Your message dated Sun, 18 Apr 2021 17:33:25 +0000 with message-id <e1lybit-0001ig...@fasolo.debian.org> and subject line Bug#985089: fixed in leptonlib 1.79.0-1.1 has caused the Debian Bug report #985089, regarding CVE-2020-36277 CVE-2020-36278 CVE-2020-36279 CVE-2020-36280 CVE-2020-36281 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 985089: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985089 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: leptonlib Severity: grave Tags: security X-Debbugs-Cc: Debian Security Team <t...@security.debian.org> CVE-2020-36281 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22140 https://github.com/DanBloomberg/leptonica/commit/5ee24b398bb67666f6d173763eaaedd9c36fb1e5 CVE-2020-36280 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23654 https://github.com/DanBloomberg/leptonica/commit/5ba34b1fe741d69d43a6c8cf767756997eadd87c CVE-2020-36279 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22512 https://github.com/DanBloomberg/leptonica/commit/3c18c43b6a3f753f0dfff99610d46ad46b8bfac4 CVE-2020-36278 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23433 https://github.com/DanBloomberg/leptonica/commit/8d6e1755518cfb98536d6c3daf0601f226d16842 CVE-2020-36277 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21997 https://github.com/DanBloomberg/leptonica/pull/499
--- End Message ---
--- Begin Message ---Source: leptonlib Source-Version: 1.79.0-1.1 Done: Thorsten Alteholz <deb...@alteholz.de> We believe that the bug you reported is fixed in the latest version of leptonlib, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 985...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thorsten Alteholz <deb...@alteholz.de> (supplier of updated leptonlib package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 18 Apr 2021 10:03:02 +0200 Source: leptonlib Architecture: source Version: 1.79.0-1.1 Distribution: unstable Urgency: medium Maintainer: Jeff Breidenbach <j...@debian.org> Changed-By: Thorsten Alteholz <deb...@alteholz.de> Closes: 985089 Changes: leptonlib (1.79.0-1.1) unstable; urgency=medium . * Non-maintainer upload by the LTS Team. (Closes: #985089) * CVE-2020-36277 denial of service (application crash) via an incorrect left shift in pixConvert2To8 in pixconv.c * CVE-2020-36278 heap-based buffer over-read in findNextBorderPixel in ccbord.c * CVE-2020-36279 heap-based buffer over-read in rasteropGeneralLow, related to adaptmap_reg.c and adaptmap.c * CVE-2020-36280 heap-based buffer over-read in pixReadFromTiffStream, related to tiffio.c * CVE-2020-36281 heap-based buffer over-read in pixFewColorsOctcubeQuantMixed in colorquant1.c Checksums-Sha1: 0ed580ac3c65b6f1e04c8f479c6933c374803fda 2123 leptonlib_1.79.0-1.1.dsc 0af3994a8d71a4d2282ef2d4fe4b94a6563cf6b3 8960 leptonlib_1.79.0-1.1.debian.tar.xz e61ccc956749f5cff164cffdd96dd8d25fe6dfde 8858 leptonlib_1.79.0-1.1_amd64.buildinfo Checksums-Sha256: 76b94cbd61b25f2b091eb776c290ec157b706ed284a81c431111ab936c587123 2123 leptonlib_1.79.0-1.1.dsc 1cfe676e5b4480431395b69c7ca4bb3d696cf25484ef5538068cfd9f850ef042 8960 leptonlib_1.79.0-1.1.debian.tar.xz 2cc64e6a5ce623696c4943d04de47fbbaaafa3d0ec66dad3cfe2514c69c1fb7c 8858 leptonlib_1.79.0-1.1_amd64.buildinfo Files: 3354cb7b2dc97a1db456403608b4bcdb 2123 graphics optional leptonlib_1.79.0-1.1.dsc f9d433b74f0985934ed52bc52b0d1f5a 8960 graphics optional leptonlib_1.79.0-1.1.debian.tar.xz 4bb8066a0d415b76e3c154f9c75057bd 8858 graphics optional leptonlib_1.79.0-1.1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmB8aahfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR1TcEADBCucmYHviTrpQmZBNLxzM4bdM0YwB TCGIs8VOH+/JN6qpRDTy6/8nuVSnd16SgeE+8StZiPqnBACEVWCJl5TH/hYAR7kZ Bge7gejVUU8TPirSTVWlzVqSduB5gKOBYWAR0flxMgtGjfvm9keCdYWyDAI+fFN2 jUKz2TSFKOF6HurH0MmaTrgtMRfP3vrBLlN4nbL4ryQ8atvi3a4fsh9USOrQtAXD 0kv4Vw+nr1LGUZkM/YyQFTBlwVLYZheQ42RWXzBWmArjNQjT5l0BpZHEDVULvGvz Lp/4ehrBKp9NQQPueHA2Nm7Z8CBij+ABNrgCfhcOK5t3pcq9keujRkcR7uQ2Q6vl SIJyXRg2q/LNF4v3HnXr30NgABX2pXrHt+NYAS8JEIMNvDQzBt3zIfdCQHRBdFYm oPxlWyLaMTdRuhKl7jDVw4xqbjZzB9wY1lYwdQNZxeDLA3zC2kv4OQtihMsFJcKq zsPGTmPgK1Wdneo+pgvHQd4F8N65VZiYX0PyU9nfW9ipHVFQof79hihfslgerwGA 9DM06hAdVC3ScDHM6w7NMTrqETWLebw2KwaM7s6SRIkf3++fA2LlxlpHe0JJMWJU QPGS942/liN1sGlvanjFlGtGBhfy68CC9HScM40OGY+fSX9/FUAqu21ei+Z5hlxa nTd0aqOxqZfDfA== =wNmg -----END PGP SIGNATURE-----
--- End Message ---
