Your message dated Sun, 08 Nov 2020 16:33:46 +0000 with message-id <e1kbnds-000aib...@fasolo.debian.org> and subject line Bug#948197: fixed in gthumb 3:3.8.3-0.1 has caused the Debian Bug report #948197, regarding gthumb: CVE-2019-20326: Heap buffer overflow to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 948197: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948197 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: gthumb Version: 3:3.8.0-2 Severity: important Tags: security upstream fixed-upstream Hi, The following vulnerability was published for gthumb. CVE-2019-20326[0]: |Heap buffer overflow N.B. the issue is fixed upstream repository and will be included in 3.8.3[2]. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-20326 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20326 [1] https://gitlab.gnome.org/GNOME/gthumb/commit/4faa5ce2358812d23a1147953ee76f59631590ad [2] https://gitlab.gnome.org/GNOME/gthumb/commit/14860321ce3235d420498c4f81f21003d1fb78f4 Please adjust the affected versions in the BTS as needed. -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.4.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---Source: gthumb Source-Version: 3:3.8.3-0.1 Done: Adrian Bunk <b...@debian.org> We believe that the bug you reported is fixed in the latest version of gthumb, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 948...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Adrian Bunk <b...@debian.org> (supplier of updated gthumb package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 26 Oct 2020 16:46:05 +0200 Source: gthumb Architecture: source Version: 3:3.8.3-0.1 Distribution: unstable Urgency: low Maintainer: Herbert Parentes Fortes Neto <h...@debian.org> Changed-By: Adrian Bunk <b...@debian.org> Closes: 948197 Changes: gthumb (3:3.8.3-0.1) unstable; urgency=low . * Non-maintainer upload. * New upstream release. - Includes the fix for CVE-2019-20326. (Closes: #948197) Checksums-Sha1: 58a7273d8ff59eeff5b8950b70774c68fac8652a 2335 gthumb_3.8.3-0.1.dsc 820c8c11ba2101b32ea93bb0c179c04dfe5f6b26 6060184 gthumb_3.8.3.orig.tar.xz 37a51d0f90a8b2cdec5455ec94bbdf9faba44a2d 32492 gthumb_3.8.3-0.1.debian.tar.xz Checksums-Sha256: df7d1e4ca8275899bebce9f3b5520d9478eb35e8252168de3a9a74baf9df8e98 2335 gthumb_3.8.3-0.1.dsc eff9fc5ac2ee251bc780bbe327d1f06ef1f8029ba5aa7959f68a33c992d60fa8 6060184 gthumb_3.8.3.orig.tar.xz 324c201ca38825247b04f0926ca636b55f0eac6ccd58c68d33343563d94b1d92 32492 gthumb_3.8.3-0.1.debian.tar.xz Files: 4f8210ac917d16f0448395a285f772e1 2335 gnome optional gthumb_3.8.3-0.1.dsc 4d52a1a7c9bda75c317e0c275785e4e0 6060184 gnome optional gthumb_3.8.3.orig.tar.xz 1693ce1c4405a38263965b68de335c31 32492 gnome optional gthumb_3.8.3-0.1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl+W4l4ACgkQiNJCh6LY mLF4IBAAgBl0nhlSNCKrQh84RAtOnHFVOZvP1o9xD57QsoNpYBA9fJQFsCYXKkQI o+7kOQy5+V3IPglXPbx60h1HtK8pBUFt+ltsa8ufDfIipocUSK3eRnDdE+zKGos/ d3blh8va8l2V6x/l51W0OzTe43yStE7S2IkpZy1xBazPH2yBf+s0+2W64V6Z5r2E n7AXEVTMjX8YjqkOEEmJoya2ShSVuAqywRoOfsQlKiTHGMCw3f87/LG6x5aOr5be afIYaykUqCa72tU73Jys4NsbN4pe0LuZHPjNG/SrITPW0NgAUDxURMUqQ+luiuuo t6mC+IMryhQrGPiIc20iqt3v37+GlycA4wW6bENK3EFj8PRJ29chiyA1gf41GRqu hE0sKMG0PEpA4MW+bcIVYIVqUj7NyGaN3u1qUeZqI7T+mGcU4aeuoNvklzZgJDMm GVjQJ8DkOA04qfdkPYwpf1twB7kTXkw+wF98zZRA/P6GRfrmJua+rO822zrOolhO Ti3i9p/I5FFVZWRCggkveKlup6Q8BWow2MWdRx9i2Y2nO2q/HBHJVM+n86tZOhx1 yFDynRF+McWVmAx6Ct0XXWg3wSugXXoBONtyUvWULlGC+laLY/cI2pDnry3Pta5l 8fd95FRAB0YK4s3mQkfPMh+Mzven2gSHHRtrtoea+n+L3AeVjBc= =Pbvk -----END PGP SIGNATURE-----
--- End Message ---
