Your message dated Fri, 29 May 2015 18:47:22 +0000
with message-id <[email protected]>
and subject line Bug#786785: fixed in exactimage 0.8.5-5+deb7u4
has caused the Debian Bug report #786785,
regarding exactimage: CVE-2015-3885: input sanitization flaw leading to buffer
overflow
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
786785: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786785
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: exactimage
Version: 0.8.5-1
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for exactimage.
CVE-2015-3885[0]:
| Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier
| allows remote attackers to cause a denial of service (crash) via a
| crafted image, which triggers a buffer overflow, related to the len
| variable.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-3885
[1] http://www.ocert.org/advisories/ocert-2015-006.html
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: exactimage
Source-Version: 0.8.5-5+deb7u4
We believe that the bug you reported is fixed in the latest version of
exactimage, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sven Eckelmann <[email protected]> (supplier of updated exactimage package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 25 May 2015 17:57:23 +0200
Source: exactimage
Binary: exactimage edisplay exactimage-dbg libexactimage-perl php5-exactimage
python-exactimage
Architecture: source amd64
Version: 0.8.5-5+deb7u4
Distribution: wheezy
Urgency: high
Maintainer: Daniel Stender <[email protected]>
Changed-By: Sven Eckelmann <[email protected]>
Description:
edisplay - fast image manipulation programs (image viewer)
exactimage - fast image manipulation programs
exactimage-dbg - fast image manipulation library (debug symbols)
libexactimage-perl - fast image manipulation library (Perl bindings)
php5-exactimage - fast image manipulation library (PHP bindings)
python-exactimage - fast image manipulation library (Python bindings)
Closes: 786785
Changes:
exactimage (0.8.5-5+deb7u4) wheezy; urgency=high
.
* Fix CVE-2015-3885: Integer overflow in the ljpeg_start function in dcraw
* debian/patches:
- Add CVE-2015-3885.patch, Avoid overflow in ljpeg_start()
(Closes: #786785)
- Add draw_jpeg_fix.patch, Fix execution order of ljpeg_start() and
result check
Checksums-Sha1:
2ce5cdb8758a299b969d2eeb95ee366db8ec1104 2433 exactimage_0.8.5-5+deb7u4.dsc
5e0bc72eba401f89322f7486c3a2604152a9c618 30708
exactimage_0.8.5-5+deb7u4.debian.tar.gz
3b95d79f227ddd9dab08ae439eb6a5e432380b39 4283024
exactimage_0.8.5-5+deb7u4_amd64.deb
a59b607f039cc32aa88d5aecbd2fa290266ee189 616454
edisplay_0.8.5-5+deb7u4_amd64.deb
ef50c8195519b239d6ae57df91fb5c827e2e6440 24285318
exactimage-dbg_0.8.5-5+deb7u4_amd64.deb
