Your message dated Sat, 12 Aug 2017 15:02:52 +0000 with message-id <e1dgxwc-000cc9...@fasolo.debian.org> and subject line Bug#869263: fixed in libgd2 2.1.0-5+deb8u10 has caused the Debian Bug report #869263, regarding libgd2: CVE-2017-7890: Buffer over-read into uninitialized memory to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 869263: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869263 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libgd2 Version: 2.2.4-2 Severity: important Tags: security upstream Forwarded: https://github.com/libgd/libgd/issues/399 Hi, the following vulnerability was published for libgd2. CVE-2017-7890[0]: Buffer over-read into uninitialized memory If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-7890 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7890 [1] https://github.com/libgd/libgd/issues/399 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libgd2 Source-Version: 2.1.0-5+deb8u10 We believe that the bug you reported is fixed in the latest version of libgd2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 869...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated libgd2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 12 Aug 2017 06:15:41 +0200 Source: libgd2 Binary: libgd-tools libgd-dev libgd3 libgd-dbg libgd2-xpm-dev libgd2-noxpm-dev Architecture: source Version: 2.1.0-5+deb8u10 Distribution: jessie-security Urgency: high Maintainer: GD team <pkg-gd-de...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 869263 Description: libgd-dbg - Debug symbols for GD Graphics Library libgd-dev - GD Graphics Library (development version) libgd-tools - GD command line tools and example code libgd2-noxpm-dev - GD Graphics Library (transitional package) libgd2-xpm-dev - GD Graphics Library (transitional package) libgd3 - GD Graphics Library Changes: libgd2 (2.1.0-5+deb8u10) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2017-7890: Fix unitialized memory read vulnerability in GIF reading (Closes: #869263) Checksums-Sha1: 6b471163b732b336ff19a052230c75a8fd553893 2510 libgd2_2.1.0-5+deb8u10.dsc 9b0e83c48a8edb727982d7a4d35b7adf709d137b 38344 libgd2_2.1.0-5+deb8u10.debian.tar.xz Checksums-Sha256: a382d058da161bf93b31142d0e8b618dc9a3502917fa72de00c6c38eb6ce5d12 2510 libgd2_2.1.0-5+deb8u10.dsc c8ced061a104ed1d162996ff76ce442bf85cfc14ccf116af774da7857309c53d 38344 libgd2_2.1.0-5+deb8u10.debian.tar.xz Files: 3bbea5b0f884ece5786d4b7fd431af5c 2510 graphics optional libgd2_2.1.0-5+deb8u10.dsc f1a2511ce95eae332d69203e23b97d5d 38344 graphics optional libgd2_2.1.0-5+deb8u10.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlmOlodfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89ELlYP+QHMRx2fRGHrMRBgPszvF+HMF6lbhyG6 Tw21pHJUAEgYLMsC4MZWD6+zp8P5by3C7TXklW7xIo8npMdodWXfvaMW67Kcut2l PLFzesHOd/IUCOmbj+43Qgu75kw1XL8kt+C7Gc355h1Ban2ZWROnAin6aVWmMI+/ hfH+RCeLHvxOISldib0pMVTIKCduwTVD/toA28XQj0CkOPg+lJg2b+wzWCfVyCI3 5koWwPfaMrjisnuL3qbeqPfLwmFO761d6T+qNdnag1cFOfEpokmzKBEIOs9gI/Wn ZcXRVJFe3cs1ft5nXkTnkWgeCF586APdXhO4ZH7ElFbJ2Fav/eKoE60kR19n7LLM RVTOqvZTLbkEUBlX8Now35Nd2qbumh0Fw8Dz7SMfCZYlEsy6vlcYPszk5hI9gGaU LuxIfNuBWZdsxljJq6Ow0J7azQ3Hqo2oHF1yNs2xuF8pwrbYTifWJuDY1UeU8JS9 eGQfPtVljCNL9TB3YSVujL/ZdWpopuG5iVa4ECpwXb2OGuTqJ8TM3XzNYvhsO9/U 4HsZQzAHmDIwJ8rWj9lwyRBe8mTDz5Acb1h/0DC7Ev5UVDEdk0pS/GleDS0g/56M fPkMYL/BaXKSTUK33+19Ni3EGqGUiF0dVeKwfBcOnRoV9Kr8WOFe9p8VERtt3qR4 8xTGdhX6WPyu =RQob -----END PGP SIGNATURE-----
--- End Message ---
