Your message dated Sat, 09 Apr 2016 05:34:17 +0000 with message-id <e1aolxf-00070y...@franck.debian.org> and subject line Bug#798032: fixed in libpgf 6.14.12-3.2 has caused the Debian Bug report #798032, regarding libpgf: CVE-2015-6673: use-after-free vulnerability in Decoder.cpp to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 798032: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798032 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libpgf Version: 6.14.12-3 Severity: important Tags: security upstream fixed-upstream Hi, the following vulnerability was published for libpgf. CVE-2015-6673[0]: use-after-free vulnerability in Decoder.cpp If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-6673 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libpgf Source-Version: 6.14.12-3.2 We believe that the bug you reported is fixed in the latest version of libpgf, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 798...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Steve M. Robbins <s...@debian.org> (supplier of updated libpgf package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 03 Apr 2016 21:58:47 -0500 Source: libpgf Binary: libpgf-dev libpgf6 libpgf6-dbg Architecture: source amd64 Version: 6.14.12-3.2 Distribution: unstable Urgency: medium Maintainer: David Paleino <da...@debian.org> Changed-By: Steve M. Robbins <s...@debian.org> Description: libpgf-dev - Progressive Graphics File (PGF) library - development files libpgf6 - Progressive Graphics File (PGF) library - runtime files libpgf6-dbg - Progressive Graphics File (PGF) library - debugging symbols Closes: 798032 Changes: libpgf (6.14.12-3.2) unstable; urgency=medium . * Non-maintainer upload. * Apply upstream changes 147 & 148 to fix CVE-2015-6673 (Closes: #798032). New patches 02-fix-CVE-2015-6673-upstream-147.patch and 03-fix-CVE-2015-6673-upstream-148.patch. Checksums-Sha1: d56027f55aa05a0139337d539c5a1125551c858b 1954 libpgf_6.14.12-3.2.dsc 50c98be546e335e31a7c06fdc0d968a5a728a210 29572 libpgf_6.14.12-3.2.debian.tar.xz 12b4b927294ad880e9561af4de971fb14f32e2a7 49600 libpgf-dev_6.14.12-3.2_amd64.deb 28b5e12a00e7de1c43b1f7d9988c5c79507dec13 100662 libpgf6-dbg_6.14.12-3.2_amd64.deb 06d7d9da1e7066b063a6023b1d664b6840b26be0 37580 libpgf6_6.14.12-3.2_amd64.deb Checksums-Sha256: f745d7b3c8545d185fe15f1b09b797abbb42292cc96e59cc0c5a2617eb1fca8b 1954 libpgf_6.14.12-3.2.dsc bfbc8d866f9ff8e5b428161b63cf1869d9314f3731f66e43b1dd7baa39832ea6 29572 libpgf_6.14.12-3.2.debian.tar.xz b5f6e44e507e73241aaeb253539ce64be6ca2b3f072f3eba43980745530fe4e7 49600 libpgf-dev_6.14.12-3.2_amd64.deb e5fabf366996abfb675eba1e3cf3307edb647ecbaaa45a34ec57f52fa80de737 100662 libpgf6-dbg_6.14.12-3.2_amd64.deb 63d8027522e12fba39f841a5ecf16c86b4f35322bc07efadac5119ee6643ce4b 37580 libpgf6_6.14.12-3.2_amd64.deb Files: 3a0acffb12461275d6fb082af313d0d4 1954 libs optional libpgf_6.14.12-3.2.dsc 9d8e7010caafdd1d4fe1b83ce28c6f3c 29572 libs optional libpgf_6.14.12-3.2.debian.tar.xz e8f713e5218ce79eac9e218ab5d7d732 49600 libdevel optional libpgf-dev_6.14.12-3.2_amd64.deb bd24548f4352e94ad0074b7e80008670 100662 debug extra libpgf6-dbg_6.14.12-3.2_amd64.deb 456d8cd738859ec6d9b95d4bbd5e2e56 37580 libs optional libpgf6_6.14.12-3.2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBVwH4GsnlXi+tyPS5AQjH7xAAlZB4hq9OixiCdnczzzwW/i/e3RVIljf+ 378gS7p/IScnwRK1KDP8saMtwcd5fTB5JMj146vkzi6bonLtBVkE8CabwCTXtZdI BPpD3u/DVGyErltiKHDqUHa99yWuQl3yxo8A33up2J0Cq8JqlV01CYi2viRugqbD 5ErR6fwjxUAokOaSO4bXKTVTqcYA9SshIz92iwhL1l/IzEOeBP6XWmNG2Mm/dFU+ 2hB85LLkVtBU0ywv6chDIq1PLWr5vsXks4QwG7wQM616pffv8cDwMzoIyQAWXvWe TqSc+4fSu87hLv1IjC41rYpjBzMeLiewHZYkcW/4CkiRz52l6zTw/ECJ5RACMYju NZPzqsQ34SeS6OVoBrfHoTlfGQ2m2Q8gv4YWMHPhZ955/JmQkwKufSxzvExDBnkh U9e6cyuJCCqk06dHLUDrZnjqP7rTOEIp5+H5qaRcdG6G/9C9ifQ/sCLzvkpL4XIJ auNsu4LwuGs0fL2YGm4BQMNqBnr8ir0Z7X3/daOybSKmREt+jvTL07eLinC58NWW EI11N1B1rcd4tVGRv8UxEkYaNgviD1BRIis9Kuq6sYgbUIiJYdhzlKndxkcJVcWG vVtPhsuviVTmYNJHlmfTAU1JAS+CthhvMpTT3AFZHpU7CxbmiHPlSsxqdIP//ypS CLw9Js6W+/s= =de3s -----END PGP SIGNATURE-----
--- End Message ---
