Your message dated Sat, 03 Oct 2009 16:24:22 +0000
with message-id <[email protected]>
and subject line Bug#537175: fixed in wxwidgets2.6 2.6.3.2.2-3.1
has caused the Debian Bug report #537175,
regarding CVE-2009-2369: Integer overflow in the wxImage::Create function
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
537175: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=537175
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: wxwidgets2.8
Severity: grave
Tags: security patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for wxwidgets2.8.
CVE-2009-2369[0]:
| Integer overflow in the wxImage::Create function in
| src/common/image.cpp in wxWidgets 2.8.10 allows attackers to cause a
| denial of service (crash) and possibly execute arbitrary code via a
| crafted JPEG file, which triggers a heap-based buffer overflow. NOTE:
| the provenance of this information is unknown; the details are
| obtained solely from third party information.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2369
http://security-tracker.debian.net/tracker/CVE-2009-2369
Patch:
http://trac.wxwidgets.org/changeset/60875
http://trac.wxwidgets.org/changeset/60876
http://trac.wxwidgets.org/changeset/60897
Cheers,
Giuseppe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkpeI6IACgkQNxpp46476ao5awCgjQl+5bM8qo94jOMVtWpZyGAK
5toAnjAKmNUXAkPypElmQY1l0q30hFZ3
=Comj
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: wxwidgets2.6
Source-Version: 2.6.3.2.2-3.1
We believe that the bug you reported is fixed in the latest version of
wxwidgets2.6, which is due to be installed in the Debian FTP archive:
libwxbase2.6-0_2.6.3.2.2-3.1_i386.deb
to pool/main/w/wxwidgets2.6/libwxbase2.6-0_2.6.3.2.2-3.1_i386.deb
libwxbase2.6-dbg_2.6.3.2.2-3.1_i386.deb
to pool/main/w/wxwidgets2.6/libwxbase2.6-dbg_2.6.3.2.2-3.1_i386.deb
libwxbase2.6-dev_2.6.3.2.2-3.1_i386.deb
to pool/main/w/wxwidgets2.6/libwxbase2.6-dev_2.6.3.2.2-3.1_i386.deb
libwxgtk2.6-0_2.6.3.2.2-3.1_i386.deb
to pool/main/w/wxwidgets2.6/libwxgtk2.6-0_2.6.3.2.2-3.1_i386.deb
libwxgtk2.6-dbg_2.6.3.2.2-3.1_i386.deb
to pool/main/w/wxwidgets2.6/libwxgtk2.6-dbg_2.6.3.2.2-3.1_i386.deb
libwxgtk2.6-dev_2.6.3.2.2-3.1_i386.deb
to pool/main/w/wxwidgets2.6/libwxgtk2.6-dev_2.6.3.2.2-3.1_i386.deb
python-wxgtk2.6-dbg_2.6.3.2.2-3.1_i386.deb
to pool/main/w/wxwidgets2.6/python-wxgtk2.6-dbg_2.6.3.2.2-3.1_i386.deb
python-wxgtk2.6_2.6.3.2.2-3.1_i386.deb
to pool/main/w/wxwidgets2.6/python-wxgtk2.6_2.6.3.2.2-3.1_i386.deb
python-wxtools_2.6.3.2.2-3.1_all.deb
to pool/main/w/wxwidgets2.6/python-wxtools_2.6.3.2.2-3.1_all.deb
python-wxversion_2.6.3.2.2-3.1_all.deb
to pool/main/w/wxwidgets2.6/python-wxversion_2.6.3.2.2-3.1_all.deb
wx-common_2.6.3.2.2-3.1_i386.deb
to pool/main/w/wxwidgets2.6/wx-common_2.6.3.2.2-3.1_i386.deb
