Your message dated Thu, 03 Dec 2015 21:36:06 +0000 with message-id <e1a4bxq-0001pf...@franck.debian.org> and subject line Bug#806809: fixed in libraw 0.17.1-1 has caused the Debian Bug report #806809, regarding libraw: CVE-2015-8366 CVE-2015-8367 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 806809: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806809 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libraw Version: 0.17.0-1 Severity: grave Tags: security upstream patch fixed-upstream Hi, the following vulnerabilities were published for libraw. CVE-2015-8366[0]: Index overflow in smal_decode_segment CVE-2015-8367[1]: Memory objects are not intialized properly If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-8366 [1] https://security-tracker.debian.org/tracker/CVE-2015-8367 [2] https://github.com/LibRaw/LibRaw/commit/89d065424f09b788f443734d44857289489ca9e2 [3] http://seclists.org/fulldisclosure/2015/Nov/108 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libraw Source-Version: 0.17.1-1 We believe that the bug you reported is fixed in the latest version of libraw, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 806...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Matteo F. Vescovi <m...@debian.org> (supplier of updated libraw package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 03 Dec 2015 21:19:12 +0100 Source: libraw Binary: libraw15 libraw-bin libraw-dev libraw-doc Architecture: source Version: 0.17.1-1 Distribution: unstable Urgency: high Maintainer: Debian Shotwell Maintainers <pkg-shotwell-ma...@lists.alioth.debian.org> Changed-By: Matteo F. Vescovi <m...@debian.org> Description: libraw-bin - raw image decoder library (tools) libraw-dev - raw image decoder library (development files) libraw-doc - raw image decoder library (documentation) libraw15 - raw image decoder library Closes: 806809 Changes: libraw (0.17.1-1) unstable; urgency=high . * New upstream release (Closes: #806809) - Fix CVE-2015-8366 and CVE-2015-8367 Checksums-Sha1: 6fe032deee25f4b103af9b02156b7b6f0e21f93c 2300 libraw_0.17.1-1.dsc b988ebe060eef446f3cf237ad7858e149cfd99c6 689407 libraw_0.17.1.orig.tar.gz ed6071e64b7f8b7cf208b81c618c69a0e2828d4e 25904 libraw_0.17.1-1.debian.tar.xz Checksums-Sha256: b44d733077c7760d1ebe5bd9ec6d8e55cae21ac819431d2e2419b576e59e1ca2 2300 libraw_0.17.1-1.dsc dd07861ea3b9739c61c50d5e8a5dfedd738f4765962104c120dd8ea2dc2e3491 689407 libraw_0.17.1.orig.tar.gz 9b4e258ed34cc12470f0ffe47b16f6258362ad2b8e6195b80d6a0059e234fa20 25904 libraw_0.17.1-1.debian.tar.xz Files: 80ff3154d5ba542564c1b5c3928cb269 2300 libs optional libraw_0.17.1-1.dsc db1e2b770e0913361e6165ad89ae7ee2 689407 libs optional libraw_0.17.1.orig.tar.gz 39025b24b55aa067b8976d20fc81c117 25904 libs optional libraw_0.17.1-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Comment: Debian powered! iQJ8BAEBCgBmBQJWYKR+XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRGM0REMDlGOERBODdEMURGNTA0NkM5OUIw NjEyRjQ5NDRFQ0RDRDVBAAoJEAYS9JROzc1aMugP/ii5934RP/cG6xT5XquE+S95 QKBUV10FyakJDE5I6TL1RJVYRXtR0ALxV3qn+6xvEEB5L1kVt/lcVucqYj29w+JB 5W6Otk/Cfry0i5xokrJvp9bcgDFbal8YiJZxfJxUf21kYLgy5uJ28Cdm7TjPzrT0 Dl6VEaUxXFVYeY/Z+9EPur5kjVsPuXfpy0/pd5zX7BbGOwZ77EOlzuz6TRRsE562 gpdHMJmDVpqeUOTXpNJg1TdR6dsu4frg8t7+kNRc6/iRlcS5iBYZaW4n13myMzg3 U8gpryg1Io1vr2UMo4aBXOk0LAgl2Ysf0tTCECnOEZE4d8rKueB8Jq90a9wHr2PO dmG2g4QVU0Ohl5PEmA3xrwboUNOsNHEERimFsWKPhefSaloRKyMe9g9rGdtzcDGy TfiK7jqIKtU6D3bVqpotIxdQN/699N13mf28wRRs5UmR5bnnhjTkKRzK3RqSZtZZ zo6SgPJYAtokXbuScP56sRMHB6q12HN+isDNA2c+Kir/mt9H3QmAQiNu7E/5Tfdf 5uGdxMMU1++AjtAlLdjGoQRhPT+hoKaiv2Ox8nP75h/HaMrLOr38EhE0CsCGhHT6 FmFfjNe1Lt8WelZ5ufPV6/XLEVCg0Co6kiuQRxZpvQHplr40IxgzEt1oDGdt3o/Z zFM0KA3WuAw5D4T75grg =om+D -----END PGP SIGNATURE-----
--- End Message ---
