Your message dated Sat, 08 Mar 2025 05:04:25 +0000
with message-id <[email protected]>
and subject line Bug#1069062: fixed in golang-github-disintegration-imaging
1.6.2-3
has caused the Debian Bug report #1069062,
regarding golang-github-disintegration-imaging: CVE-2023-36308
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1069062: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069062
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: golang-github-disintegration-imaging
X-Debbugs-CC: [email protected]
Severity: normal
Tags: security
Hi,
The following vulnerability was published for
golang-github-disintegration-imaging.
CVE-2023-36308[0]:
| disintegration Imaging 1.6.2 allows attackers to cause a panic
| (because of an integer index out of range during a Grayscale call)
| via a crafted TIFF file to the scan function of scanner.go. NOTE: it
| is unclear whether there are common use cases in which this panic
| could have any security consequence
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-36308
https://www.cve.org/CVERecord?id=CVE-2023-36308
Please adjust the affected versions in the BTS as needed.
Kind regards,
Maytham
signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---
Source: golang-github-disintegration-imaging
Source-Version: 1.6.2-3
Done: Maytham Alsudany <[email protected]>
We believe that the bug you reported is fixed in the latest version of
golang-github-disintegration-imaging, which is due to be installed in the
Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Maytham Alsudany <[email protected]> (supplier of updated
golang-github-disintegration-imaging package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 08 Mar 2025 12:46:38 +0800
Source: golang-github-disintegration-imaging
Architecture: source
Version: 1.6.2-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team <[email protected]>
Changed-By: Maytham Alsudany <[email protected]>
Closes: 1069062
Changes:
golang-github-disintegration-imaging (1.6.2-3) unstable; urgency=medium
.
* Team upload
* Fix vulnerability that allows attackers to cause a panic via a crafted
TIFF file to the scan function of scanner.go (CVE-2023-36308)
(Closes: #1069062)
* d/watch: bump version to 4
* d/control: bump Standards-Version to 4.7.2 (no changes)
Checksums-Sha1:
3b16127e0b77eeb34af28e669d3613fcdeaa9f0b 2364
golang-github-disintegration-imaging_1.6.2-3.dsc
94abec64c9dacc9567a2ca9f8f5ece29d3c308a8 3720
golang-github-disintegration-imaging_1.6.2-3.debian.tar.xz
856cea39f2621cccc68eae5fb3837f32bb49d7ee 6112
golang-github-disintegration-imaging_1.6.2-3_amd64.buildinfo
Checksums-Sha256:
ac70c4fdd9188f31b0163021cf449d03f972c72678084c2c625e619994161164 2364
golang-github-disintegration-imaging_1.6.2-3.dsc
bc54e2d0156748d8ec5f114e4219edcc6a0ddd00a4ce26bc8338c96d34e8c2e0 3720
golang-github-disintegration-imaging_1.6.2-3.debian.tar.xz
edf280436ff6f21693bb2e1d22fd2d229baf3c21bf031e85a72b83444157bf94 6112
golang-github-disintegration-imaging_1.6.2-3_amd64.buildinfo
Files:
8359d53c0dbcbc3705dd8e82bd55ff09 2364 golang optional
golang-github-disintegration-imaging_1.6.2-3.dsc
1925815c9984ffb0f51ae183c8969ab8 3720 golang optional
golang-github-disintegration-imaging_1.6.2-3.debian.tar.xz
a6a0152d68a4bd2d7f9e9c70b32b00c1 6112 golang optional
golang-github-disintegration-imaging_1.6.2-3_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEESl/RzRFQh8wD3DXB1ZeJcgbF8H8FAmfLzIYACgkQ1ZeJcgbF
8H9kMA//ROuUh2D/2e2kITywhfRRquIhjDRQIBjuBV1NBBfwFN/xpueVcltjd+4j
qowZ9Bvzifi1ZXPJczO7oWKZCjBCgKLR+MxQ3kjL8obGh3whLPzd4uW16w9OSYQJ
ZODlqk7oRvILHMJOuFVlmVxP37HqBt7v2bjC7dNgmmfgvbQxyy7/gRBO/rmW/+aH
3h1S/US4JWCcMzB6HlBGjZSbGLMfQwrjkM/kXwtzPWQMX8Rb5j3mF3RJ6j5zRDjd
QhYSQr3bAmeVPV1zCm5/+GQjJcBRKYvZLqr8rgj6jQ2IsPg/rKTKpknROe4uT9yl
JPoCDzYzpNwOqTVXa28FW1W7k0ZTcLojA/uf+necKElUdi+L0YYee1eV//uFDyOI
dipH+/zvNfLmEk41R4f40AfrLwAwg8zfHWxS8NNV95s+64oqafuYAe3rMOJKNRn2
Zc3ONtCFatoAR5XGLR5WVffLxmmviZKqgxAAsoe0IMDjirHXArje3cwhHW41nEAs
DMxfZlaUeSeuxtW76goZwlcl3EE5bt2y2RCf2Ik5vdZTGEpvFeFY1toIWoHBylbA
DxFTqOA2/lKZ4uvJNuT7ODkgTYVL3Jbocs0Wn57JxvLgNWiz6EAY6ZrbmLEmkmUH
Lprb5depNwIeoj67MAerjS+XftvTpvVJQKIu5vUnzznke4Feiek=
=4wwq
-----END PGP SIGNATURE-----
pgpFyigcRAppe.pgp
Description: PGP signature
--- End Message ---