wx2.6-doc_2.6.3.2.2-3.1_all.deb
to pool/main/w/wxwidgets2.6/wx2.6-doc_2.6.3.2.2-3.1_all.deb
wx2.6-examples_2.6.3.2.2-3.1_all.deb
to pool/main/w/wxwidgets2.6/wx2.6-examples_2.6.3.2.2-3.1_all.deb
wx2.6-headers_2.6.3.2.2-3.1_i386.deb
to pool/main/w/wxwidgets2.6/wx2.6-headers_2.6.3.2.2-3.1_i386.deb
wx2.6-i18n_2.6.3.2.2-3.1_all.deb
to pool/main/w/wxwidgets2.6/wx2.6-i18n_2.6.3.2.2-3.1_all.deb
wxwidgets2.6_2.6.3.2.2-3.1.diff.gz
to pool/main/w/wxwidgets2.6/wxwidgets2.6_2.6.3.2.2-3.1.diff.gz
wxwidgets2.6_2.6.3.2.2-3.1.dsc
to pool/main/w/wxwidgets2.6/wxwidgets2.6_2.6.3.2.2-3.1.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Giuseppe Iuculano <[email protected]> (supplier of updated wxwidgets2.6
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 03 Oct 2009 12:57:53 +0200
Source: wxwidgets2.6
Binary: libwxbase2.6-0 libwxbase2.6-dev libwxbase2.6-dbg libwxgtk2.6-0
libwxgtk2.6-dev libwxgtk2.6-dbg python-wxgtk2.6 python-wxgtk2.6-dbg
python-wxversion python-wxtools wx-common wx2.6-headers wx2.6-i18n wx2.6-doc
wx2.6-examples libwxmsw2.6-dev libwxmsw2.6-dbg wx2.6-headers-msw
Architecture: source i386 all
Version: 2.6.3.2.2-3.1
Distribution: unstable
Urgency: high
Maintainer: Ron Lee <[email protected]>
Changed-By: Giuseppe Iuculano <[email protected]>
Description:
libwxbase2.6-0 - wxBase library (runtime) - non-GUI support classes of
wxWidgets t
libwxbase2.6-dbg - wxBase library (debug) - non-GUI support classes of
wxWidgets too
libwxbase2.6-dev - wxBase library (development) - non-GUI support classes of
wxWidge
libwxgtk2.6-0 - wxWidgets Cross-platform C++ GUI toolkit (GTK+ runtime)
libwxgtk2.6-dbg - wxWidgets Cross-platform C++ GUI toolkit (GTK+ development)
libwxgtk2.6-dev - wxWidgets Cross-platform C++ GUI toolkit (GTK+ development)
libwxmsw2.6-dbg - wxMSW mingw32msvc-cross (debug)
libwxmsw2.6-dev - wxMSW mingw32msvc-cross
python-wxgtk2.6 - wxWidgets Cross-platform C++ GUI toolkit (wxPython binding)
python-wxgtk2.6-dbg - wxWidgets Cross-platform C++ GUI toolkit (wxPython
binding, debug
python-wxtools - wxWidgets Cross-platform C++ GUI toolkit (wxPython common
files)
python-wxversion - wxWidgets Cross-platform C++ GUI toolkit (wxPython version
select
wx-common - wxWidgets Cross-platform C++ GUI toolkit (common support files)
wx2.6-doc - wxWidgets Cross-platform C++ GUI toolkit (documentation)
wx2.6-examples - wxWidgets Cross-platform C++ GUI toolkit (examples)
wx2.6-headers - wxWidgets Cross-platform C++ GUI toolkit (header files)
wx2.6-headers-msw - Extra wxWidgets headers for mingw32msvc-cross
wx2.6-i18n - wxWidgets Cross-platform C++ GUI toolkit (i18n support)
Closes: 537175
Changes:
wxwidgets2.6 (2.6.3.2.2-3.1) unstable; urgency=high
.
* Non-maintainer upload by the testing Security Team
* Fixed Integer overflow in the wxImage::Create function.
