Your message dated Fri, 23 Dec 2022 12:47:13 +0000 with message-id <e1p8hsd-0074en...@fasolo.debian.org> and subject line Bug#1021278: fixed in pngcheck 3.0.3-1~deb11u1 has caused the Debian Bug report #1021278, regarding pngcheck: CVE-2020-35511 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1021278: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021278 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: pngcheck X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for pngcheck. CVE-2020-35511[0]: | A global buffer overflow was discovered in pngcheck function in | pngcheck-2.4.0(5 patches applied) via a crafted png file. Only reference here is SuSE bugzilla: https://bugzilla.suse.com/show_bug.cgi?id=1202662#c2 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-35511 https://www.cve.org/CVERecord?id=CVE-2020-35511 Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---Source: pngcheck Source-Version: 3.0.3-1~deb11u1 Done: Moritz <j...@debian.org> We believe that the bug you reported is fixed in the latest version of pngcheck, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1021...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Moritz <j...@debian.org> (supplier of updated pngcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 09 Dec 2022 17:54:41 +0100 Source: pngcheck Architecture: source Version: 3.0.3-1~deb11u1 Distribution: bullseye-security Urgency: medium Maintainer: David da Silva Polverari <david.polver...@gmail.com> Changed-By: Moritz <j...@debian.org> Closes: 1021278 Changes: pngcheck (3.0.3-1~deb11u1) bullseye-security; urgency=medium . * Rebuild for stable, pretty much all of the changes since 2.3.0 are security fixes, besides CVE-2020-35511, there's also several without CVE IDs assigned. Upstream dropped the -f option as a security fix, as such it's also missing in this upload (Closes: #1021278) Checksums-Sha1: 2da125fa77fea2f321b257275f9c89fa2de632fa 1925 pngcheck_3.0.3-1~deb11u1.dsc e6a6724395874d29e61bd03e98c1b302ddccd17e 63766 pngcheck_3.0.3.orig.tar.gz 8f94d1d1f06de0fb3dd86862834c3b8e272372cc 15288 pngcheck_3.0.3-1~deb11u1.debian.tar.xz 46114acd2e7b39a57dabc9cd1e1ebbfd3784055c 5807 pngcheck_3.0.3-1~deb11u1_source.buildinfo Checksums-Sha256: b38a3e5cbd64ac80a88c37fa15c514322360f0af735a4c6637604adb9f107ef6 1925 pngcheck_3.0.3-1~deb11u1.dsc c36a4491634af751f7798ea421321642f9590faa032eccb0dd5fb4533609dee6 63766 pngcheck_3.0.3.orig.tar.gz 7e52e8648cdc5e238e2469393aebb982d3c5bbc84ad75ca70cc28e9037962a3c 15288 pngcheck_3.0.3-1~deb11u1.debian.tar.xz ce9b45fa61c73875978e30b3d35ddb980ae5b74189a206381abb8164afa98e7f 5807 pngcheck_3.0.3-1~deb11u1_source.buildinfo Files: b76973b62bd563a3300069bed7ca99e9 1925 graphics optional pngcheck_3.0.3-1~deb11u1.dsc ac3fe8c134c16e8dec2db2bf60e2b2f2 63766 graphics optional pngcheck_3.0.3.orig.tar.gz 205fe83f0fba2e9b1321f3490e64d560 15288 graphics optional pngcheck_3.0.3-1~deb11u1.debian.tar.xz 76531b10defc42f3402d39ff1b0e1ac5 5807 graphics optional pngcheck_3.0.3-1~deb11u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmOTWvkACgkQEMKTtsN8 TjaHfw//S+9U9fSuCwJMy47KiXuOGUFVH/9kWocuqGB6Z8sSdWzFhOhccZXDkqDs GOlRD60B+VQlB4emmXDwihNYJPJDLS+UW984a6r8v+tyLoBro3XRsDv3rBg/OAbO mqcUdmPMYlHiSwMV81WmP2a/GIA8QCoFzfW+E11GZDGdcUo9LLTa97bobhhT2cLd o9nhnbBuHQyKXYLXCJUciPkJvfdg3Wmt/FrrGzXohjad/7rf5lLKgNpGFVVS12zo 7AANOWK0RBosFqyZyi6GSy7WDi2lstusYZR2J/3xJ4jB8JyBlOe4Ba15HHK5/jp8 NNfEseyeg4mf+OzEdL3HKStrLWIGki6T3ba/xpXN9vGUpO9a5FGGOi99cmAgZPid H/R6lMU/hE5WnRHGxvJtg04eoHB39EDrcb5KryeUtGduC8EJ6Y1tuBh1apsXnV8V xYmpbDsXpUjbvP6qoFxKXpluBcQo7IA9ezENRZ2ipYbBFdfBnVSxTxLMCPOBuNsS YBXuBZT/DHlP0hyTkLEe7uRCekxzCsAMGG+uWGoxl531xNOg7KO1UTwcP3lip66j tVt3WKq2DAppRP/4J05u5Mfpw0vvvO4XvznY/z3e5KE34D3II7KEEVL8HnAuE8Gx sVvUfj+L6lLrXpeLaykJIz58OVFQbhTp8WsFcIAY5I1nDRrnwUQ= =tyjV -----END PGP SIGNATURE-----
--- End Message ---
