Your message dated Tue, 23 Jun 2015 19:32:09 +0000
with message-id <[email protected]>
and subject line Bug#786783: fixed in ufraw 0.20-2+deb8u1
has caused the Debian Bug report #786783,
regarding ufraw: CVE-2015-3885: input sanitization flaw leading to buffer
overflow
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
786783: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786783
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: ufraw
Version: 0.18-1
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for ufraw.
CVE-2015-3885[0]:
| Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier
| allows remote attackers to cause a denial of service (crash) via a
| crafted image, which triggers a buffer overflow, related to the len
| variable.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-3885
[1] http://www.ocert.org/advisories/ocert-2015-006.html
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ufraw
Source-Version: 0.20-2+deb8u1
We believe that the bug you reported is fixed in the latest version of
ufraw, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hubert Chathi <[email protected]> (supplier of updated ufraw package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 26 May 2015 14:44:00 -0400
Source: ufraw
Binary: ufraw ufraw-batch gimp-ufraw
Architecture: source amd64
Version: 0.20-2+deb8u1
Distribution: jessie
Urgency: high
Maintainer: Hubert Chathi <[email protected]>
Changed-By: Hubert Chathi <[email protected]>
Description:
gimp-ufraw - gimp importer for raw camera images
ufraw - standalone importer for raw camera images
ufraw-batch - batch importer for raw camera images
Closes: 786783
Changes:
ufraw (0.20-2+deb8u1) jessie; urgency=high
.
* dcraw.cc: Apply patch from
https://bugzilla.redhat.com/attachment.cgi?id=1027072&action=diff to
prevent buffer overflow in ljpeg_start (Closes: #786783, CVE-2015-3885)
Checksums-Sha1:
c536cdda86bb1ac276d9f6da20cdb0bd49487d5b 1931 ufraw_0.20-2+deb8u1.dsc
d7dc89143c2da690d593e6edf090487989ca3b58 8840 ufraw_0.20-2+deb8u1.diff.gz
Checksums-Sha256:
5a6a20b01963f3d868dfffdf7845e22bc6cc7c6431e116bf44c915ecb732ad16 1931
ufraw_0.20-2+deb8u1.dsc
a42287baa3a92be11aaa8556ec7beb7b8889d5fbdb5cc10f8eaba6b9f976ebd4 8840
ufraw_0.20-2+deb8u1.diff.gz
Files:
5c3fbece7d1da65f118620ce782cbba6 1931 graphics optional ufraw_0.20-2+deb8u1.dsc
b4d40a1db2f4027ac2eaf3d0e847ca29 8840 graphics optional
ufraw_0.20-2+deb8u1.diff.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJVhxBuAAoJEAVMuPMTQ89EzMkQAIHsAV2yELXeYJP5G39QSYgt
pSYxeZDhiYGUjUYycb2CfHn7zqwnh7LkGRln7vDygrFhffyXuh9NKkoVou0+9wM/
5y4Z/d02TIE9bPZlx3ZGsg/Ns4BCoB/l6N93oMWev/Slb2FMoh61/uYcOsJA+Qjt
a9O+jDfzOBwsXQxEpVaoP/uAlem6Ike+ASlzNEBH6j4CXysPZPMwXvUMqdvX8e4R
o4a43OHThqfI8W1CbG+VhUkQrP8kLvVl8uGIRWhf4YBPcSuLpJI15jX61VhAi4Od
CinvSzFO6rb3jkkC05Ui7pe6WrNzlYzKgW58ycUcnGuB/SVvoWF0p+L+PSfIWiXY
nqyNQjnxowO4vwEXIfnZpUiOkR1CeSZY+h/cO0dDvzchsIZviARU0aj7V6EpmRhL
qMwq/w4Qh2I9kAimElm7SBpfmP91rWOHGUsk7nz+PL3UgtnfYBn5KFT67mothZAP
fesMzP1JfhOizWnqehRqsXsJ7pW+gWDGM0f+JYGg46RvN3Z3u0BnFrv6D0qo02on
g/kgrrVpo/xAY/RjJMH8Fc56zOd8zh/VXjdC8pJNVCTNX8QPNj4miVi7ax+xTMfa
VAyKazC8SYeBV1qWRi2FWPppXU9Y4x0fjbGQ78CUF87yERoSDUHjoXlNvhGbqpHk
zdv8XP4kVTWK6YKR78pG
=8VgE
-----END PGP SIGNATURE-----
--- End Message ---