(CVE-2009-2369) (Closes: #537175)
* Avoid name clashes with GSocket from glib 2.21+ and fixed FTBFS
Checksums-Sha1:
b0ab200481e29b8473466d16420df294c5d91066 1562 wxwidgets2.6_2.6.3.2.2-3.1.dsc
1bfe21724a1e34908e03ca244c4b3dfd3ffc8bf2 117395
wxwidgets2.6_2.6.3.2.2-3.1.diff.gz
7dea6b38baa1c38725ab8f3dbee83693fc296a34 550760
libwxbase2.6-0_2.6.3.2.2-3.1_i386.deb
bf8990bf4db9f6fbef3528e59f8664129bb07772 37334
libwxbase2.6-dev_2.6.3.2.2-3.1_i386.deb
49d0405b4ae36465d77845afb4694ebc040b4422 3037526
libwxbase2.6-dbg_2.6.3.2.2-3.1_i386.deb
63d468d9fc1ff85befb606ddd5c815defcdb16df 2774170
libwxgtk2.6-0_2.6.3.2.2-3.1_i386.deb
04ab2494a212bc78a4c3ecccaa8d3828db6fa40c 37600
libwxgtk2.6-dev_2.6.3.2.2-3.1_i386.deb
c7dd81ef074d81fe65efd191f775b3dff32e23ae 18553118
libwxgtk2.6-dbg_2.6.3.2.2-3.1_i386.deb
baa64656500ea1c817acef63216844821e0c9312 4932676
python-wxgtk2.6_2.6.3.2.2-3.1_i386.deb
e4e547d36c501ce0f45727d3576027d94f80abf0 18671496
python-wxgtk2.6-dbg_2.6.3.2.2-3.1_i386.deb
34a245214c434baf4bcab2b387ff949fb22bbab7 48322 wx-common_2.6.3.2.2-3.1_i386.deb
7f5ae309fee1521b4f7f062f7274da4701853b1a 898994
wx2.6-headers_2.6.3.2.2-3.1_i386.deb
f9c257042cee41e12d515f5b9933eb8a36aeac07 23684
python-wxversion_2.6.3.2.2-3.1_all.deb
92790caa127a88b00276dd0ee54c7d84db65122b 18838
python-wxtools_2.6.3.2.2-3.1_all.deb
ac8206fbf199a8b508e416c440f12db5bda8740e 669032
wx2.6-i18n_2.6.3.2.2-3.1_all.deb
c3f07cdb9b9d4fd9516ea38ed5fe63a43365ab63 1253708
wx2.6-doc_2.6.3.2.2-3.1_all.deb
bc9cb6cf7d2d0a9f47817d2273ccee6c33b66629 3630090
wx2.6-examples_2.6.3.2.2-3.1_all.deb
Checksums-Sha256:
2e9cb43a2d51184106617f225a2936ffdce3aea60aa455ec6031329ba83b6780 1562
wxwidgets2.6_2.6.3.2.2-3.1.dsc
c96eb4cba21a832c09da36890a58eba64a2504c0fcd52ec38a7361cfd4aed75c 117395
wxwidgets2.6_2.6.3.2.2-3.1.diff.gz
8cf3a063d2a592e3f296ea810a46a9116b8781aeba846a1eedb17e1ceeb8eb5c 550760
libwxbase2.6-0_2.6.3.2.2-3.1_i386.deb
dfd459368255c1d653f517f6a83570a94573afc387de8d0001155b86c97984ae 37334
libwxbase2.6-dev_2.6.3.2.2-3.1_i386.deb
1bca220c9772fb840cd15f9770001ecc9279362c080cfc5f8e652fa48ce2ce24 3037526
libwxbase2.6-dbg_2.6.3.2.2-3.1_i386.deb
5ae2010f8cb4cff264587b2126c42fe924dbb4dd0c33d6f3e2b017b05901ec97 2774170
libwxgtk2.6-0_2.6.3.2.2-3.1_i386.deb
ea321bd82eabb2798fd477357842dfdd5f5d241190b51d566f6856b7d11703ab 37600
libwxgtk2.6-dev_2.6.3.2.2-3.1_i386.deb
d372114a1cf3a4bd845f712255662a8c539b4d45a007e613e7e41ce292033fc5 18553118
libwxgtk2.6-dbg_2.6.3.2.2-3.1_i386.deb
45fac5a44d58061e81bc5ad92c4c808a976d9e5b39be2284f04e4e3fc1f74513 4932676
python-wxgtk2.6_2.6.3.2.2-3.1_i386.deb
