Your message dated Sun, 17 Mar 2019 21:49:10 +0000 with message-id <e1h5dey-0008nk...@fasolo.debian.org> and subject line Bug#923416: fixed in advancecomp 2.1-2 has caused the Debian Bug report #923416, regarding advancecomp: CVE-2019-9210 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 923416: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923416 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: advancecomp Version: 2.1-1 Severity: important Tags: security upstream Forwarded: https://sourceforge.net/p/advancemame/bugs/277/ Hi, The following vulnerability was published for advancecomp. CVE-2019-9210[0]: | In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer | overflow upon encountering an invalid PNG size, which results in an | attempted memcpy to write into a buffer that is too small. (There is | also a heap-based buffer over-read.) If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-9210 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9210 [1] https://sourceforge.net/p/advancemame/bugs/277/ Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: advancecomp Source-Version: 2.1-2 We believe that the bug you reported is fixed in the latest version of advancecomp, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 923...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Piotr Ożarowski <pi...@debian.org> (supplier of updated advancecomp package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 17 Mar 2019 22:28:03 +0100 Source: advancecomp Binary: advancecomp advancecomp-dbgsym Architecture: source amd64 Version: 2.1-2 Distribution: unstable Urgency: high Maintainer: Piotr Ożarowski <pi...@debian.org> Changed-By: Piotr Ożarowski <pi...@debian.org> Description: advancecomp - collection of recompression utilities Closes: 923416 Changes: advancecomp (2.1-2) unstable; urgency=high . [ Salvatore Bonaccorso ] * Fix a buffer overflow with image of invalid size (CVE-2019-9210) (Closes: #923416) Checksums-Sha1: 260ea90be67369fe0af83d66da2ba8880cdfbd1d 1755 advancecomp_2.1-2.dsc d1cf5f57ec0d69a7e83d853ab2ad0e51e44265c7 3840 advancecomp_2.1-2.debian.tar.xz aef3fe4e9df8c5883ef96426cb8ce98a89cc8ee8 2466472 advancecomp-dbgsym_2.1-2_amd64.deb 908db7aa1b8647b0512cec43f817841b2f2429cd 5819 advancecomp_2.1-2_amd64.buildinfo ed97750bc87482d9ff0de0ff0e2b952c245fc02c 205300 advancecomp_2.1-2_amd64.deb Checksums-Sha256: 691395e99618b5d7602682a92a2c99b553f092c7dc49e29456fcac2c7911c534 1755 advancecomp_2.1-2.dsc 0412a369bc6a7aef2ac6b7a7c8dc6934c4908db52de288a668999b818b91c701 3840 advancecomp_2.1-2.debian.tar.xz 9529f9413296dbf93989a11342e0aff14c60213f160c35c5e82c764df9f8e470 2466472 advancecomp-dbgsym_2.1-2_amd64.deb 019623fd9a9695de0db96cd41a1856ac3192603f1843b68f6609037078dd4c3b 5819 advancecomp_2.1-2_amd64.buildinfo 8e3984df8f5fe496b662bb2d44beeca3ee592534dd69b1ca92132cb181b0d330 205300 advancecomp_2.1-2_amd64.deb Files: 4a5ded0aa13b337b47c3ccfc2366bca5 1755 utils optional advancecomp_2.1-2.dsc 9aaa9a34ee28472fdb2e62a9240879e1 3840 utils optional advancecomp_2.1-2.debian.tar.xz 5dc903a62d10e972b2927a910b881c74 2466472 debug optional advancecomp-dbgsym_2.1-2_amd64.deb d80cefecf64c11ea0c82df7549bf919e 5819 utils optional advancecomp_2.1-2_amd64.buildinfo 8e73051898e51c91d7ab612c593fe8b4 205300 utils optional advancecomp_2.1-2_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEHS+omFjar2IXhi33rvbxoqdFdkUFAlyOvWsACgkQrvbxoqdF dkXwKhAAtymL8WttnZEf66CQp70W8pcKo2+fwjFWdZpX1PwpYlBZv/x+5oZg1vN6 /B6i68FUD2au8Dwms3IHbV//tPOMXdJAfsv1wT5exala3y+a+TS8bxVrBo92t0Mw FwpA9PYtoFpvoGuaCbvE6HhhM4FCXLoFE2NBsqoyZuuQoGodQBjZMhyzUC8Yn2yq P2W/Kk/nL1a0eLBpMagASI+LC6YWDxDHq8+QsSxbxnKS6lTUkoDHBxQga4DX171V 9BHydGKbsaJv8zHVeFviA64kMC5KRGRjXD7czBEXEEwh/xtJdkhxNOs9NTgcubKf tsDIgXjsU5baSZ7J/RmfQdddCRIRlx1SLSSz47rt8jTVy0n0mlFObTExNF/tPIEl +x91V3KkWyZcPj+jmW8OJgYu3HNZRL9433lx0qgoQL3AyfY75xPowxD7Rn7NN5Zk yWWQqhNOL4LLpyM0maHBVjQIy1sywSX3T09kSQ7JYl0BzMpNdhKdoNz2FRAusGft qPWbqcsgB9X6OGaYhTmKYQjFacuacsDDh3nBWUpYy/WUeZAdYSai693gbI+gPceH 7r1uXpU+hxYyCQl4dZdTQriLPPOYtI/Sc2aHUOM1Ih7Gls6fvEstP8r9ckPEyed3 8qfk12414DetAaaxVxbvW7lCA6rtIb4ewFHR6WYgQ6VLtbiAbjM= =jyuf -----END PGP SIGNATURE-----
--- End Message ---
