Your message dated Sat, 17 Feb 2018 00:05:29 +0000
with message-id <e1emq0p-0001kk...@fasolo.debian.org>
and subject line Bug#890548: fixed in leptonlib 1.75.3-2
has caused the Debian Bug report #890548,
regarding leptonlib: CVE-2018-7186: Stack buffer overflows
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
890548: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890548
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: leptonlib
Version: 1.74.4-2
Severity: serious
Tags: security upstream
gplotRead() and ptaReadStream() read strings into stack buffers using
fscanf() without a length limit.
Ben.
-- System Information:
Debian Release: buster/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500,
'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Source: leptonlib
Source-Version: 1.75.3-2
We believe that the bug you reported is fixed in the latest version of
leptonlib, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 890...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jeff Breidenbach <j...@debian.org> (supplier of updated leptonlib package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 16 Feb 2018 15:26:11 -0800
Source: leptonlib
Binary: libleptonica-dev liblept5 leptonica-progs
Architecture: source amd64
Version: 1.75.3-2
Distribution: unstable
Urgency: medium
Maintainer: Jeff Breidenbach <j...@debian.org>
Changed-By: Jeff Breidenbach <j...@debian.org>
Description:
leptonica-progs - sample programs for Leptonica image processing library
liblept5 - image processing library
libleptonica-dev - image processing library
Closes: 890548
Changes:
leptonlib (1.75.3-2) unstable; urgency=medium
.
* Fix fscanf buffer overflow (closes: #890548)
Checksums-Sha1:
fd5683455eead027b875f8d695b9ebda92d1d775 1953 leptonlib_1.75.3-2.dsc
e57babec0f89bdabc82e0445d28db351d1abcd6c 9652 leptonlib_1.75.3-2.debian.tar.xz
de95eafb1ce33f31f4aa1f244ffa35f3c6b5eab7 32908
leptonica-progs-dbgsym_1.75.3-2_amd64.deb
47ae72dadd341fa415a26c9ca4ac7cbb2c29a15a 17256
leptonica-progs_1.75.3-2_amd64.deb
e0e19fbc6023e75c780fb2395fecd72586e95f16 7378
leptonlib_1.75.3-2_amd64.buildinfo
3dda9a9420878ce5eb474920774fdc3d7f5098fc 2265884
liblept5-dbgsym_1.75.3-2_amd64.deb
f77da6a98358e665767ede1dae047964b5488715 937076 liblept5_1.75.3-2_amd64.deb
7ff27dab99646dec47dccf5392fdc9abb10c8827 1315132
libleptonica-dev_1.75.3-2_amd64.deb
Checksums-Sha256:
f77da6e33fd633160b127195155039d2b6c5de59e68dd50f1b82248e5e63adb7 1953
leptonlib_1.75.3-2.dsc
a212df5214c2c973de3cc548e21c3a8b419828baf35b6552174951cf406ad4f4 9652
leptonlib_1.75.3-2.debian.tar.xz
7205e48ff78de2a94f0a78693e73e1cbc2dc4eaaf3ca0be0d723760fffa59484 32908
leptonica-progs-dbgsym_1.75.3-2_amd64.deb
ed833619755a6cfb7b9cc62c0f4abe825483707270f83b55403d1ede79eb0f7a 17256
leptonica-progs_1.75.3-2_amd64.deb
0efd73557a621cbacb3f78073114902a80f9cab022033bd49af62bc90c449aef 7378
leptonlib_1.75.3-2_amd64.buildinfo
7ccdd044334d02d9b422af0ef06bfae2b191d01ced46053b05b8ab9f85dd62ff 2265884
liblept5-dbgsym_1.75.3-2_amd64.deb
4a95356116cc7aba3982921085b0cb7caac0f6bee8f40365f13210e73260c8bf 937076
liblept5_1.75.3-2_amd64.deb
9a5aab1812781dfe68ca2d6b8a35352a3ceaa26fbb1a638168b82c37f9ae5c00 1315132
libleptonica-dev_1.75.3-2_amd64.deb
Files:
242a6b0011d64858c431ee104f3896fc 1953 graphics optional leptonlib_1.75.3-2.dsc
1b85e954c32cfbbbe0e674a81a2d6126 9652 graphics optional
leptonlib_1.75.3-2.debian.tar.xz
73cfc755ff99b12dc16e80a6d3964cdb 32908 debug optional
leptonica-progs-dbgsym_1.75.3-2_amd64.deb
8f6e0bad3389f4d12a7929e522826693 17256 graphics optional
leptonica-progs_1.75.3-2_amd64.deb
a447c1d4fd82b97eae72580f980f1f39 7378 graphics optional
leptonlib_1.75.3-2_amd64.buildinfo
ca85f1f01a5964f31abb57b279b0435a 2265884 debug optional
liblept5-dbgsym_1.75.3-2_amd64.deb
0a9923690ab088fa05e5664674f7f879 937076 libs optional
liblept5_1.75.3-2_amd64.deb
6d1b4169f90db5a449daa38cd7d8a8bf 1315132 libdevel optional
libleptonica-dev_1.75.3-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQJDBAEBCAAtFiEEfzii+Ck3m3QwNJ0yqHaugwpJrNMFAlqHbnYPHGphYkBkZWJp
YW4ub3JnAAoJEKh2roMKSazT6F8P/3QOadUjx6kYXzLgp2e1+LU6FOq4UNAWZER3
vDaIWFwcTjo0aVuHJP45KmFhSuFN1rrAWVIhCSJTQbArS3pWJMU6L6fUicT0VvoB
e5or0nN3biwB1VR8ktzDGN2mmOLoSofpRcua7trXkZbqAH9qBktV9D7Kcxrgqw+X
2VdfhF8DLskp4MsLnan7D9fHvgSr7LKToYLqHQSC1paCyF2jLtdfORrvdCELloI3
2v4td5vRZfdZgxC9cOdJFCJFPcDJDOddp2ptUoiWSmIKztrfucBme7ukIVEdfwPP
4SEztAc9AGDJbZot9A4LnSA07/5cICWpSCC6NH9PyWtT4PqgO5VnYEg337MEFJFD
QSwJlbz7AGzvR9jviIx7hPK6Pk9zo33qXocgWGIB3kTNXqCrI7Ue+5ohmLHq3Pq0
M1mhjv36LMWMtSN7QLtqV9mta0bEstWjQLBpg4AXJJO5w8XgxBL+fwM2KpRZypNS
C/S878qENcWnobgiKVHmtjEmpEMUk5TL6s9nKxPq8lBg0X9Y7/87W2V2Y2c4ditX
fGUt23V4GuVBGGRO/JMJh4EJFCeGg2i63kCs7vLbsUy1i+qoq6ADQCwj4exzlkAR
+P2Bj6Rhg2jPOisWWLQ3rzmTVzNbSd6hyYrPCfxBdX2b26AJegzYAAAmpvZJXYMM
Bt2j6oIn
=TfRR
-----END PGP SIGNATURE-----
--- End Message ---
