Your message dated Fri, 08 Apr 2016 22:09:02 +0000 with message-id <e1aoeam-0002zx...@franck.debian.org> and subject line Bug#820068: fixed in optipng 0.7.6-1 has caused the Debian Bug report #820068, regarding optipng: CVE-2016-2191: Invalid write while processing delta escapes without any boundary checking to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 820068: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820068 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: optipng Version: 0.6.4-1 Severity: important Tags: security upstream fixed-upstream Forwarded: https://sourceforge.net/p/optipng/bugs/59/ Hi, the following vulnerability was published for optipng and is fixed in 0.7.6 upstream. CVE-2016-2191[0]: Invalid write while processing delta escapes without any boundary checking If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-2191 [1] https://sourceforge.net/p/optipng/bugs/59/ [2] https://bugzilla.redhat.com/show_bug.cgi?id=1308550 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: optipng Source-Version: 0.7.6-1 We believe that the bug you reported is fixed in the latest version of optipng, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 820...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Emmanuel Bouthenot <kol...@debian.org> (supplier of updated optipng package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 08 Apr 2016 23:13:38 +0200 Source: optipng Binary: optipng Architecture: source amd64 Version: 0.7.6-1 Distribution: unstable Urgency: medium Maintainer: Debian PhotoTools Maintainers <pkg-phototools-de...@lists.alioth.debian.org> Changed-By: Emmanuel Bouthenot <kol...@debian.org> Description: optipng - advanced PNG (Portable Network Graphics) optimizer Closes: 801700 820068 Changes: optipng (0.7.6-1) unstable; urgency=medium . * New upstream release - fix CVE-2016-2191: Invalid write while processing delta escapes without any boundary checking (Closes: #820068) - fix CVE-2015-7802: Buffer overflow in global memory (Closes: #801700) * Enable hardening=+all build * Fix Vcs-(Git|Browser) fields to use secure URIs * Bump Standards-Version to 3.9.7 * Add a patch to fix typo in manpage Checksums-Sha1: b8ccd9319a7df84119bc9c28d623f6b16249c57d 1986 optipng_0.7.6-1.dsc abc480543b85d227db4a84be80ae2dd8a8e53a66 200670 optipng_0.7.6.orig.tar.gz 7874a68c483cee09ceba09b1ed18ad8edc115896 5045 optipng_0.7.6-1.debian.tar.bz2 13131d59a660f2a66edb55784e7f974342f4c31e 86936 optipng-dbgsym_0.7.6-1_amd64.deb dfea5ec4f7f720734feb7b33130cec80d2225124 82370 optipng_0.7.6-1_amd64.deb Checksums-Sha256: 2f573057f3a086e42cc113bcfbbfe261ea64febc5ff7aa06827f3014d5c66b3d 1986 optipng_0.7.6-1.dsc cd7eccd51f15c789e61041b3e03260e2886e74a274c9a6513a1f6db6cce07dc8 200670 optipng_0.7.6.orig.tar.gz 4beb4c16dc7af4370da95852dc6df23de30f783fbdd4c054dbc449002a530ae2 5045 optipng_0.7.6-1.debian.tar.bz2 12641220585e1e82abbfde28a3b37622c223fd9d98024b0944b783c68c0b3098 86936 optipng-dbgsym_0.7.6-1_amd64.deb 1599e8e48790e139c2c57075a8b0b27089ca7061ef5350d554b64a85758d1f2e 82370 optipng_0.7.6-1_amd64.deb Files: aa27c551da35e2cf5a2b532d14e3f709 1986 graphics optional optipng_0.7.6-1.dsc c36836166ec3b6a12a75600fdb73e6ce 200670 graphics optional optipng_0.7.6.orig.tar.gz 064fd868647bc1be18f62b70b7c613fa 5045 graphics optional optipng_0.7.6-1.debian.tar.bz2 a7e655d729e5ba7583a5f2eb53635489 86936 debug extra optipng-dbgsym_0.7.6-1_amd64.deb 525301a013aa36c631812de052d9e034 82370 graphics optional optipng_0.7.6-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJXCCDEAAoJEEsHdyOSnULDFNAP/i/VaIiHIfvE3i7IU6tdXxCQ Ht1+Ej6iXKzAnF1aX4ejP3mPhtbfhFNA74ICmystkM8j1wWa+YBPQwJk7YiEekI9 ITNlDSnZcOkNJ4hOK5koQNPF94fIX5n4kjio/JcDKBPXChzQHw8WuU7okphIPlu6 CTGBGJWKXk1hllGQOAGO3yFj2T0AgVEVlxEgF3pWRj73UiAJ1QfRdzfV/p/NoP8k jMb/PKfhhKbGfF/tDeGs86FWe6C1XID4T8V0OxVCNB6ZIK9FOlWVCtizfLcjQQpe RtEcwzJtUUdHfHmc4lOcZkud/4b2ivNQHxamzXq97+iR3+xJjqaPLe8fzF4CXa+x yw7tC3Mcne5nxc5zozhkzOpxn/JHgWaM4UBLP4FXbpW4P4ioX4ADlZQMg6xqko8w SFIXxwWmX6LzHutyXavkvJkmMA2X1Fx2ZuEIuThq32bD16R5Dj0mQl8fer8aCRQ5 hpL9R+1FSiGJA5I1DMYa+tsSgzi7kCnHVR2jnvvl4i8+y8JBPWlcmQgbWEMLyq53 c0FJVX5TnI2FQt1G/+ToWnotDE2hOGcbUaUcP9bUOSnL/1JX9u7dI1xqbKWScZYT FMKvgw6wWQnaKFWAPr4qForUUUP1YixnYkqJYZ9FFrLwxRZfDT0o4n449THqthgY egAZj4G1oYopDll5Mu0Q =TwBP -----END PGP SIGNATURE-----
--- End Message ---
