Your message dated Sun, 29 Jan 2017 15:02:09 +0000
with message-id <[email protected]>
and subject line Bug#852627: fixed in lcms2 2.6-3+deb8u1
has caused the Debian Bug report #852627,
regarding lcms2: CVE-2016-10165: heap OOB read parsing crafted ICC profile
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
852627: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852627
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: lcms2
Version: 2.6-3
Severity: important
Tags: upstream security patch
Hi,
the following vulnerability was published for lcms2.
CVE-2016-10165[0]:
heap OOB read parsing crafted ICC profile
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-10165
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10165
[1]
https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1367357
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: lcms2
Source-Version: 2.6-3+deb8u1
We believe that the bug you reported is fixed in the latest version of
lcms2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated lcms2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 27 Jan 2017 14:26:09 +0100
Source: lcms2
Binary: liblcms2-dev liblcms2-dbg liblcms2-2 liblcms2-utils
Architecture: source
Version: 2.6-3+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Oleksandr Moskalenko <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 852627
Description:
liblcms2-2 - Little CMS 2 color management library
liblcms2-dbg - debugging symbols for lcms2
liblcms2-dev - Little CMS 2 color management library development headers
liblcms2-utils - Little CMS 2 color management library (utilities)
Changes:
lcms2 (2.6-3+deb8u1) jessie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Added an extra check to MLU bounds (CVE-2016-10165) (Closes: #852627)
Checksums-Sha1:
4f224392dbd873c6045719b118c0e84a069efbf5 2287 lcms2_2.6-3+deb8u1.dsc
b0ecee5cb8391338e6c281d1c11dcae2bc22a5d2 4583389 lcms2_2.6.orig.tar.gz
7246c59c3789eaf44153b9ddf5c7ce2edfcd653d 2416964
lcms2_2.6-3+deb8u1.debian.tar.xz
Checksums-Sha256:
c81475db156883e857dd6c456e8a22e6554c6fb0f8e47622915a76d716d1ee5e 2287
lcms2_2.6-3+deb8u1.dsc
5172528839647c54c3da211837225e221be93e4733f5b5e9f57668f7107e14b1 4583389
lcms2_2.6.orig.tar.gz
81fcf1658e51d55408143e91b1c3469a63f3b4607e92604bd8a18dd8d6435d05 2416964
lcms2_2.6-3+deb8u1.debian.tar.xz
Files:
7ed1522f3eb21ad3be15dcea4efe9947 2287 libs optional lcms2_2.6-3+deb8u1.dsc
f4c08d38ceade4a664ebff7228910a33 4583389 libs optional lcms2_2.6.orig.tar.gz
b248aaeafb724ef63686102e3a2285cf 2416964 libs optional
lcms2_2.6-3+deb8u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAliLTWhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89Ef3AP/0rqMzueIkDpty4GIFiWSm5/luLxaBQl
q4/QFy+YDP2eCbRxA1U+7Tly1I4BdPb0vXlDxm70dcKKHGrKN238+z+2AvfQEuVg
r82jpi4MdEpRzJeDSdG1DaMn4uBHR7qfjMSN5HtV2iIrLLi9yCSvqN8CdK7GCseZ
ivBDONOY7im/rFOEzn11VMcw2vrS6rpFJqB+Q9h9nK4kF34PJyjz1mOjrIeHxg0y
LlptrBzMvYPGDi2xRBjlOK9T/+aJBkempHKieMAZ60bGJ9T+iyRpyY4hDRDBd4in
tzAJ2CL4w02wfyOZKNCNfQW2zW3ucPjZRJb6SFUMizO8Pw4Yk8ux05QoDNTglR9o
I0ZLajl75FkOk7nGdsPu0AL+t0vb/5hYyHzGJtkDOM+qH65ZCRBBQNrTIb/iGZaR
UGLRO17gg2BCuLaKVj6+sb4FoR3SwfI/WuOaFqXLofI4xrgocn33EroFx13qWMvF
nQwKuWxA2OO+7SXH5hCBuokF4Akv0RCA77HXddyeYOXRxRSCTs5mtgwaa0+fNrtv
msBSP8CpwoeIpYBmwCc2qewN1vlqtqoNmiYaggwrsfwMIEPBxgTrdVOceK1g3H7z
72/A92b/euYBcEjmflw0WrAVSZMUkpKMHYA0/KX4qAcWciPFmK46ehDwM1Fiq548
S4tsNmWSARyY
=bNov
-----END PGP SIGNATURE-----
--- End Message ---
