Your message dated Sat, 09 Feb 2019 21:47:26 +0000 with message-id <e1gsat8-0003id...@fasolo.debian.org> and subject line Bug#920728: fixed in libgd2 2.2.4-2+deb9u4 has caused the Debian Bug report #920728, regarding libgd2: CVE-2019-6978 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 920728: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920728 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libgd2 Version: 2.2.5-5 Severity: grave Tags: security upstream Justification: user security hole Forwarded: https://github.com/libgd/libgd/issues/492 Hi, The following vulnerability was published for libgd2. CVE-2019-6978[0]: | The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the | gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. | NOTE: PHP is unaffected. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-6978 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6978 [1] https://github.com/libgd/libgd/issues/492 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libgd2 Source-Version: 2.2.4-2+deb9u4 We believe that the bug you reported is fixed in the latest version of libgd2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 920...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated libgd2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 02 Feb 2019 10:49:03 +0100 Source: libgd2 Binary: libgd-tools libgd-dev libgd3 Architecture: source Version: 2.2.4-2+deb9u4 Distribution: stretch-security Urgency: high Maintainer: GD team <pkg-gd-de...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 920645 920728 Description: libgd-dev - GD Graphics Library (development version) libgd-tools - GD command line tools and example code libgd3 - GD Graphics Library Changes: libgd2 (2.2.4-2+deb9u4) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * Heap-based buffer overflow in gdImageColorMatch (CVE-2019-6977) (Closes: #920645) * Potential double-free in gdImage*Ptr() (CVE-2019-6978) (Closes: #920728) Checksums-Sha1: fab60b8ba18d41caa1ede6f9c629b0fb023f9b80 2346 libgd2_2.2.4-2+deb9u4.dsc f2825f40ee181d22ac7c7a332662980f52484377 30244 libgd2_2.2.4-2+deb9u4.debian.tar.xz Checksums-Sha256: 10d21c630e27d5984d71ee8c9df57431438f4f9198975d27070f36f4b3bb1351 2346 libgd2_2.2.4-2+deb9u4.dsc 99207705ac51c2e6ec915987531feadfbd5ab3fabd6c97998501d866443f88ef 30244 libgd2_2.2.4-2+deb9u4.debian.tar.xz Files: 8caef9413ab03bc2a0dc20e372fea579 2346 graphics optional libgd2_2.2.4-2+deb9u4.dsc 7070ecdee544d47e607f223374593af4 30244 graphics optional libgd2_2.2.4-2+deb9u4.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlxVaJhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EyNoP/1IXf8pwuoK04SRlYxiHYdwqCVVnVGSX bRmWaQUxLd4LHg4t6Pj2hS/mWNIg/DXfTIOrab/VTxjqFUEKgQjw4OOweUz9bz3q Gz9lUYcSInCExy/3UX6EYydOm6F/UzznCku+vFpIfUdHy9wKfXDqIe22euPpZfSi 6benz08PYbJ1NM++2PnUIZ8iWl5Ulbp9p7wYTPiXRUFfvKKsgPWsBdbHAo9I0jUW B8qxVc+QjZKGHqttTiG7X4IYn2eDZMBnWAslbGn/lxiUxUjUey0gElfX4MaxvjAZ k5Fx0UlD8zRjlrwjKG2PwZx4BBNhGuDQmJtzhfyFpZpckctNIZ0fyQxRHy00VpBI +BXcqkDvuBYNXoS7vDNGBqxjvizDmWuUMYTp8MxZYu5OmfU+IfI+sF5WC2ooocMq Emczm06rBPqAOC/j3sCJkK3jSqpNUG2EKI7LUioIBlKNfeRCeymE6VrIv2HpE+y2 azKNKzExePHsL3vONRAmENxTJjjH1MN4SPk+Ms675lb6s6s5IETcuRHAasb+Y4mQ w+iWVIRLjSlhfR8D6VUnpF/9jlLgmY6kKbs6plOpH8IaEpUfYzVX25Gs8+ohJWq2 mt0jnJ2uNCXTvFOJaAqhSYt9OTcQkpHTCUPPk28oE0N/fvSwBI6gtEgDWkNpS+tJ HJo8aLmJllgb =yNy+ -----END PGP SIGNATURE-----
--- End Message ---
