Your message dated Fri, 27 Jan 2017 06:34:29 +0000
with message-id <[email protected]>
and subject line Bug#852627: fixed in lcms2 2.8-4
has caused the Debian Bug report #852627,
regarding lcms2: CVE-2016-10165: heap OOB read parsing crafted ICC profile
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
852627: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852627
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: lcms2
Version: 2.6-3
Severity: important
Tags: upstream security patch
Hi,
the following vulnerability was published for lcms2.
CVE-2016-10165[0]:
heap OOB read parsing crafted ICC profile
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-10165
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10165
[1]
https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1367357
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: lcms2
Source-Version: 2.8-4
We believe that the bug you reported is fixed in the latest version of
lcms2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Weber <[email protected]> (supplier of updated lcms2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 26 Jan 2017 11:04:13 +0100
Source: lcms2
Binary: liblcms2-dev liblcms2-2 liblcms2-utils
Architecture: source amd64
Version: 2.8-4
Distribution: unstable
Urgency: medium
Maintainer: Thomas Weber <[email protected]>
Changed-By: Thomas Weber <[email protected]>
Description:
liblcms2-2 - Little CMS 2 color management library
liblcms2-dev - Little CMS 2 color management library development headers
liblcms2-utils - Little CMS 2 color management library (utilities)
Closes: 852627
Changes:
lcms2 (2.8-4) unstable; urgency=medium
.
* New patch: debian/patches/fix-CVE-2016-10165.patch.
Fix for CVE-2016-10165. (Closes: #852627)
Thanks to Salvatore Bonaccorso <[email protected]>
Checksums-Sha1:
db35ab89e699efac02068d89474edf51f652cab2 1997 lcms2_2.8-4.dsc
11da097e9a5197a06586779c57c71dbdd1f98941 11036 lcms2_2.8-4.debian.tar.xz
92a7e15cbee8740a90d71c24eedce3de8e40c035 5741 lcms2_2.8-4_amd64.buildinfo
efb72002e269559e3931da5cbc00f24893daf860 381106
liblcms2-2-dbgsym_2.8-4_amd64.deb
e59e9e40a115b4bf6e145e7afaf858771196e01f 142742 liblcms2-2_2.8-4_amd64.deb
187ae16412eeaa5b4ecbdbdb6ff8038cefc74633 4865774 liblcms2-dev_2.8-4_amd64.deb
dc32d5917baebbb1dc4b4ae420f906f9777f23bb 110252
liblcms2-utils-dbgsym_2.8-4_amd64.deb
5faf1e7eaffafdde06424bb74a217ebba12306f9 45918 liblcms2-utils_2.8-4_amd64.deb
Checksums-Sha256:
3b92900948848eef62fa91b78f6b6661bd84eae6c49c224248c7c48a09b5f028 1997
lcms2_2.8-4.dsc
50c0040fc92e1f2ca27740f608ae248acdd5b21a633f34cf2fe4d66f1d05c4b4 11036
lcms2_2.8-4.debian.tar.xz
9ac6cf56a928970b48176880e644581c8d43f37735f569ac8109c75dbcb36ac4 5741
lcms2_2.8-4_amd64.buildinfo
7d8c49dbc1ce11a81b333df7774ec689365324186af0d6b0d9ce956f823fb0a1 381106
liblcms2-2-dbgsym_2.8-4_amd64.deb
006c3cc918c9465e40f30135770c1df0063907f5a39ce37986d23a6f5923166a 142742
liblcms2-2_2.8-4_amd64.deb
04aaa61a4d6c1fc3f2026fd329f8511bb02a98f0822b46eb7bd494c8096c6aad 4865774
liblcms2-dev_2.8-4_amd64.deb
3e67277e452dc5dbe284bed7d8cf89874122a93e39021ca4a46df2cc4bf95c96 110252
liblcms2-utils-dbgsym_2.8-4_amd64.deb
d6ce3114dcf5fbb67de377c2973a1f65a801425308b8136f0a9769d747160325 45918
liblcms2-utils_2.8-4_amd64.deb
Files:
9e684a18706a79f898d8f78f7b7121ef 1997 libs optional lcms2_2.8-4.dsc
d04c4a82155a18452a2a6e8cc6800892 11036 libs optional lcms2_2.8-4.debian.tar.xz
1a971ce688832a5be17e8e4eade7bcb6 5741 libs optional lcms2_2.8-4_amd64.buildinfo
5af3e6448485e8998b318a62fd01d73f 381106 debug extra
liblcms2-2-dbgsym_2.8-4_amd64.deb
c39491f350ff54e98afd82506bec7b0d 142742 libs optional
liblcms2-2_2.8-4_amd64.deb
aa3f20d12ade31e0aa2f4a478c6a0ffa 4865774 libdevel optional
liblcms2-dev_2.8-4_amd64.deb
92fbb57574e1598fe71c7c4266fe5a65 110252 debug extra
liblcms2-utils-dbgsym_2.8-4_amd64.deb
ab85db712385fa1ba8214d7f4c192087 45918 utils optional
liblcms2-utils_2.8-4_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXcRrV8dHdlRr8Kg5x/+TixwaPkkFAliK5nsACgkQx/+Tixwa
Pkl2lA/8D7+nemJgWWWGsO0AhCv8LVJOK1VpO/bHGWE6zA+PJjonPfrkF78z3NDf
ztl2tywZAE3NOr2zs2Bc9w9hqlABADWwXKAokGo1h3ZQ7xG0FjgBxv0c7HQzaBVl
6oy/95IB4/jkmJzmXEIEnuyfKHjAq8XixW9O95Pd9JpFWTtUHg9KegFu4ssbbvGW
VKxGCIYA5/bssCYVLIUARnybAW1nO30lKNx/bN6+x3yQyLHaAT5islqhhi/VH41V
EblP9s3R+r/OX/Y0AUQRXc4xvfdrzRoeX1ieTF7pHgRxZIT9AjcQkGql5ZYno6hL
2B0UW9G1zjYeqJm6IfExy4CxpX7RI5GnVvEFpuKU9NbM5BgipKyBR080jXjgn8H2
ZKhHS5ekNYY97nNGUvADBDuD9XvYdTvGtZrgNzXSnMxJaC94M0lJvW7uN057RJXY
6+6+4CQ6Etj2wF6nJfXyewIYO9atpHX/VYdb5s+qb6DQnh/El+TBKi/pRvRFZk80
91emduUTYJlHvTaZDPYGTsYp9NbVzK7/p4hPghNzVv2S4jB2xh/NNjwVBFu/TMJQ
mRwejxjkUW1U7Qam2eI3sRR546nqqwcKAjfzBLJEoDWb0HFg8wn/NwZeO6Sjz8WZ
8RTLC0N1NcrltfNy2MCDJKFFfj7cmQ+dJ/urK50sXL+iLQaazwM=
=fMpv
-----END PGP SIGNATURE-----
--- End Message ---
