Your message dated Sun, 08 Jan 2017 09:48:26 +0000
with message-id <e1cqa5s-000844...@fasolo.debian.org>
and subject line Bug#843861: fixed in potrace 1.13-3
has caused the Debian Bug report #843861,
regarding potrace: CVE-2016-8685 CVE-2016-8686
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
843861: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=843861
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: potrace
Severity: serious
Tags: security
Hi,
the following vulnerabilities were published for potrace.
CVE-2016-8685[0]:
invalid memory access in findnext (decompose.c)
CVE-2016-8686[1]:
memory allocation failure
See also:
https://blogs.gentoo.org/ago/2016/08/29/potrace-invalid-memory-access-in-findnext-decompose-c/
for more.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-8685
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8685
[1] https://security-tracker.debian.org/tracker/CVE-2016-8686
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8686
Please adjust the affected versions in the BTS as needed.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
--- End Message ---
--- Begin Message ---
Source: potrace
Source-Version: 1.13-3
We believe that the bug you reported is fixed in the latest version of
potrace, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 843...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bartosz Fenski <fe...@debian.org> (supplier of updated potrace package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 8 Jan 2017 10:24:54 +0100
Source: potrace
Binary: potrace libpotrace0 libpotrace-dev
Architecture: source amd64
Version: 1.13-3
Distribution: unstable
Urgency: high
Maintainer: Bartosz Fenski <fe...@debian.org>
Changed-By: Bartosz Fenski <fe...@debian.org>
Description:
libpotrace-dev - development files for potrace library
libpotrace0 - library for tracing bitmaps
potrace - utility to transform bitmaps into vector graphics
Closes: 843861
Changes:
potrace (1.13-3) unstable; urgency=high
.
* Fixes CVE-2016-8685 (Closes: #843861)
Checksums-Sha1:
ce5c1837eae0e57a28959be722fb6a470416e40b 1868 potrace_1.13-3.dsc
744a55c190c7c1b165356a528d5357dde4f1df1d 4192 potrace_1.13-3.debian.tar.xz
b584eaa2b1f17d269a583039b87e7d5b2ebb3fe7 12036 libpotrace-dev_1.13-3_amd64.deb
d31c82e3ae960fdd4832eb2131af55a685ba9bd9 33632
libpotrace0-dbgsym_1.13-3_amd64.deb
f25d93ab08ac5a5dd568a68616246ba937c5566f 24852 libpotrace0_1.13-3_amd64.deb
86fc5f700423d33ff3ba6de7c64caab15fdf62a4 126876 potrace-dbgsym_1.13-3_amd64.deb
c5f1feeac52d42359a5059aa1774b970ea3e4c98 5423 potrace_1.13-3_amd64.buildinfo
cd7f0ff51d39ac37ede6a8b11366259b16c279cd 77828 potrace_1.13-3_amd64.deb
Checksums-Sha256:
b8913387a6487a78c0be6a1f7c6d162d7ff8e17d9808b3cdadbadf82cb3ee0b8 1868
potrace_1.13-3.dsc
92f004f52fd2a55563f18910dbada50fd848b8010ee1b774bf050c8c78224a22 4192
potrace_1.13-3.debian.tar.xz
82e8f72a8d95c0cd2bed6b4eb2b05bf9fe2be254b8afb0ef820e8fb4e3c97e98 12036
libpotrace-dev_1.13-3_amd64.deb
5fd7c9b5ee2d8b21944c1442199c1b0515fb723b578adb4163e1c4de055045e0 33632
libpotrace0-dbgsym_1.13-3_amd64.deb
4826d429ad835d2da62125ea6706c7b5e835037341b3061e37dd3b191ad87c79 24852
libpotrace0_1.13-3_amd64.deb
ca5f15759a8484d7c8fa9abf4c154ec25cc3361b03b2bdb01c7388af3078d6d8 126876
potrace-dbgsym_1.13-3_amd64.deb
1ca29b2ddf710a563a64ca7a29ff001c2ddba0e55347ff908fd89644d88b4da8 5423
potrace_1.13-3_amd64.buildinfo
cf2a89da67ab7e4f535dbf84554d8c6c42ae404c4de60a6bd886ab6339772508 77828
potrace_1.13-3_amd64.deb
Files:
79d7cc9e4513b32b407ce36d3ae69c89 1868 graphics optional potrace_1.13-3.dsc
aea5bfa3a237273ed3e17027311bb5c8 4192 graphics optional
potrace_1.13-3.debian.tar.xz
8811970fa85396aa860ea49cd0940f2e 12036 libdevel optional
libpotrace-dev_1.13-3_amd64.deb
c5d5b26f74aa37f7735ee0929f4e8aab 33632 debug extra
libpotrace0-dbgsym_1.13-3_amd64.deb
502c73214e18d9f4f3dcb980fc4cbeaf 24852 libs optional
libpotrace0_1.13-3_amd64.deb
910e92c1e0b1c0a294a2b9b7aa1845e1 126876 debug extra
potrace-dbgsym_1.13-3_amd64.deb
82b97c7c1d423c39f38b2d5e9067a5fd 5423 graphics optional
potrace_1.13-3_amd64.buildinfo
906385c0e9f839cd2862c9334c80566f 77828 graphics optional
potrace_1.13-3_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCAAvFiEEK+x51vtJ+yJ4cpAbsNnUqDzTu8EFAlhyBoERHGZlbmlvQGRl
Ymlhbi5vcmcACgkQsNnUqDzTu8H+Og//Woq6CpS5bkX/8nXEMl/pUjnl5nEl/Je5
6aAgGd0QsH9yBJpYGv0RJ9sF0mX+KaO04MKYC9cLSvfbHGKetntwgoiOjJmuydvL
15qqSKnmcCp1yD7EY4/4bDImnI+aUh70spQJBBl3kCKaAkGjgkLeAxG9ITddHh7J
uz+yjwVDXBrAK6VLoBpGaa126GXDmNsbVE2mfdoYaDS06zj5MHIfNvsLw5Jz394t
MF/cpK1FN8prTva3IMH+JYd20ocbRBIS1/Ql10IkkUZjsEqnzqGkOhRMgH4Ly8vn
nuW9iiCE0g974OXcgBHo76iwkBQYE3nEqYCCsgWBSx3MU8fiz1d5MNEzfuo8jl2s
M1YfLZg8zvua9Hcq7ThIU2bj5Wn7NdpIepOB3v4GsBBwJhIMRn369Ro2TYO/1NPW
FY1yp9FUx777pFMOdooHlZBZSpxBkl1EgtCp19mUxYM6j8TnJIK09pcC3x922U9y
G82Zsso5qZGek854rgky+bxWZeQF/iulAvc0sS00t8Ec8obiyH+NzT9eg3SU9jRm
x6UwakYxTWgJ562WK8DpBfDGeOOfK8OYkJ91m9XIzATyVIu0wMiKnloYZsF7qbl2
Q7fgEeLOwtpkR6Blm2r6aVZdLQL30aXNsLTwyuISuKjwA5zAht/bRQ4XMka8FDZN
c5zv3XlOang=
=tsL7
-----END PGP SIGNATURE-----
--- End Message ---
