Your message dated Sat, 23 Apr 2016 18:05:30 +0000 with message-id <e1au1vu-0000om...@franck.debian.org> and subject line Bug#822242: fixed in libgd2 2.1.1-4.1 has caused the Debian Bug report #822242, regarding libgd2: CVE-2016-3074: Signedness vulnerability causing heap overflow to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 822242: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=822242 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libgd2 Version: 2.1.1-4 Severity: grave Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for libgd2. CVE-2016-3074[0]: Signedness vulnerability causing heap overflow If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-3074 [1] https://github.com/libgd/libgd/commit/2bb97f407c1145c850416a3bfbcc8cf124e68a19 Please adjust the affected versions in the BTS as needed. Salvatore
--- End Message ---
--- Begin Message ---Source: libgd2 Source-Version: 2.1.1-4.1 We believe that the bug you reported is fixed in the latest version of libgd2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 822...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated libgd2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 23 Apr 2016 10:49:43 +0200 Source: libgd2 Binary: libgd-tools libgd-dev libgd3 libgd-dbg Architecture: source Version: 2.1.1-4.1 Distribution: unstable Urgency: high Maintainer: GD team <pkg-gd-de...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 822242 Description: libgd-dbg - Debug symbols for GD Graphics Library libgd-dev - GD Graphics Library (development version) libgd-tools - GD command line tools and example code libgd3 - GD Graphics Library Changes: libgd2 (2.1.1-4.1) unstable; urgency=high . * Non-maintainer upload (with Ondrej's approval directly uploaded) * CVE-2016-3074: Signedness vulnerability causing heap overflow (Closes: #822242) Checksums-Sha1: 5b1cc784189ce843102c8463dd603b098d6d7ae0 2203 libgd2_2.1.1-4.1.dsc 94c303831087e5b9806a473e9edea4e4722a33f5 24152 libgd2_2.1.1-4.1.debian.tar.xz Checksums-Sha256: 9076b9fe1ad485ebdf718a843e252fdcd7a045446692093f061e578e4d57f4b7 2203 libgd2_2.1.1-4.1.dsc ce2051fcdb161e4f780650ca76c3144941eb62e9d186e1f8cd36b6efd6fedea0 24152 libgd2_2.1.1-4.1.debian.tar.xz Files: c8f9ec873eae7de41ab86e119a9bf533 2203 graphics optional libgd2_2.1.1-4.1.dsc 4e979e4846dec3817b5cc8bde6aeaf44 24152 graphics optional libgd2_2.1.1-4.1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJXG7YiAAoJEAVMuPMTQ89E1dIP+wWxZzidLNS162nqYYAfUAcN A1dWNCieSQXsk16cKLKlI0XV2Zh2ogbG6kcwROSBzRJGL0x3Q3BiHEurGQMdelgP 5heUVNUettAblVipOsGQOblJOsg5AVM+inLn4r/NZadbXw14FWTY7jW7DSRu06Ky WslTgmZR/eNyd8hoJP083rJ/GoSTT+KwdbPj9BlPmdNZaZix7TjEi7nLce4JisTV 3Ft1Xq/QEM4PsuIFcatT4bme7O68LJt4mWOBxSBTSMJVv29pGDB8RGxAf9RTCB8/ YcUCCrcBBUY177f9j3i9IMKkYntiCilBUzicPPLgO7gJxz1KI3pUfz27QcbWjB7j L2yIfV/PXbQAj366HP4RqCpi8y2K8Vk0t2E3cedIJK0TDWZkzVDGYErAoDY9KSY6 9kTLtvu5XKooh3o0zNHiFzjcONwX3bPMtA+tgeqOWOesVKGYJ8LGaZCGs8a+ITRF 1pxh1wK8A1juSFRlBcI6bxgOPHW+KWzwNRSZEv/uvMzFXb8DtsvjNHUO3SvCPHsX rHDPp6MFmktvdPPQtzcV0fc7rurYogB2/Ab6GwLaKHBksLWL2Gu6iR9rWw4FimQV 5b7a5fNJtfxp+LfmDSg0W0uqVQ0pPq1zJhHZ9vFciQNxBtWWRBTGpgLAibh5LYK3 F3bOPP3EXsF6R0CBr+Kx =/pdr -----END PGP SIGNATURE-----
--- End Message ---
