Your message dated Fri, 22 Jul 2016 17:24:24 +0000 with message-id <e1bqebu-0007dn...@franck.debian.org> and subject line Bug#831814: fixed in lepton 1.2.1-1 has caused the Debian Bug report #831814, regarding lepton: CVE-2016-6234 CVE-2016-6235 CVE-2016-6236 CVE-2016-6237 CVE-2016-6238 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 831814: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831814 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: lepton Version: 1.0-2 Severity: grave Tags: security upstream Justification: user security hole Hi, Multiple issues were found in lepton. The CVE request was at http://www.openwall.com/lists/oss-security/2016/07/17/1 referencing https://github.com/dropbox/lepton/issues/26 (note to compile with address sanitizer to reproduce the issues). lepton got several CVE assigned in subsequent http://www.openwall.com/lists/oss-security/2016/07/17/6 I'm not sure if current master fixes all the reported cases from #26. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: lepton Source-Version: 1.2.1-1 We believe that the bug you reported is fixed in the latest version of lepton, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 831...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. ChangZhuo Chen (陳昌倬) <czc...@debian.org> (supplier of updated lepton package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 23 Jul 2016 00:43:13 +0800 Source: lepton Binary: lepton Architecture: source amd64 Version: 1.2.1-1 Distribution: unstable Urgency: medium Maintainer: Debian PhotoTools Maintainers <pkg-phototools-de...@lists.alioth.debian.org> Changed-By: ChangZhuo Chen (陳昌倬) <czc...@debian.org> Description: lepton - tool to compress JPEGs losslessly Closes: 831814 831897 Changes: lepton (1.2.1-1) unstable; urgency=medium . * New upstream release. Closes: #831814 * Kill lepton after unit test to ensure no process leaves after build. Closes: #831897 * Set architecture to i386 amd64 x32 due to SSE. Checksums-Sha1: 39a2e0a067889d05c3409d8e977ea01d80e4d89e 2027 lepton_1.2.1-1.dsc fe246da5d87a666bd69d3e4c19f3b80ccb5a9044 50226336 lepton_1.2.1.orig.tar.gz 2ab3523ba372642debbdd1275a138141675ff03a 5488 lepton_1.2.1-1.debian.tar.xz 357e122afcd7edd7f9c3f90364978e985ff058aa 1525772 lepton-dbgsym_1.2.1-1_amd64.deb 76f6b04cda18a715f88058fb46558ea181a4063f 149396 lepton_1.2.1-1_amd64.deb Checksums-Sha256: a49dcb17c352e7e4e413557a17b4260f99dd8f8f3bcf21d8988072c91781b571 2027 lepton_1.2.1-1.dsc c4612dbbc88527be2e27fddf53aadf1bfc117e744db67e373ef8940449cdec97 50226336 lepton_1.2.1.orig.tar.gz 4d21ae6137be48217d922ee680b0e9c002458333731421e79f477dab07dff475 5488 lepton_1.2.1-1.debian.tar.xz 6422bc0b984d7d8d774ea822cfd9098b218991668d998fa75abebdaf032e00d8 1525772 lepton-dbgsym_1.2.1-1_amd64.deb ea0d1cac132e26f631953f70c81319ebecf335de71545d4d73c1c16ad88139a7 149396 lepton_1.2.1-1_amd64.deb Files: dc06bed90a5675ce2630f8a8d200d750 2027 graphics optional lepton_1.2.1-1.dsc 79fad1d65eb68efed0222b1db4916429 50226336 graphics optional lepton_1.2.1.orig.tar.gz f281ca2f3cacae9fa5be7887179fe3ff 5488 graphics optional lepton_1.2.1-1.debian.tar.xz cb26ba11dd6d2475aad15478082a5b1b 1525772 debug extra lepton-dbgsym_1.2.1-1_amd64.deb 100e4036def98e3002538099e8c7e827 149396 graphics optional lepton_1.2.1-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJXklFAAAoJELTYlw90nD9qB0oQAIjDoZvmrDNwP4oP3JqT5F39 agXKYl2NJvIAztzQce90jLAk7x93le0sFgzoDmudzNhm5GHCyZeyVFqas7xbvR9G Z2j1bBrkRSOBo7cvZOddKhjI/waMy8b8LDkvmwMhuFgC24XYKnipnJlLCgu7pXGG Lg/qn1cYd1/jafeDPMK/HeA4vxcWvcoy+MPthIfJzbQdB4775Y60JqiYqWfDXIOy mSolGfhfJA+WOsv0eUTENV15rjYNlA7FKxWyLvTi0oKnpwk6Ad+A/WyUT+6oO3z2 t/piyuYhBXFWMo5GdT/9tDCV6jUj/ruSA+e+NDV1RGktq7PMKToBgI6RHlwjjBFq AGC1E3OJZKdvPOWE54CfZiC/8ebKiQXRTbdQP1DSkBoy4SCRBbuoteA6e1neOlrH jYTeQCR8yUOfmAW0cXMG+R21HZ1lUzYRfIsqtFC3ytS2S/p8cNCjNUszdmaEshx2 Xg/O1njTwo/P8Hy9WLkjgoBqAdA/PNm88Nqd8niJfyxqe0jkZwSsZ75+KUGti/Vb qDgyAyBfiq0ZyuXoLCPYHyCy8m9h/QsJy61KOOuY1/WBs1REJNw0RHcV6/+oHsdo pCe1XDDlETWqAz8jvekJNWw5NhGCzR8lcQUDBpKXgmt3SOswPpOsWc7wUgb9yguj 24L9Hk+7qEMz7k95et90 =DmuX -----END PGP SIGNATURE-----
--- End Message ---
