Your message dated Sun, 24 Apr 2016 16:17:11 +0000 with message-id <e1aumid-0002ew...@franck.debian.org> and subject line Bug#822242: fixed in libgd2 2.1.0-5+deb8u1 has caused the Debian Bug report #822242, regarding libgd2: CVE-2016-3074: Signedness vulnerability causing heap overflow to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 822242: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=822242 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libgd2 Version: 2.1.1-4 Severity: grave Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for libgd2. CVE-2016-3074[0]: Signedness vulnerability causing heap overflow If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-3074 [1] https://github.com/libgd/libgd/commit/2bb97f407c1145c850416a3bfbcc8cf124e68a19 Please adjust the affected versions in the BTS as needed. Salvatore
--- End Message ---
--- Begin Message ---Source: libgd2 Source-Version: 2.1.0-5+deb8u1 We believe that the bug you reported is fixed in the latest version of libgd2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 822...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated libgd2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 23 Apr 2016 11:19:01 +0200 Source: libgd2 Binary: libgd-tools libgd-dev libgd3 libgd-dbg libgd2-xpm-dev libgd2-noxpm-dev Architecture: source Version: 2.1.0-5+deb8u1 Distribution: jessie-security Urgency: high Maintainer: GD team <pkg-gd-de...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 822242 Description: libgd-dbg - Debug symbols for GD Graphics Library libgd-dev - GD Graphics Library (development version) libgd-tools - GD command line tools and example code libgd2-noxpm-dev - GD Graphics Library (transitional package) libgd2-xpm-dev - GD Graphics Library (transitional package) libgd3 - GD Graphics Library Changes: libgd2 (2.1.0-5+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2016-3074: Signedness vulnerability causing heap overflow (Closes: #822242) Checksums-Sha1: 0ce203a0e673e5cea5793cbe46b04d81d18c7140 2337 libgd2_2.1.0-5+deb8u1.dsc 66c56fc07246b66ba649c83e996fd2085ea2f9e2 2004304 libgd2_2.1.0.orig.tar.xz 11f950bcd96a0001fe0505924945b4c226cb454a 37348 libgd2_2.1.0-5+deb8u1.debian.tar.xz Checksums-Sha256: 19027b8f14e74783aa2c4f937ffab2827de12a39346da264f97fb53dd96797cd 2337 libgd2_2.1.0-5+deb8u1.dsc fa6665dfe3d898019671293c84d77067a3d2ede50884dbcb6df899d508370e5a 2004304 libgd2_2.1.0.orig.tar.xz 7dc2c1f4accd5025f87a280011b5694cf809e588be69ae1a07820772c44871fa 37348 libgd2_2.1.0-5+deb8u1.debian.tar.xz Files: 8a1317e01d18d11b16ffc463a784e909 2337 graphics optional libgd2_2.1.0-5+deb8u1.dsc 03588159bf4faab9079849c8d709acc6 2004304 graphics optional libgd2_2.1.0.orig.tar.xz 62a2b1ddcbdd3b57d5402c3a70c404ae 37348 graphics optional libgd2_2.1.0-5+deb8u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJXGz74AAoJEAVMuPMTQ89EiOYP/jWZzmV90W0tSXTo26gG7Yh5 P8VE4xvTKbSvvMUzI7fU7kVB0NcjSN+f0rnNoBYseqURjUHueOzRYfppt7hI/jEP CUfoVNArytAv0YR8TywieERhDiZUlQHY6JEX1eW9ebdxi6rt3Oly673sqw7GmY9H xhDDMgZnvLu9ZYNDxY+HAZdu5w+z5jYr0y+yVtgj5g9TrMV3lswS/PVBOYXco0X4 Ftv4dLZ8o4mk9ojD8Znh80uIPPnGzM4VT0tU/UlszGteXSQ60UR7fYQChFJP34eT KGapw0KtyIvZhH/frfaZnhPqfbVxv4la9j4t8xJDjsqXNSNOjY7gamJx4fhFAPbe MzyIcQ3yXMLsj6KVqf4yo4eiaBkrgDfc5RYgKXOT1vX2p6ofiTDC1/eVl23ZyPkk grvD4OCwaaxJLVCQFBybmAnk3tqH5h4T4Xc5UNpu1ia/kG0Xq1cidF49jBCfHg2j JgcphSgUgMi29TqmKUPkTWNyE52rtO/fo4cNq226PQymqN9XTUZzB7lkSr+p+keo MrR54cCrExNLnNPPthyBOVAd2oITCux4bk0q5QlDTKJz23wdpzAKbqJN6omI7aRz n9ijM1ERuNNHhNvSFxxFB3TAUQxFn/Kqqzg/iebWs0o/JfADaNZk7ZUKjXWMQCPI ocm6obwJT0Fv5yHSldon =KAFT -----END PGP SIGNATURE-----
--- End Message ---
