Your message dated Thu, 16 Oct 2008 19:32:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#502353: fixed in jhead 2.84-1
has caused the Debian Bug report #502353,
regarding jhead: Security issues fixed in 2.84
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
502353: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502353
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: jhead
Severity: grave
Tags: security
Justification: user security hole
jhead fixes several unspecified security issues. Please see these
references for details:
http://www.sentex.net/~mwandel/jhead/changes.txt
https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020
http://article.gmane.org/gmane.comp.security.oss.general/1064
http://article.gmane.org/gmane.comp.security.oss.general/1065
Kudos to Canonical for discovering the security implications three
weeks ago and making the bug private without telling Debian. Seems
like Greg KH was right after all.
Cheers,
Moritz
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (990, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=UTF-8)
--- End Message ---
--- Begin Message ---
Source: jhead
Source-Version: 2.84-1
We believe that the bug you reported is fixed in the latest version of
jhead, which is due to be installed in the Debian FTP archive:
jhead_2.84-1.diff.gz
to pool/main/j/jhead/jhead_2.84-1.diff.gz
jhead_2.84-1.dsc
to pool/main/j/jhead/jhead_2.84-1.dsc
jhead_2.84-1_amd64.deb
to pool/main/j/jhead/jhead_2.84-1_amd64.deb
jhead_2.84.orig.tar.gz
to pool/main/j/jhead/jhead_2.84.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ludovic Rousseau <[EMAIL PROTECTED]> (supplier of updated jhead package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 16 Oct 2008 21:13:02 +0200
Source: jhead
Binary: jhead
Architecture: source amd64
Version: 2.84-1
Distribution: unstable
Urgency: high
Maintainer: Ludovic Rousseau <[EMAIL PROTECTED]>
Changed-By: Ludovic Rousseau <[EMAIL PROTECTED]>
Description:
jhead - manipulate the non-image part of Exif compliant JPEG files
Closes: 502353
Changes:
jhead (2.84-1) unstable; urgency=high
.
* New upstream release
- Closes: #502353 "Security issues fixed in 2.84"
- Fix CVE-2008-4575: "Buffer overflow in the DoCommand function in jhead
before 2.84 might allow context-dependent attackers to cause a denial of
service (crash) via (1) a long -cmd argument and (2) possibly other
unspecified vectors."
* debian/patches/05_jhead.1.dpatch: removed since applied upstream
* debian/patches/10_jhead.1.dpatch: update since not all from
05_jhead.1.dpatch has been included upstream
Checksums-Sha1:
7b68a01a40c5fc21e6b8a314b62a7d07114f746f 980 jhead_2.84-1.dsc
a433e2a57268cea30e4e66b4627025058f05ab98 62111 jhead_2.84.orig.tar.gz
48ca1098004eeb1fbaff023bd845c5448f14beba 5854 jhead_2.84-1.diff.gz
376a5985c3704d90cd7a776194ab5dd71ddfe933 45690 jhead_2.84-1_amd64.deb
Checksums-Sha256:
482fbbca6e6d31b2b076641c8b560af3f6ea03b9cd065fe8a6be8c2d92f0ffcb 980
jhead_2.84-1.dsc
734bf75354646daf28eaa0d453a09ee3cb39f4e2224a928dcfe6cfef7b4878a7 62111
jhead_2.84.orig.tar.gz
7a7d42de57ddae3e437353b20adcaeed34102fc426e72286d8311327f8b6fbed 5854
jhead_2.84-1.diff.gz
8177554d099fe0d0bb32ac5e4d1f06cd2569f7863b962b0fc7f2495f83d0f47b 45690
jhead_2.84-1_amd64.deb
Files:
708800bf4949934f35d88645302b1b7e 980 graphics optional jhead_2.84-1.dsc
7150bb13dcd336ce46169f03025cb430 62111 graphics optional jhead_2.84.orig.tar.gz
b975098c930fab866eb16f73fdc7506a 5854 graphics optional jhead_2.84-1.diff.gz
c3919134c2c742033fa1dcd6c6d80be4 45690 graphics optional jhead_2.84-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkj3lF4ACgkQP0qKj+B/HPlv0wCbBm/HAiaxTbAXQiRWXV/OwrNz
snIAn0x4z2i5D52qfnWx8IM359hu9iRj
=zkdz
-----END PGP SIGNATURE-----
--- End Message ---