a5022d80d5a4a02e19f4185e752b8a1ea7a0694e 727284
libexactimage-perl_0.8.5-5+deb7u4_amd64.deb
9b9b73d0f9783af4bfbcdab8f6b23076f62666cc 709942
php5-exactimage_0.8.5-5+deb7u4_amd64.deb
3c81b9388502d717b406260c7e301a26cb1b47bd 1408500
python-exactimage_0.8.5-5+deb7u4_amd64.deb
Checksums-Sha256:
06e8b75ff322b5c96b9e9949916a561076a54de322d5fbde186266dd0175b274 2433
exactimage_0.8.5-5+deb7u4.dsc
7487a084b00fddbcc41dc92e798940dc668bf7d2f7188b74d09445b81f8acb04 30708
exactimage_0.8.5-5+deb7u4.debian.tar.gz
adcd4874dc0dc4ea8413eb2cc4a6fa36579f1986b92d4865e2dbdbc663ef82a2 4283024
exactimage_0.8.5-5+deb7u4_amd64.deb
0fcad1ead28fdd3c5d93b9e1b9e7e385dee4d619f4adfea3f2e9f1e4f0f0b47c 616454
edisplay_0.8.5-5+deb7u4_amd64.deb
3d2a812fd5d8ed96cbb652996903422ed92a627c904278ac8fcb8d1c9bbe3202 24285318
exactimage-dbg_0.8.5-5+deb7u4_amd64.deb
c361c99e401a31f6a3529a4c61ac5a1c64def0d362e691d5acbffb4204d9a9c8 727284
libexactimage-perl_0.8.5-5+deb7u4_amd64.deb
22dbf7ddf2c22bd534b1ceed506db6ec28b2ee1e3c131bdd02b5d8b766497d1c 709942
php5-exactimage_0.8.5-5+deb7u4_amd64.deb
c64af2a78df9b1af79d8809a4b8864d7bae2134ababaa77f81a1513c8343d381 1408500
python-exactimage_0.8.5-5+deb7u4_amd64.deb
Files:
39d788b8846334d0ab8d61d43d32dad6 2433 graphics optional
exactimage_0.8.5-5+deb7u4.dsc
a47d98fb12c7811a30745f099f124264 30708 graphics optional
exactimage_0.8.5-5+deb7u4.debian.tar.gz
dff887afc3a69de7ec4ffdf893e8398d 4283024 graphics optional
exactimage_0.8.5-5+deb7u4_amd64.deb
94a1d432bdf1c4ff7e391840957f5a45 616454 graphics optional
edisplay_0.8.5-5+deb7u4_amd64.deb
0baf69d2fd629b2d9202df8e210ef979 24285318 debug extra
exactimage-dbg_0.8.5-5+deb7u4_amd64.deb
9f05becc47afe7205331be1cca7df276 727284 perl optional
libexactimage-perl_0.8.5-5+deb7u4_amd64.deb
80497ac17272c94818fe4c5040d5d336 709942 php optional
php5-exactimage_0.8.5-5+deb7u4_amd64.deb
248cde9fb2cca80b67570a10e0040203 1408500 python optional
python-exactimage_0.8.5-5+deb7u4_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJVZNUFAAoJEF2HCgfBJntGg3QQAIRCaLsoyq5OOeCVdBdHMFIs
AJKmCIwTj9mdhEPNWXbqPi++qSKmj3CHn7G2k1BSYzLe2J0g0+3lUeN98HWzYCTb
7R5srrqj3JgojbSZWnRehxXWz+1wy4ie+z3+rmPkRv22nN03NkjhHxVO2nJ8cApb
8x7k5OAyxZEQBBPyH2MAIpTG8r49pOCyx2whWBbANrYIPpOfytMKsur5KDD55VUg
07IkYZ2BYGkLGPM6y+y7URn6pS12EClUP2QqPi9QdSQecWl/4RQu5e2FkzMMrPDn
LbOkURM/DkzGPt0OHgJlv6MfuM6OCy1z+HGG+dC9DORy+kLRuKd7+04Yqo1KRAPK
xjKJcJOmGGGjSSMsGxM4IFohU+FrUgauVFJqHTMj/epsJrtR/tJyUn5qcJl+FA72
d0O9fVHlkYJxM+HxqA6yqq2dvXp2PO7CKTIfZDhY5rssJIyS0tVL809zhKRhNBnD
9pHPaqdmstFdQiOYY3za7BY0ZeNiE9HtxMvETZ+CEVk7nFP1dj24yqBMuBQ7qutp
lJJsK9DCxRFPs95BEfA8i1JSymUjJcl9ec4Gax8O7gHe5x6Z5Sbq415SbxF02oQ8
eLSFwWkArumG0D/2oOFwzgepQ+VvvWcmrf0Af4XJPjxwS4vjVESlqdHpJ/OlBu/W
21tQHkjbmJkSappVgsOD
=0a4b
-----END PGP SIGNATURE-----
--- End Message ---
