Your message dated Mon, 29 May 2017 12:03:46 +0000
with message-id <e1dfjok-00039s...@fasolo.debian.org>
and subject line Bug#861693: fixed in swftools 0.9.2+git20130725-4.1
has caused the Debian Bug report #861693,
regarding swftools: CVE-2017-8400: out-of-bound write of heap data issue can
occur in function png_load()
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
861693: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861693
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: swftools
Version: 0.9.2+git20130725-2
Severity: important
Tags: patch upstream security
Hi,
the following vulnerabilities were published for swftools, and not
filling two seprate bugs, since common code back to stable. Filled as
severity grave, since for CVE-2017-8400 possibly can cause code
execution, but not ruled out/further analyzed if that is possible.
CVE-2017-8400[0]:
| In SWFTools 0.9.2, an out-of-bounds write of heap data can occur in the
| function png_load() in lib/png.c:755. This issue can be triggered by a
| malformed PNG file that is mishandled by png2swf. Attackers could
| exploit this issue for DoS; it might cause arbitrary code execution.
CVE-2017-8401[1]:
| In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the
| function png_load() in lib/png.c:724. This issue can be triggered by a
| malformed PNG file that is mishandled by png2swf. Attackers could
| exploit this issue for DoS.
The references to the security tracker contain references to the
upstream issues and respective commits.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-8400
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8400
[1] https://security-tracker.debian.org/tracker/CVE-2017-8401
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8401
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: swftools
Source-Version: 0.9.2+git20130725-4.1
We believe that the bug you reported is fixed in the latest version of
swftools, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 861...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated swftools package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 27 May 2017 13:25:12 +0200
Source: swftools
Binary: swftools swftools-dbg
Architecture: source
Version: 0.9.2+git20130725-4.1
Distribution: unstable
Urgency: high
Maintainer: Christian Welzel <gaw...@camlann.de>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 861693
Description:
swftools - Collection of utilities for SWF file manipulation/creation
swftools-dbg - Collection of utilities for SWF file manipulation/creation
(debug
Changes:
swftools (0.9.2+git20130725-4.1) unstable; urgency=high
.
* Non-maintainer upload.
* Fix an integer overflow issue in png.c (CVE-2017-8400) (Closes: #861693)
Checksums-Sha1:
11440aa17a65af4b5f9988862d64e804c7362067 2271
swftools_0.9.2+git20130725-4.1.dsc
db4a715fb0a8e90ad8d66ec145dbc4dbc7209ce3 35416
swftools_0.9.2+git20130725-4.1.debian.tar.xz
Checksums-Sha256:
b78e86c74b0a6254c74f9b58b75f8a07ddc3c13eda4bed5dc276aa3b07c942a1 2271
swftools_0.9.2+git20130725-4.1.dsc
4350b153a2756a6711131186dec6dc2dbdb6e8c782c45d57d13f3ce62f181448 35416
swftools_0.9.2+git20130725-4.1.debian.tar.xz
Files:
026fdea3966e8ebe22f1b81a285fd262 2271 utils extra
swftools_0.9.2+git20130725-4.1.dsc
e80e6d3dc01e700b8b09bfda39f779cb 35416 utils extra
swftools_0.9.2+git20130725-4.1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlkpZwlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EphsP/1Uh+9X9m/PFpLaYknPA+ZqWRaahTNqV
SnNX5QxLqxc2VQAY9qtiMlEjKHZqJgDmuX84IKjc/Q1Cq67LdoJP/AxGj4BbAZ4w
mpeCJGriyvpJN4IXbjalZWub/r2t+0WsgBgYM/Zv5Q36fGb6rjfHmbxOt5JRjKx+
yyoXsaiznK6sLYuG3qRprlX4R22L6wE4Vki+E9yNXBaGEepLtMuokh8INGCRUlfb
oHmJERsgE0ICes55xkJaKopJYN0A6BGsroN5cCx+IvVBQknYAKyCFYd2qoJky6S7
MVUS122QTG366ZrHRSwcorHX0P6DTbG6p6L2uOjHYo72HXhz2gcBnmbKSJKQNBtA
dW2FtEvq8ZLZCrgLKwrDQiXvAUOIR29RfUC45MxjL5tmg4dnFK2cDUi39vdc/TJI
iHfkgTF8u+I5jmU9HGCn/oqTQBXiz+lsGgwwVHCfHXVfMpvomFYN4FgQwHVBbRz9
j+/RmOPijJgNL7W4b5N6LEqamZiUUZjn4BSOg5OZiOIyjqlpYN+G93AWdRwqDWbm
t3EoJV2uU0qUESm8784LNvL+FrJhlzxmqpPbYZYukSoejW5z92ZH2K8D4MWLQb1+
pC8twfMgkqQChSMuq5ouOhPnO47zckZa511eMnXQAtewydtT+1pTWuzsrp0zC14d
8kW5ZxN+zsi5
=Dfb/
-----END PGP SIGNATURE-----
--- End Message ---
