Your message dated Mon, 05 Dec 2022 20:44:10 +0000
with message-id <e1p2iju-009bh3...@fasolo.debian.org>
and subject line Bug#1021278: fixed in pngcheck 3.0.3-1
has caused the Debian Bug report #1021278,
regarding pngcheck: CVE-2020-35511
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1021278: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021278
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: pngcheck
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for pngcheck.
CVE-2020-35511[0]:
| A global buffer overflow was discovered in pngcheck function in
| pngcheck-2.4.0(5 patches applied) via a crafted png file.
Only reference here is SuSE bugzilla:
https://bugzilla.suse.com/show_bug.cgi?id=1202662#c2
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-35511
https://www.cve.org/CVERecord?id=CVE-2020-35511
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: pngcheck
Source-Version: 3.0.3-1
Done: David da Silva Polverari <david.polver...@gmail.com>
We believe that the bug you reported is fixed in the latest version of
pngcheck, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1021...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
David da Silva Polverari <david.polver...@gmail.com> (supplier of updated
pngcheck package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 05 Dec 2022 20:08:12 +0000
Source: pngcheck
Architecture: source
Version: 3.0.3-1
Distribution: unstable
Urgency: medium
Maintainer: David da Silva Polverari <david.polver...@gmail.com>
Changed-By: David da Silva Polverari <david.polver...@gmail.com>
Closes: 1021278
Changes:
pngcheck (3.0.3-1) unstable; urgency=medium
.
* New upstream version 3.0.3. (Closes: #1021278, LP: #1960400)
* debian/patches/020-manpage_whatis.patch: fixed to reflect upstream changes.
Checksums-Sha1:
d939e7c54a276e1f1e48c2a629de96893da77374 1893 pngcheck_3.0.3-1.dsc
e6a6724395874d29e61bd03e98c1b302ddccd17e 63766 pngcheck_3.0.3.orig.tar.gz
d2995328ca19d34de3f6920fd851e107aa0fe2a9 15124 pngcheck_3.0.3-1.debian.tar.xz
985d77cf052bcc967c038306d3c1a77101d371d6 5565 pngcheck_3.0.3-1_source.buildinfo
Checksums-Sha256:
441b8970ec2fc04038b6faf8f7954a4954ad7a0fe42411e1d08880ee4e20b5fd 1893
pngcheck_3.0.3-1.dsc
c36a4491634af751f7798ea421321642f9590faa032eccb0dd5fb4533609dee6 63766
pngcheck_3.0.3.orig.tar.gz
ad5730a13d6f54ec9ef7584d7056e98e5e734c3de33b2013284e3d2adf0416f3 15124
pngcheck_3.0.3-1.debian.tar.xz
590c8afd37e40b1641a572653abecc9f52f6b9fb87c8060cefc86d08122a7c40 5565
pngcheck_3.0.3-1_source.buildinfo
Files:
ac10fb26cc326fb756fd88f34d85732e 1893 graphics optional pngcheck_3.0.3-1.dsc
ac3fe8c134c16e8dec2db2bf60e2b2f2 63766 graphics optional
pngcheck_3.0.3.orig.tar.gz
7a3e93d3c25d6545ea75b501e0e5ee98 15124 graphics optional
pngcheck_3.0.3-1.debian.tar.xz
e3d5cef2b5323b1bdbf6d74b2da51c4a 5565 graphics optional
pngcheck_3.0.3-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEDTUunGhzKyZWj9leHIjoaIRpgN4FAmOOUOEACgkQHIjoaIRp
gN73axAAxKiQ5wZXgJMPQzA2Se2xaAKZUtoRLuvNi+TmJDacaH31HwguQMDff09Q
k9G70OzE1CYaOupDppHLHVkq+dhRRtGzrFok12q9wIoCKNzYjX/EJAL4P/IKqM9d
FwduF0jJfWl/EJpf6Lst0MC36ESGk+Y2abmk1GDNv+QCWiKWscy+4yNv2gqa2awZ
4zYwzaUJ31imn2ZnEV7g1NL4JIfGt+ptdbE8sqb6IZ0dVOlbq2+kC6P2Zp8NnQef
msG2wMJO5GWIafcABqZfTCOOHZr6GBALly8R+RmvQA4Ggo7Zw6rT+2rJRa0sq99f
PfPJFfnQOBkgOkgheZ3R2XkGOU4+hgGY0oJNqXnON3hYImeSrvm2xbrn8V9F+ifN
c9SNe9myt9Kba9l8IOWutt4/MjmI+Xkl5SjuWD6yUDsGi4Y8i/w+A35mPuaanDjb
aC8HkOZKEcK7f5QWTTpPh5XsEj2jwQBRoLLIoMRrwqEuAGVMtgQBiJxGn1xwIuGB
PwKxG9MywKu/+Upi8Qi845JDrZqGUyldfB+PFvJVDaoBgIGcTwTrjof3ol7imbzz
UYGjI5qAYCtGuO5hWEWBC4JF9MZA7m1vTOYsYRIuATZmqiMPrG7u8/y6QcJUYBkY
4dGhpfmxibxejIju7Obncbzwqr+M2mV4eWtJNnW0eLHQ1cjS8Ws=
=Mq6c
-----END PGP SIGNATURE-----
--- End Message ---
