Your message dated Sun, 20 Dec 2020 18:47:09 +0000
with message-id <[email protected]>
and subject line Bug#976350: fixed in pngcheck 2.3.0-7+deb10u1
has caused the Debian Bug report #976350,
regarding pngcheck: CVE-2020-27818
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
976350: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976350
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: pngcheck
Version: 2.3.0-12
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 2.3.0-7

Hi,

The following vulnerability was published for pngcheck.

CVE-2020-27818[0]:
| global buffer overflow was discovered in check_chunk_name function
| via crafted pngfile

Red Hat has a report in [1] and fixed their releases with [2].

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2020-27818
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27818
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1902011
[2] 
https://src.fedoraproject.org/rpms/pngcheck/blob/cc48791e34201caf7b686084b735d06cef66c974/f/pngcheck-2.4.0-overflow-bz1897485.patch

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: pngcheck
Source-Version: 2.3.0-7+deb10u1
Done: David da Silva Polverari <[email protected]>

We believe that the bug you reported is fixed in the latest version of
pngcheck, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
David da Silva Polverari <[email protected]> (supplier of updated 
pngcheck package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 08 Dec 2020 18:54:24 +0000
Source: pngcheck
Architecture: source
Version: 2.3.0-7+deb10u1
Distribution: buster
Urgency: high
Maintainer: Jari Aalto <[email protected]>
Changed-By: David da Silva Polverari <[email protected]>
Closes: 976350
Changes:
 pngcheck (2.3.0-7+deb10u1) buster; urgency=high
 .
   * debian/patches/60-fix-buffer-overflow.patch: added to fix CVE-2020-27818.
     Thanks to Salvatore Bonaccorso <[email protected]>. (Closes: #976350)
Checksums-Sha1:
 893329eadadcbf2f8ad3b406f44712eeb7d15c77 1890 pngcheck_2.3.0-7+deb10u1.dsc
 0224658fc5d0d6a7de0c4ae0dfa65c2c149d8bf5 7300 
pngcheck_2.3.0-7+deb10u1.debian.tar.xz
Checksums-Sha256:
 c9b6e6ada5555995bf7440ba1e894365d888cded011037c68784e94131471403 1890 
pngcheck_2.3.0-7+deb10u1.dsc
 812c4e4bd6285049ccb93e84a5e76805a141dc80e94395463cb6fda40bf33bf5 7300 
pngcheck_2.3.0-7+deb10u1.debian.tar.xz
Files:
 1e9b2054f3dff06a4153ffc33cac324a 1890 graphics optional 
pngcheck_2.3.0-7+deb10u1.dsc
 7a3c6ca458feeee4d1c94644f7b63ec1 7300 graphics optional 
pngcheck_2.3.0-7+deb10u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEZaEt9P4xrWusTXauM1X01jtYIcwFAl/P7B8ACgkQM1X01jtY
IcydfRAArwLRnPq1CMfVrXrjwUr6JIjxq/ueQbqXK38P3C/Tds6cXR386nJgUX56
v8WTyzWv6sTUvqs0nxZmzlsC69GdplBt9mgEVgmgIyWUzH/mTi7i27Xnt9lymhxQ
O/ciAlUT/dNpXHiAUdQGEZG1jLo66IjJCynu7NXIblHjtlsHm5XudWcdhgWy6Od2
5OmJkCdus30V3KFedtQvrdAadhCxLMccwIYRrPOxgT9z89Hbf9HpdjetYj73A4yV
Eptkju+EvA/SXFy07Z+BM/XgiTeRgMbvfzZPpu8EjQVg20ONVaQByZnjfBIndOvg
WB7g1WfSLpwivzoXWvWBEKzFXUGGKkIbNeRpzq743ZsbAmlhp8cBpjy/prDvwXbT
PMIfeXzoA38lsZogzsujjIhVAo9ZLnEjZ1HsVE1Zy8kKM0k80IR11LhXdlc2rWIB
a/+4kvRezjogl8ja3ccoMENAV3X20TjEumS7QPaLngzZvwImc/ZjdBPbyWebcvb2
ISnBhk+qqCUvoDmIDTT9/ARVmdmeItgrsYwn4zNhoQFO2JD1TpnP+e1qgvw6WeCS
UiPUwQY4h0w2OkLKQkL1moGH7DHh1cx+KtdT91pTIIoRkpoqtPSAagEgCUO7OOAj
ueYMA2kl9QhnZzqljTyNslQsaKu+GLIjTJYFkD6fyqPx9XEnhGk=
=Z717
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to