Your message dated Thu, 07 Feb 2008 21:32:04 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#464056: fixed in netpbm-free 2:10.0-11.1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: netpbm
Version: 2:10.0-11
Severity: important
Tags: security
The gif from http://people.debian.org/~seanius/security/php/poc/38112.gif
causes a buffer overflow in giftopnm, too.
See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=384838
or tk8.5 8.5.0-3 for patches for the same problem in other packages.
--- End Message ---
--- Begin Message ---
Source: netpbm-free
Source-Version: 2:10.0-11.1
We believe that the bug you reported is fixed in the latest version of
netpbm-free, which is due to be installed in the Debian FTP archive:
libnetpbm10-dev_10.0-11.1_i386.deb
to pool/main/n/netpbm-free/libnetpbm10-dev_10.0-11.1_i386.deb
libnetpbm10_10.0-11.1_i386.deb
to pool/main/n/netpbm-free/libnetpbm10_10.0-11.1_i386.deb
libnetpbm9-dev_10.0-11.1_i386.deb
to pool/main/n/netpbm-free/libnetpbm9-dev_10.0-11.1_i386.deb
libnetpbm9_10.0-11.1_i386.deb
to pool/main/n/netpbm-free/libnetpbm9_10.0-11.1_i386.deb
netpbm-free_10.0-11.1.diff.gz
to pool/main/n/netpbm-free/netpbm-free_10.0-11.1.diff.gz
netpbm-free_10.0-11.1.dsc
to pool/main/n/netpbm-free/netpbm-free_10.0-11.1.dsc
netpbm_10.0-11.1_i386.deb
to pool/main/n/netpbm-free/netpbm_10.0-11.1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <[EMAIL PROTECTED]> (supplier of updated netpbm-free package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 07 Feb 2008 20:31:46 +0100
Source: netpbm-free
Binary: netpbm libnetpbm10 libnetpbm10-dev libnetpbm9 libnetpbm9-dev
Architecture: source i386
Version: 2:10.0-11.1
Distribution: unstable
Urgency: high
Maintainer: Andreas Barth <[EMAIL PROTECTED]>
Changed-By: Nico Golde <[EMAIL PROTECTED]>
Description:
libnetpbm10 - Shared libraries for netpbm
libnetpbm10-dev - Development libraries and header files
libnetpbm9 - Shared libraries for netpbm
libnetpbm9-dev - Development libraries and header files
netpbm - Graphics conversion tools
Closes: 464056
Changes:
netpbm-free (2:10.0-11.1) unstable; urgency=high
.
* Non-maintainer upload by security team.
* This update addresses the following security issue:
- CVE-2008-0554: The readImageData function in giftopnm.c does not
properly check the upper bound of a fixed size array leading to a
buffer overflow and possibly code execution (Closes: #464056).
Files:
ae3a531cc84b21dcd60db88a02ae7767 743 graphics optional
netpbm-free_10.0-11.1.dsc
a4ad8a540d0861d518721e8747621f40 50716 graphics optional
netpbm-free_10.0-11.1.diff.gz
2bdecf771439e63d3ee954fbb25fa127 1202384 graphics optional
netpbm_10.0-11.1_i386.deb
0b81be609bfe60385368c5c4f9ecb037 64660 libs optional
libnetpbm10_10.0-11.1_i386.deb
9c791b55b01df4d4b428c4312e2c1d4a 110228 libdevel optional
libnetpbm10-dev_10.0-11.1_i386.deb
d0f0b480d27b56ec7a9ddd90a02a707d 70782 libs optional
libnetpbm9_10.0-11.1_i386.deb
97c29a7c735b5c10743ee26c7d01578a 109842 libdevel optional
libnetpbm9-dev_10.0-11.1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHq3LWHYflSXNkfP8RAmlSAJ9dS1setE+vBNw9Wk3+o5e5zKrhRQCeI8gl
/OiYfWIlKMpKig+ODRdUY+4=
=aj2E
-----END PGP SIGNATURE-----
--- End Message ---