Your message dated Tue, 02 Jun 2015 16:46:12 +0000
with message-id <[email protected]>
and subject line Bug#786783: fixed in ufraw 0.20-3
has caused the Debian Bug report #786783,
regarding ufraw: CVE-2015-3885: input sanitization flaw leading to buffer
overflow
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
786783: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786783
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: ufraw
Version: 0.18-1
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for ufraw.
CVE-2015-3885[0]:
| Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier
| allows remote attackers to cause a denial of service (crash) via a
| crafted image, which triggers a buffer overflow, related to the len
| variable.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-3885
[1] http://www.ocert.org/advisories/ocert-2015-006.html
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ufraw
Source-Version: 0.20-3
We believe that the bug you reported is fixed in the latest version of
ufraw, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hubert Chathi <[email protected]> (supplier of updated ufraw package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 26 May 2015 14:44:00 -0400
Source: ufraw
Binary: ufraw ufraw-batch gimp-ufraw
Architecture: source amd64
Version: 0.20-3
Distribution: unstable
Urgency: low
Maintainer: Hubert Chathi <[email protected]>
Changed-By: Hubert Chathi <[email protected]>
Description:
gimp-ufraw - gimp importer for raw camera images
ufraw - standalone importer for raw camera images
ufraw-batch - batch importer for raw camera images
Closes: 786783
Changes:
ufraw (0.20-3) unstable; urgency=low
.
* dcraw.cc: Apply patch from
https://bugzilla.redhat.com/attachment.cgi?id=1027072&action=diff to
prevent buffer overflow in ljpeg_start (Closes: #786783, CVE-2015-3885)
Checksums-Sha1:
7947edf9f0eb38d6d3a078eb7d4f4035f9a34bb7 1903 ufraw_0.20-3.dsc
e39dd73fbed08683ac92d0cf6761eb1586abf5a0 8824 ufraw_0.20-3.diff.gz
Checksums-Sha256:
a3e79709b90e66b25b5a50501182dce8a4f8f7a6fd5fff8a29bb24c0cfc9dfc0 1903
ufraw_0.20-3.dsc
826a5fe976363e57f463fa95c5f9973555f1521479f19aa2002c27e8da3dfcd5 8824
ufraw_0.20-3.diff.gz
Files:
d52ce068b1f35c6f986b9a132f53051b 1903 graphics optional ufraw_0.20-3.dsc
491d1a2fbc56f62df2bd035b7c660c95 8824 graphics optional ufraw_0.20-3.diff.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJVbcYYAAoJEAVMuPMTQ89EVKEP/iNYb+MacPRWZNoEEz/fq51P
jxBuSCDve7KsX0d/qzHYehcioUrhTI5xKn3jdVLs+vJ/3l4UNx3pagtx87nmRPNf
+TnU4pRR82K6EUmNyBCkX+2A9V/DUNFCXJcOJxUC1ji+7WgOc8wgUJBO4B26VH+j
GPDhoQkdpged7nZy/XZkZFFgBuHxRWhH7e5jl/CC2oJZO3N6vGpMmGr/qtRqJXg9
nPkddeL3FmJ64txKaKoW45C0lWIA6sA9+/zmTsXuJ5BNYXpBdD1vwyZAym/aoWJT
xvNqxeVPKG61TSyFlrAU5U2QfSAkVf/WGcfo6NzsvVEBjeskVT/G84GihAmPEFVu
tw4ZmU78m7Uf56MJAobl4IB09jqTCs4VRDAoagJ90nAwdZKPCpc6OOnJlZ78nbQ4
4+2jQLZXyYVP3MH5PnxQ/y/LfLT/DyWdFQCQkly+3J7NcktQH5kna/NXUtcu/XBp
pLtplQZGHGLDHQZIk9gmQ2NffBTmYqEu95hJFFbjtv8JUhygizuVxG+wkX7kfDYG
ddJ5SaTiHwtP/GoA8iyw0AGCQlyrj6/MSyJCs1AlxnS7wHpRLhl8SRp9TllwybKe
ZA2f+5JCxpDTVKJOQlSpmu3wmu6KdvT3w1E5mv13FhmGr0zIV9d5ESpVVpprcNFt
oT2Flzx9HhPPEYZ+faOx
=crdI
-----END PGP SIGNATURE-----
--- End Message ---
