Bug#569060: marked as done (Stack-based buffer overflow in XPM reader (CVE-2009-4274))

Sun, 20 Jun 2010 06:06:21 -0700 

Your message dated Sun, 20 Jun 2010 13:05:23 +0000
with message-id <[email protected]>
and subject line Bug#569060: fixed in netpbm-free 2:10.0-12.2
has caused the Debian Bug report #569060,
regarding Stack-based buffer overflow in XPM reader (CVE-2009-4274)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
569060: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=569060
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: netpbm
Version: 2:10.0-12

A vulnerability in the XPM reader has been discovered:

http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/converter/ppm/xpmtoppm.c?view=patch&r1=995&r2=1076&pathrev=1076

https://bugzilla.redhat.com/show_bug.cgi?id=546580

This should be fixed for (old)stable, perhaps via s-p-u.

--- End Message ---
--- Begin Message --- 
Source: netpbm-free
Source-Version: 2:10.0-12.2

We believe that the bug you reported is fixed in the latest version of
netpbm-free, which is due to be installed in the Debian FTP archive:

libnetpbm10-dev_10.0-12.2_amd64.deb
  to main/n/netpbm-free/libnetpbm10-dev_10.0-12.2_amd64.deb
libnetpbm10_10.0-12.2_amd64.deb
  to main/n/netpbm-free/libnetpbm10_10.0-12.2_amd64.deb
libnetpbm9-dev_10.0-12.2_amd64.deb
  to main/n/netpbm-free/libnetpbm9-dev_10.0-12.2_amd64.deb
libnetpbm9_10.0-12.2_amd64.deb
  to main/n/netpbm-free/libnetpbm9_10.0-12.2_amd64.deb
netpbm-free_10.0-12.2.diff.gz
  to main/n/netpbm-free/netpbm-free_10.0-12.2.diff.gz
netpbm-free_10.0-12.2.dsc
  to main/n/netpbm-free/netpbm-free_10.0-12.2.dsc
netpbm_10.0-12.2_amd64.deb
  to main/n/netpbm-free/netpbm_10.0-12.2_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nico Golde <[email protected]> (supplier of updated netpbm-free package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 20 Jun 2010 14:27:25 +0200
Source: netpbm-free
Binary: netpbm libnetpbm10 libnetpbm10-dev libnetpbm9 libnetpbm9-dev
Architecture: source amd64
Version: 2:10.0-12.2
Distribution: unstable
Urgency: high
Maintainer: Andreas Barth <[email protected]>
Changed-By: Nico Golde <[email protected]>
Description: 
 libnetpbm10 - Graphics conversion tools shared libraries
 libnetpbm10-dev - Graphics conversion tools development libraries and header 
files
 libnetpbm9 - Shared libraries for netpbm (v9)
 libnetpbm9-dev - Development libraries and header files (v9)
 netpbm     - Graphics conversion tools between image formats
Closes: 569060
Changes: 
 netpbm-free (2:10.0-12.2) unstable; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fix stack-based buffer overflow when processing XPM
     image header fields. This can result in the execution
     of arbitrary code (CVE-2009-4274; Closes: #569060)
Checksums-Sha1: 
 0d0ba511e14a1df06d72478241e4e3c089476d2b 1323 netpbm-free_10.0-12.2.dsc
 2a2c2ecab3d8395ea186be07f3632bfafb9431ad 53748 netpbm-free_10.0-12.2.diff.gz
 2d58d14d9970ed473da5e9818aaa227a4957f9a3 1351558 netpbm_10.0-12.2_amd64.deb
 6da92cecd1908f9fdcbc890a6e5a40ab486e6024 93230 libnetpbm10_10.0-12.2_amd64.deb
 44dd013d52390aafe44db970c791fe08ed96a9ee 144438 
libnetpbm10-dev_10.0-12.2_amd64.deb
 ef566ae039540f40957a7caaa59dd90ffd2be1a1 102276 libnetpbm9_10.0-12.2_amd64.deb
 add685296516524e683b5ee458d220006fbe6d11 145110 
libnetpbm9-dev_10.0-12.2_amd64.deb
Checksums-Sha256: 
 5002611baf6d235daa4c60ae811f00b8bce9b634cf11ec1b2987f958052900fc 1323 
netpbm-free_10.0-12.2.dsc
 c27f7749646b3014ea864ee1e5f8f27bb640d60b4599e44e6295ce5b879d5967 53748 
netpbm-free_10.0-12.2.diff.gz
 2f0f33429f6eff4310c0e2078f09f64a233b25a1b1214140b138e12575f19d3c 1351558 
netpbm_10.0-12.2_amd64.deb
 0c6ff79cc4cfcdcedbe7c472d75a3d3d70e440ffc8378a167cc9d8a0d440ffb6 93230 
libnetpbm10_10.0-12.2_amd64.deb
 7f8bc4ec4efbbe5de7124b85d8b2e8e064f750019f3c9f50fd466d403991a610 144438 
libnetpbm10-dev_10.0-12.2_amd64.deb
 e6693f67b03d23d5ad94dcefb51eb5ed7e4372316fcb3c60cda28012f5e250ef 102276 
libnetpbm9_10.0-12.2_amd64.deb
 ef59ccb4dbd0b5227f910baf7287aeb10debed2fbc2fcf98f9f52e6506476069 145110 
libnetpbm9-dev_10.0-12.2_amd64.deb
Files: 
 e3f273522cb048db36671e267c6d74fb 1323 graphics optional 
netpbm-free_10.0-12.2.dsc
 a557272863cca93146993c03f1786c6b 53748 graphics optional 
netpbm-free_10.0-12.2.diff.gz
 8df5209254733683e107458bcb47e97b 1351558 graphics optional 
netpbm_10.0-12.2_amd64.deb
 076a35938af6e5e1b5bc19ac2eebb2a5 93230 libs optional 
libnetpbm10_10.0-12.2_amd64.deb
 3548e4dddf643e0204b9371796c2476f 144438 libdevel optional 
libnetpbm10-dev_10.0-12.2_amd64.deb
 1f3c7ba0281586435d2940948a9b864c 102276 libs optional 
libnetpbm9_10.0-12.2_amd64.deb
 96179dbbad66496fbea5bb9c8926233f 145110 libdevel optional 
libnetpbm9-dev_10.0-12.2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkweDLUACgkQHYflSXNkfP/xBQCdE/8d38ORjU9OmvX4QdkhylWz
GWgAniuG/gPEsiLtdd0o1AQCuo6Cm1Cy
=rvLa
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to