Your message dated Fri, 25 Feb 2005 13:02:14 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#280134: fixed in libgd 1.8.4.debian-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 28 Oct 2004 09:48:50 +0000
>From [EMAIL PROTECTED] Thu Oct 28 02:48:49 2004
Return-path: <[EMAIL PROTECTED]>
Received: from box79162.elkhouse.de [213.9.79.162]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CN6tl-0002Oo-00; Thu, 28 Oct 2004 02:48:49 -0700
Received: from martin by box79162.elkhouse.de with local (Exim 4.34)
id 1CN6tk-0003f1-N6; Thu, 28 Oct 2004 11:48:48 +0200
Date: Thu, 28 Oct 2004 11:48:48 +0200
From: Martin Pitt <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: CAN-2004-0990: integer and buffer overflows
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="3MwIy2ne0vdjdPXF"
Content-Disposition: inline
X-Reportbug-Version: 2.63
User-Agent: Mutt/1.5.6+20040722i
Sender: Martin Pitt <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
--3MwIy2ne0vdjdPXF
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Package: libgd2
Version: 2.0.28-3
Severity: critical
Tags: security
Justification: breaks unrelated software
Hi!
libgd2 is apparently vulnerable to CAN-2004-0990. Please see=20
http://www.securityfocus.com/archive/1/379382/2004-10-24/2004-10-30/0
for details.
Thanks,
Martin
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.7
Locale: LANG=3Dde_DE.UTF-8, LC_CTYPE=3Dde_DE.UTF-8
--=20
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntulinux.org
Debian GNU/Linux Developer http://www.debian.org
--3MwIy2ne0vdjdPXF
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBgMCADecnbV4Fd/IRAmyDAKCBL9FMmPmwjWsH6ybTurAJS8QFIwCggS/u
ogZMO3WkUvOWXV3ug4VbFW4=
=62zy
-----END PGP SIGNATURE-----
--3MwIy2ne0vdjdPXF--
---------------------------------------
Received: (at 280134-close) by bugs.debian.org; 25 Feb 2005 18:08:32 +0000
>From [EMAIL PROTECTED] Fri Feb 25 10:08:32 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1D4jtA-0005eg-00; Fri, 25 Feb 2005 10:08:32 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1D4jn4-0007C7-00; Fri, 25 Feb 2005 13:02:14 -0500
From: Jonas Smedegaard <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#280134: fixed in libgd 1.8.4.debian-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Fri, 25 Feb 2005 13:02:14 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Source: libgd
Source-Version: 1.8.4.debian-1
We believe that the bug you reported is fixed in the latest version of
libgd, which is due to be installed in the Debian FTP archive:
libgd-dev_1.8.4.debian-1_all.deb
to pool/main/libg/libgd/libgd-dev_1.8.4.debian-1_all.deb
libgd-noxpm-dev_1.8.4.debian-1_powerpc.deb
to pool/main/libg/libgd/libgd-noxpm-dev_1.8.4.debian-1_powerpc.deb
libgd-xpm-dev_1.8.4.debian-1_powerpc.deb
to pool/main/libg/libgd/libgd-xpm-dev_1.8.4.debian-1_powerpc.deb
libgd1-noxpm_1.8.4.debian-1_powerpc.deb
to pool/main/libg/libgd/libgd1-noxpm_1.8.4.debian-1_powerpc.deb
libgd1-xpm_1.8.4.debian-1_powerpc.deb
to pool/main/libg/libgd/libgd1-xpm_1.8.4.debian-1_powerpc.deb
libgd1_1.8.4.debian-1_all.deb
to pool/main/libg/libgd/libgd1_1.8.4.debian-1_all.deb
