Your message dated Sat, 05 Aug 2006 03:32:10 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#381538: fixed in libwmf 0.2.8.4-2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: libwmf0.2-7
Version: 0.2.8.4-1
Severity: grave
Tags: security
Justification: user security hole
CVE-2006-3376 reads:
Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple
products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5)
libgsf, and (6) imagemagick allows remote attackers to execute
arbitrary code via the MaxRecordSize header field in a WMF file.
Please mention the CVE-id in the changelog.
--- End Message ---
--- Begin Message ---
Source: libwmf
Source-Version: 0.2.8.4-2
We believe that the bug you reported is fixed in the latest version of
libwmf, which is due to be installed in the Debian FTP archive:
libwmf-bin_0.2.8.4-2_i386.deb
to pool/main/libw/libwmf/libwmf-bin_0.2.8.4-2_i386.deb
libwmf-dev_0.2.8.4-2_i386.deb
to pool/main/libw/libwmf/libwmf-dev_0.2.8.4-2_i386.deb
libwmf-doc_0.2.8.4-2_all.deb
to pool/main/libw/libwmf/libwmf-doc_0.2.8.4-2_all.deb
libwmf0.2-7_0.2.8.4-2_i386.deb
to pool/main/libw/libwmf/libwmf0.2-7_0.2.8.4-2_i386.deb
libwmf_0.2.8.4-2.diff.gz
to pool/main/libw/libwmf/libwmf_0.2.8.4-2.diff.gz
libwmf_0.2.8.4-2.dsc
to pool/main/libw/libwmf/libwmf_0.2.8.4-2.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Matej Vela <[EMAIL PROTECTED]> (supplier of updated libwmf package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 5 Aug 2006 12:15:57 +0200
Source: libwmf
Binary: libwmf-dev libwmf-bin libwmf-doc libwmf0.2-7
Architecture: source all i386
Version: 0.2.8.4-2
Distribution: unstable
Urgency: high
Maintainer: Matej Vela <[EMAIL PROTECTED]>
Changed-By: Matej Vela <[EMAIL PROTECTED]>
Description:
libwmf-bin - Windows metafile conversion tools
libwmf-dev - Windows metafile conversion development
libwmf-doc - Windows metafile documentation
libwmf0.2-7 - Windows metafile conversion library
Closes: 381538
Changes:
libwmf (0.2.8.4-2) unstable; urgency=high
.
* src/player.c: Fix integer overflow vulnerability. [CVE-2006-3376]
Closes: #381538.
Files:
8b795932cc57c5eaf1027958b80964ae 757 libs optional libwmf_0.2.8.4-2.dsc
a298170778683e60a72ba8e71b902561 7343 libs optional libwmf_0.2.8.4-2.diff.gz
10b916fc49e8643d1b955654f7d46b07 173646 libs optional
libwmf0.2-7_0.2.8.4-2_i386.deb
ff4ba47be59bd766fd2488dcae47cdad 16894 graphics optional
libwmf-bin_0.2.8.4-2_i386.deb
900ba8750702ed0e3c01829fb64a9a7c 193082 libdevel optional
libwmf-dev_0.2.8.4-2_i386.deb
5d9567a792f67a0c1b5b1cc382ac1af8 271704 doc optional
libwmf-doc_0.2.8.4-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFE1HFAxBYivKllgY8RAikqAJwKehRBGqZVrarqRLXexlUUULk1YACfexdk
vxlMh8dA3VUlTSyfwMblC04=
=3zYn
-----END PGP SIGNATURE-----
--- End Message ---
