Your message dated Sat, 17 Mar 2018 22:57:22 +0000 with message-id <e1exklo-0002ov...@fasolo.debian.org> and subject line Bug#856448: fixed in gdk-pixbuf 2.36.11-2 has caused the Debian Bug report #856448, regarding gdk-pixbuf: CVE-2017-6314: Infinite loop in io-tiff.c with large size to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 856448: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856448 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: gdk-pixbuf Version: 2.31.1-2 Severity: important Tags: upstream security Forwarded: https://bugzilla.gnome.org/show_bug.cgi?id=779020 Hi, the following vulnerability was published for gdk-pixbuf. CVE-2017-6314[0]: Infinite loop in io-tiff.c If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-6314 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6314 Please adjust the affected versions in the BTS as needed. No patch upstream yet. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: gdk-pixbuf Source-Version: 2.36.11-2 We believe that the bug you reported is fixed in the latest version of gdk-pixbuf, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 856...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Simon McVittie <s...@debian.org> (supplier of updated gdk-pixbuf package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 16 Mar 2018 10:57:57 +0000 Source: gdk-pixbuf Binary: libgdk-pixbuf2.0-0 libgdk-pixbuf2.0-bin libgdk-pixbuf2.0-common libgdk-pixbuf2.0-dev libgdk-pixbuf2.0-doc libgdk-pixbuf2.0-0-udeb gir1.2-gdkpixbuf-2.0 Architecture: source Version: 2.36.11-2 Distribution: unstable Urgency: medium Maintainer: Debian GNOME Maintainers <pkg-gnome-maintain...@lists.alioth.debian.org> Changed-By: Simon McVittie <s...@debian.org> Description: gir1.2-gdkpixbuf-2.0 - GDK Pixbuf library - GObject-Introspection libgdk-pixbuf2.0-0 - GDK Pixbuf library libgdk-pixbuf2.0-0-udeb - GDK Pixbuf library - minimal runtime (udeb) libgdk-pixbuf2.0-bin - GDK Pixbuf library (thumbnailer) libgdk-pixbuf2.0-common - GDK Pixbuf library - data files libgdk-pixbuf2.0-dev - GDK Pixbuf library (development files) libgdk-pixbuf2.0-doc - GDK Pixbuf library (documentation) Closes: 856444 856445 856448 Changes: gdk-pixbuf (2.36.11-2) unstable; urgency=medium . * Team upload . [ Emilio Pozuelo Monfort ] * Switch triggers to noawait. . [ Simon McVittie ] * Update Vcs-* for move from Alioth svn to Salsa git * debian/gbp.conf: Add * Add patches from upstream to fix crash bugs: - CVE-2017-6312: out-of-bounds read in ico (Closes: #856444) - CVE-2017-6313: integer underflow in icns (Closes: #856445) - CVE-2017-6314: infinite loop in tiff (Closes: #856448) Thanks to Salvatore Bonaccorso for highlighting the relevant commits. Checksums-Sha1: a178cd6c3a05fbcaaba377899e8798a55bc55e58 2886 gdk-pixbuf_2.36.11-2.dsc 97a9d8c5de55d0cd51fccd4f9ddc0c3ce2b0f70e 15204 gdk-pixbuf_2.36.11-2.debian.tar.xz cdaba9274b307419152a825cfc0b82dded41a427 8316 gdk-pixbuf_2.36.11-2_source.buildinfo Checksums-Sha256: 6c6482b64d3b15bf893d6b3dc1864ab49f92ee994736d53ce84a3d052d57e6c4 2886 gdk-pixbuf_2.36.11-2.dsc 064020524e80e3ac713dd6bdf861660df26c61d9aceb75be74df44a9979c0a0c 15204 gdk-pixbuf_2.36.11-2.debian.tar.xz 71271d006e736a1eb26f096e6bfecb0bd2c7148ec44dd3d262771b43168b12dd 8316 gdk-pixbuf_2.36.11-2_source.buildinfo Files: f7428bc77e10ba818008101db0d1abcf 2886 libs optional gdk-pixbuf_2.36.11-2.dsc ba930d0a440f41c30aa6fb8f2c8df444 15204 libs optional gdk-pixbuf_2.36.11-2.debian.tar.xz f64e5db20e33524fa973a635f6b5de45 8316 libs optional gdk-pixbuf_2.36.11-2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAlqr53kACgkQ4FrhR4+B TE//fg/8D+PIRv7CpqYOXA68hQq5lfPKj0ttWwWTmTvYlBgs112CpAuBhlNczFm8 +q8e5tcwE6dneRwo83IVJ+7qAkxYnWqUGZfWwyopVky8O9bOyrnG/SmkgzT0MnVR yiRUBUjrxckeQ7o8ZmqKoDoI2SL+8YDAhFSK8BikQkYW1/wYRRcYfYRMTae2j7Y6 7OQ9IJFchrd0xSoNV9BlNi9yI4V+lCn4kWQD72MnBmiCzXTBZuR/A7iVZp4z7Mqc kUT9sgWOru0FVfrpOm3p0OGNQt2mFa+iycIkqBzVMYBTcSG+nUak1K/L6vdaLAiv wzlORMpTOfhorknZEfVxZA9ccd2Mfh6mFfftdv+kAjzVwlveCim2DbPblfoJgapi 3SFLlqmH/Nf42M3M+J1pfDgUkYbNalCWHlp6t5BbGu1qIxnwN9zuHzQJ89T1PXgF 5QkR8Bh+rLq8gDYdZ+4kII7VnUziqFZet2UBZlS7fxezO7ymAqHPyeqJQkS6xlXF OzfYm+gFRiCxdfFOcfVWr3SHUHKLcngQzO2G7sSI4jZ16ltayB3V5n8TrNHfP1Mo yEuZvZ7rR5qaHx4pGdRyCLYVH+dIBlZn/VXGeAzjuTbPbYAtdCrJo9KG/puhOC96 GRnXgw6s5JGu5lXTf5aBgJ7CbqIiu3QeRggUZIrwukqQAB2xSEc= =vcOG -----END PGP SIGNATURE-----
--- End Message ---