libgd_1.8.4.debian-1.diff.gz
to pool/main/libg/libgd/libgd_1.8.4.debian-1.diff.gz
libgd_1.8.4.debian-1.dsc
to pool/main/libg/libgd/libgd_1.8.4.debian-1.dsc
libgd_1.8.4.debian.orig.tar.gz
to pool/main/libg/libgd/libgd_1.8.4.debian.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jonas Smedegaard <[EMAIL PROTECTED]> (supplier of updated libgd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 25 Feb 2005 17:53:54 +0100
Source: libgd
Binary: libgd-dev libgd-noxpm-dev libgd1 libgd1-noxpm libgd-xpm-dev libgd1-xpm
Architecture: source powerpc all
Version: 1.8.4.debian-1
Distribution: unstable
Urgency: low
Maintainer: Jonas Smedegaard <[EMAIL PROTECTED]>
Changed-By: Jonas Smedegaard <[EMAIL PROTECTED]>
Description:
libgd-dev - GD Graphics Library (transitional package)
libgd-noxpm-dev - GD Graphics Library (old version, without XPM support)
libgd-xpm-dev - GD Graphics Library (old version)
libgd1 - GD Graphics Library (transitional package)
libgd1-noxpm - GD Graphics Library (old version, without XPM support)
libgd1-xpm - GD Graphics Library (old version)
Closes: 280134 280920 283844
Changes:
libgd (1.8.4.debian-1) unstable; urgency=low
.
* Use non-pristine source: Strip compiled code from source tarball.
* Acknowledge NMU. Closes: bug#280134, #283844 (thanks to Martin Pitt
<[EMAIL PROTECTED]>, Frank Lichtenheld <[EMAIL PROTECTED]> and Steve
Kemp <[EMAIL PROTECTED]>).
* Repackage using cdbs:
+ Build-depend on cdbs and tighten debhelper build-dependency.
+ Use debhelper.mk and makefile-vars.mk snippets.
+ Use local cdbs snippet buildinfo.mk (runs dh_buildinfo only once).
+ Isolate patches using simple-patchsys.mk as
- 01_CAN-2004-0941.patch
- 02_fix_64bit.patch
- 03_fix_freetype_linkage.patch
* Cleaned up debian/copyright:
+ Replace info contained in changelog with note on "GNU systems".
+ Declare each topic more strictly.
+ Mention "licensing info" together with copyright.
* Hardcode version in watch file, due to the tweaked source tarball.
* Fix typo in conflicts. Closes: bug#280920 (thanks to Lionel Elie
Mamane <[EMAIL PROTECTED]> and Niko Tyni <[EMAIL PROTECTED]>).
Files:
ad3d7e27c5cd3e8b5f3e1f71ddb21ff8 784 oldlibs optional libgd_1.8.4.debian-1.dsc
17cd172cfc7345b9002896ae92e7cfb2 254543 oldlibs optional
libgd_1.8.4.debian.orig.tar.gz
6be9c46e9093821ee477d459fc2311d9 12090 oldlibs optional
libgd_1.8.4.debian-1.diff.gz
94f31bbdfc7fcb410cca21d8715c7b93 71706 oldlibs optional
libgd1_1.8.4.debian-1_all.deb
62f21c74f42f503dad9ce2662a993dd8 71706 oldlibs extra
libgd-dev_1.8.4.debian-1_all.deb
b429711e91a78bde973f92b7b2b1142a 114046 oldlibs optional
libgd1-noxpm_1.8.4.debian-1_powerpc.deb
514e97b49b89876e797245a0c7d06ab0 114482 oldlibs optional
libgd1-xpm_1.8.4.debian-1_powerpc.deb
485bbb2036957a07493217d1888ca230 121892 oldlibs extra
libgd-noxpm-dev_1.8.4.debian-1_powerpc.deb
d64d5cd1dd37bdf3da2acb2c796a6857 121884 oldlibs extra
libgd-xpm-dev_1.8.4.debian-1_powerpc.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCH2Wcn7DbMsAkQLgRAnF5AJ9GtypCZa1DaN2M6iVBjzteAl6tBQCfQOKn
P3yTUganpako+C5w8y8Fm7E=
=Dn4H
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
