.2.8.4-10.4 has caused the Debian Bug report #787644, regarding libwmf: CVE-2015-0848 CVE-2015-4588 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 787644: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787644 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libwmf Version: 0.2.8.4-6 Severity: grave Tags: security upstream Justification: user security hole Hi, the following vulnerability was published for libwmf. CVE-2015-0848[0]: heap overflow when decoding BMP images See in particular as well Red Hat bugreport[1] which contains a possible fix and as well another issue related to the RLE decoding[2]. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-0848 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1227243 [2] https://marc.info/?l=oss-security&m=143332987713661&w=2 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libwmf Source-Version: 0.2.8.4-10.4 We believe that the bug you reported is fixed in the latest version of libwmf, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 787...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Alessandro Ghedini <gh...@debian.org> (supplier of updated libwmf package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 30 Jul 2015 17:10:05 +0200 Source: libwmf Binary: libwmf0.2-7 libwmf-bin libwmf-dev libwmf-doc Architecture: source amd64 all Version: 0.2.8.4-10.4 Distribution: unstable Urgency: high Maintainer: Loïc Minier <l...@debian.org> Changed-By: Alessandro Ghedini <gh...@debian.org> Description: libwmf-bin - Windows metafile conversion tools libwmf-dev - Windows metafile conversion development libwmf-doc - Windows metafile documentation libwmf0.2-7 - Windows metafile conversion library Closes: 784192 784205 787644 790365 Changes: libwmf (0.2.8.4-10.4) unstable; urgency=high . * NMU from the Security Team * Fix multiple vulnerabilities: - CVE-2015-0848 (Closes: #790365) - CVE-2015-4588 (Closes: #787644) - CVE-2015-4695 (Closes: #784205) - CVE-2015-4696 (Closes: #784192) * Fix lintian override Checksums-Sha1: 450540d3d66a311ce99cb082597dadaa0ffb1edc 2066 libwmf_0.2.8.4-10.4.dsc 47d30a5d40b35d19fe13e95406833218b796f060 10720 libwmf_0.2.8.4-10.4.debian.tar.xz c45e10aeae14667fdd9d7300be18cf15eecf33b2 33178 libwmf-bin_0.2.8.4-10.4_amd64.deb 16fa98ba6d9e767ad19960e864e0ff8e27fc8b89 185254 libwmf-dev_0.2.8.4-10.4_amd64.deb 97d9d25df72efab358720c44c0c6a084d04fc4c4 230988 libwmf-doc_0.2.8.4-10.4_all.deb 530330cb97d0807ce41aabaf8110d58e5119866e 162992 libwmf0.2-7_0.2.8.4-10.4_amd64.deb Checksums-Sha256: 91f1edacbc33e5414cc703556eb1b84e5903b128dc7e42e6dda612867d62886a 2066 libwmf_0.2.8.4-10.4.dsc 5fd6bbf1d9f6af8b02b8d8531b331c12dbcec4e0dc11a8b94e30ce45032e0e89 10720 libwmf_0.2.8.4-10.4.debian.tar.xz 1d5de3e28f9324167c344c6f5b54487f5886bd2a7177ccca50356b5a000a5d42 33178 libwmf-bin_0.2.8.4-10.4_amd64.deb e179edacece3530112b93e2b6ad8833346433cc8dd71f13bc71316b4c6b83620 185254 libwmf-dev_0.2.8.4-10.4_amd64.deb a3c23122f4fa0aa12981f7492fcec0633eaeb0364991e6d5e2404aeb59593b58 230988 libwmf-doc_0.2.8.4-10.4_all.deb cfc43e06dfe1276e38b8c25e37f6a873437368794a4aa4c6c58e9aef16512e8f 162992 libwmf0.2-7_0.2.8.4-10.4_amd64.deb Files: 3e42e8e78db503b77c617a1a55a6870b 2066 libs optional libwmf_0.2.8.4-10.4.dsc 04815b571768138d80b1a41ce4073738 10720 libs optional libwmf_0.2.8.4-10.4.debian.tar.xz dd93758e6acec8489d45ced9fa916bbc 33178 graphics optional libwmf-bin_0.2.8.4-10.4_amd64.deb 47806380e2379a35344122dd31d4195c 185254 libdevel optional libwmf-dev_0.2.8.4-10.4_amd64.deb 7f8fea554b22dc39a4f7f6fb3a204d8b 230988 doc optional libwmf-doc_0.2.8.4-10.4_all.deb 3c9b859bf279fcf201cc630da37690c1 162992 libs optional libwmf0.2-7_0.2.8.4-10.4_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVuysGAAoJEK+lG9bN5XPLqasP/2E0NgkqguzR4wbexpantyXm Ntgob/yva4MaYyj8FPARns/59UdzLKJ98vM9jzH+HBHbQ5o0nomGFBRLpMSZtloq qfqbnL8tzvZtrMYTKuD9H55ZpVDIP7tIjEps7onKHPxMR+v0UB+SwD8E5jTZW1SX hmgo+r1fNfaz3kg/X/eE/gitpyEY+5ca5XRJU5aCuujodi4GGsq14nxtWcycOm4q xfVV65rD3cil9grZLCz7jK4U3FTibUylTAj9hBahu9w/D8/jCwn9dOL+cyjSYonB 0bzxLTWWSUge6aNw4xy5YEKvvdmEanj2PO3qkz1/1C72Eohgblk8kIHAygXb6TJi b3vdqdk7jxITApgMK2uDjG69GVuxJQ0Gq6ce95k4x2EFEq1WtVI7x8QIT6DH563/ 1Ie1EpRR03FGg6+j9HTRI/fyk4OEV41P3je+tGKHoqMb9HjQtVwvbxc7RVhjo2VS Xqpl/uXQjicKsKEG7HnTEAr8HNrqW7P+LnDgiJDoKp5aNHO8uO1Q3yoB/It1mFIz 8XDkCRS+D8QZWGAKT8TJsYy3eRHZLZxplO5M9UAOu/IUCEOD/TupMdRpj5m40Oab LgTWf9PIRQHJyYoLD4LuwQM+V2/3xlJGFNm+FfsDRzngZHwKEFAFc5AGOo6KlM8y PVkgFYYr9lYxM1TCfElG =VF5W -----END PGP SIGNATURE-----
--- End Message ---
