Bug#810491: marked as done (netsurf-gtk: CVE-2015-7505 CVE-2015-7506 CVE-2015-7507 CVE-2015-7508)

[Debian Bug Tracking System]

Your message dated Sat, 16 Jul 2016 11:23:06 +0000
with message-id <e1bongy-0001ch...@franck.debian.org>
and subject line Bug#810491: fixed in netsurf 3.2+dfsg-3
has caused the Debian Bug report #810491,
regarding netsurf-gtk: CVE-2015-7505 CVE-2015-7506 CVE-2015-7507 CVE-2015-7508
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
810491: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=810491
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: netsurf-gtk
Severity: grave
Tags: security
Justification: user security hole

Please see these:

CVE-2015-7508 [heap overflow]
http://source.netsurf-browser.org/libnsbmp.git/commit/?id=041df43bbe273b0829132b0b17d89a69da2927d4

CVE-2015-7507 [out-of-bounds read]
http://source.netsurf-browser.org/libnsbmp.git/commit/?id=49427b52ba41a1813e3822301612e2e170107efd

CVE-2015-7506 [out-of-bounds read]
http://source.netsurf-browser.org/libnsgif.git/commit/?id=088fa0819f1aeaf212a95caf7393a38c1640b5f0

CVE-2015-7505 [stack overflow]
http://source.netsurf-browser.org/libnsgif.git/commit/?id=a268d2c15252ac58c19f1b19771822c66bcf73b2

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

Source: netsurf
Source-Version: 3.2+dfsg-3

We believe that the bug you reported is fixed in the latest version of
netsurf, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 810...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Vincent Sanders <vi...@debian.org> (supplier of updated netsurf package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 15 Jul 2016 13:58:09 +0100
Source: netsurf
Binary: netsurf netsurf-gtk netsurf-fb netsurf-common
Architecture: source all amd64
Version: 3.2+dfsg-3
Distribution: unstable
Urgency: medium
Maintainer: Vincent Sanders <vi...@debian.org>
Changed-By: Vincent Sanders <vi...@debian.org>
Description:
 netsurf    - small web browser with CSS support - transitional package
 netsurf-common - small web browser with CSS support common files
 netsurf-fb - small web browser with CSS support for framebuffers
 netsurf-gtk - small web browser with CSS support for GTK
Closes: 810491
Changes:
 netsurf (3.2+dfsg-3) unstable; urgency=medium
 .
   * Heap overflow fix Fixes: CVE-2015-7508 (Closes: #810491)
   * Out of bounds read fix Fixes: CVE-2015-7507
   * Out of bounds read fix Fixes: CVE-2015-7506
   * Stack overflow fix Fixes: CVE-2015-7505
   * Update package copyright to fix lintian warnings
   * Acknowledge NMU, thanks to Tobias Frost
Checksums-Sha1:
 46b234818ea4e94c8956e550881d368f4748fdc4 2259 netsurf_3.2+dfsg-3.dsc
 723913f6daca372439db7db37a0ac238ffcbc54e 13372 netsurf_3.2+dfsg-3.debian.tar.xz
 7176eb1a5910c593a381d0fbcb7fb8249c4d9ef3 6494 netsurf_3.2+dfsg-3_all.deb
 60a7719631dca2c8facfc6928865e3b8c864c4ce 756088 
netsurf-gtk_3.2+dfsg-3_amd64.deb
 f319577723de2d26af810ef37de8f1ef9ac38567 649400 netsurf-fb_3.2+dfsg-3_amd64.deb
 ad8cbad36a41f10b736604aa372a968be32ff5de 297126 
netsurf-common_3.2+dfsg-3_all.deb
Checksums-Sha256:
 c945a5752061f20037458f1da84b2e6b5d73c71e6a61b9558401f4b067c61fe0 2259 
netsurf_3.2+dfsg-3.dsc
 b5e3c16b4cd20aca31679950c502cee951937eec7e2d4f4c48aa32943692d827 13372 
netsurf_3.2+dfsg-3.debian.tar.xz
 4434f22abb58b7bca6aed03ce51595b8f4cc2655f5ad2836505f87424c971efd 6494 
netsurf_3.2+dfsg-3_all.deb
 9e5743caaa1f637845d43d353cebd4357cba8d6f92ba81794abf0960a3fc552c 756088 
netsurf-gtk_3.2+dfsg-3_amd64.deb
 fa7661e8a1091435cfb957310aad25de03a01b61e2f7c4960b6eee6fa0061f81 649400 
netsurf-fb_3.2+dfsg-3_amd64.deb
 e7ca913df4876c467ac6af379dab317f71a24919d62fa5d14925499c6e425ee9 297126 
netsurf-common_3.2+dfsg-3_all.deb
Files:
 d53af8fcb76c44d53291099023b82115 2259 web extra netsurf_3.2+dfsg-3.dsc
 f08adec1c456789ee0bbeb02da1a6c94 13372 web extra 
netsurf_3.2+dfsg-3.debian.tar.xz
 727e809ea3865398c1737727545241d7 6494 oldlibs extra netsurf_3.2+dfsg-3_all.deb
 9a4526813bab46b7874fb49d8f48850e 756088 web extra 
netsurf-gtk_3.2+dfsg-3_amd64.deb
 01f213034f8e8acd58695a7a36129eca 649400 web extra 
netsurf-fb_3.2+dfsg-3_amd64.deb
 5cd22948277cd1b59c843f9b382079e9 297126 web extra 
netsurf-common_3.2+dfsg-3_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIVAwUBV4oIdnmwx6LL2TueAQizfhAAtDzk9QiIS7h5SrQZb63/KV1RKucomjG8
0qHMAXBsqayxEZQtLyky0Tz5+zeV76Se/YF5SO9MdlstxVdJC6zD5q+zpi4VnSzN
BKcSMvYxMnVnmEj61usICseio0rLcObM/79/m6Gd/CjYMrme2f1mQeUNnLRMd6B6
EOphYVujA0ZacbOBVszR4x3zIQBRjxICimKSAU6D/wVvDMzaocLoBZZaUPWSCFW5
zuRB93GXNk3u8sg+Z5YPYncTbXUE1X3T/jK4qBXx6QLfYtRkE3fcuxO4028hmaaX
SBzXb/0dg1EhO2a+JCxCPfa94jnmgzoJyNatUZrdVgqpAvoB99UPD0w4/a7xJ7nY
6hUQuRQDXA2XMX9WLTmqRO4DZV2hc0Lb8z6fvVaWjd1r6i6J/QY/xuuMGuCZzfKy
+pkQK8ljtUfhfXyAiVPxuWvPdfJka1f2q5G2R8k2L96pgHf5w80a+EohfDJJryAx
kTsmD/fC/bus1fBr28AP8yB7oahexanUJq63zLLdl9Dh27shL84d4/6x94jPi+gl
x/rANbyzbh6Frx86UYx9tEPkdJOq80p6T8hdQkW/oT+cyUt1Om40uTTA63gtFC5D
duaNaO/mATSCNvd0o/4mBSNvh1GmPKkqid/ItqD71fM92h5pu4Vmy9AtYtp7aRRv
I5qIyWXDHoo=
=d5G3
-----END PGP SIGNATURE-----

--- End Message ---