f53330617db0f541b5a23342394bd65d4ab44942cddf36028d01fc4f552e190a 18671496
python-wxgtk2.6-dbg_2.6.3.2.2-3.1_i386.deb
a9f503eaf5a689a28c72ae4e6e2c6538e6476c1cda1a867e42773b37b276fb91 48322
wx-common_2.6.3.2.2-3.1_i386.deb
1857b2c5c4e298323a427ed69a7921262ec75851403ba008384afb3c81244043 898994
wx2.6-headers_2.6.3.2.2-3.1_i386.deb
f972b74bc634ecc72c1e2eed7c18fda13929011181875245eac2ff845a7f3cdc 23684
python-wxversion_2.6.3.2.2-3.1_all.deb
fa8c2134c93b818f22f7772ab89b69dab7778d3fb979e2382e08da6bc17caf5b 18838
python-wxtools_2.6.3.2.2-3.1_all.deb
87b7b436ce8219ad16f8e1d4cee0ab3985c73e5e2286f694a3efcde78c3241ff 669032
wx2.6-i18n_2.6.3.2.2-3.1_all.deb
765e1dfc1ae8f7f37d12e964901d6d331d5c5178d3526c00f66d5fa07cab2fe7 1253708
wx2.6-doc_2.6.3.2.2-3.1_all.deb
9583d069c40cf47f37d154dac7443cc6ab134756975d69b535dc4c37e5385d58 3630090
wx2.6-examples_2.6.3.2.2-3.1_all.deb
Files:
cecfd168f90078b588eecfaac6a391af 1562 libs optional
wxwidgets2.6_2.6.3.2.2-3.1.dsc
6cd1b9bb2c051c3a3de3adc1dbad67bd 117395 libs optional
wxwidgets2.6_2.6.3.2.2-3.1.diff.gz
2072f645f5648a21fec65f7697f29002 550760 libs optional
libwxbase2.6-0_2.6.3.2.2-3.1_i386.deb
932d9b3c5b49af8e62ebc29f14158293 37334 libdevel optional
libwxbase2.6-dev_2.6.3.2.2-3.1_i386.deb
406e9adf3c7ed602ca1049282fd3529d 3037526 libdevel extra
libwxbase2.6-dbg_2.6.3.2.2-3.1_i386.deb
228776a983174cb999e76417a687fe5d 2774170 libs optional
libwxgtk2.6-0_2.6.3.2.2-3.1_i386.deb
27410479a19c9646a931fd9b845f4eb6 37600 libdevel optional
libwxgtk2.6-dev_2.6.3.2.2-3.1_i386.deb
dac8ddd02a19dc014d089354a930f2c5 18553118 libdevel extra
libwxgtk2.6-dbg_2.6.3.2.2-3.1_i386.deb
b1840b9f12db5668df36faa7d941f984 4932676 python optional
python-wxgtk2.6_2.6.3.2.2-3.1_i386.deb
bc6b219c7883bb6280c42bbe34019406 18671496 python extra
python-wxgtk2.6-dbg_2.6.3.2.2-3.1_i386.deb
b1208182d657ee787788d8a9cbbbd0be 48322 devel optional
wx-common_2.6.3.2.2-3.1_i386.deb
bfb9897db940675cdfe4a22e3614ea20 898994 devel optional
wx2.6-headers_2.6.3.2.2-3.1_i386.deb
918151645b0aa5f8309213911af3f9ee 23684 python optional
python-wxversion_2.6.3.2.2-3.1_all.deb
935823bfcc57b46b4417b550d0cd772f 18838 python optional
python-wxtools_2.6.3.2.2-3.1_all.deb
2257f75b6f93359b34553681affdb0b2 669032 libs optional
wx2.6-i18n_2.6.3.2.2-3.1_all.deb
be1765dcc4a2f2800bd4827836c9057d 1253708 doc optional
wx2.6-doc_2.6.3.2.2-3.1_all.deb
57242ed321ef57bd9c095c245a64bb82 3630090 devel optional
wx2.6-examples_2.6.3.2.2-3.1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkrHXSwACgkQNxpp46476apVzQCfeGl6xxJGz+uJ8WyNklUr34wl
p34AoJKxqrS/Oc49YVGbXOBr66hX/xUA
=aNSZ
-----END PGP SIGNATURE-----
--- End Message ---
