Your message dated Mon, 22 Oct 2007 19:56:18 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#439927: fixed in t1lib 5.0.2-3sarge1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: php5
Tags: security
Hi,
A security issue has been reported against the GD extension in PHP:
> Buffer overflow in php_gd2.dll in the gd (PHP_GD2) extension in PHP 5.2.3
> allows context-dependent attackers to execute arbitrary code via a long
> argument to the imagepsloadfont function.
I've tried to assess whether Debian is vulnerable to this, but cannot come to
a definitive "yes" or "no". Could you please investigate?
thanks
Thijs
pgpW0nTIBqAg4.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: t1lib
Source-Version: 5.0.2-3sarge1
We believe that the bug you reported is fixed in the latest version of
t1lib, which is due to be installed in the Debian FTP archive:
libt1-5_5.0.2-3sarge1_i386.deb
to pool/main/t/t1lib/libt1-5_5.0.2-3sarge1_i386.deb
libt1-dev_5.0.2-3sarge1_i386.deb
to pool/main/t/t1lib/libt1-dev_5.0.2-3sarge1_i386.deb
libt1-doc_5.0.2-3sarge1_all.deb
to pool/main/t/t1lib/libt1-doc_5.0.2-3sarge1_all.deb
t1lib-bin_5.0.2-3sarge1_i386.deb
to pool/main/t/t1lib/t1lib-bin_5.0.2-3sarge1_i386.deb
t1lib_5.0.2-3sarge1.diff.gz
to pool/main/t/t1lib/t1lib_5.0.2-3sarge1.diff.gz
t1lib_5.0.2-3sarge1.dsc
to pool/main/t/t1lib/t1lib_5.0.2-3sarge1.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Noah Meyerhans <[EMAIL PROTECTED]> (supplier of updated t1lib package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 13 Oct 2007 17:43:21 -0400
Source: t1lib
Binary: t1lib-bin libt1-5 libt1-doc libt1-dev
Architecture: source all i386
Version: 5.0.2-3sarge1
Distribution: oldstable-security
Urgency: high
Maintainer: [EMAIL PROTECTED]
Changed-By: Noah Meyerhans <[EMAIL PROTECTED]>
Description:
libt1-5 - Type 1 font rasterizer library - runtime
libt1-dev - Type 1 font rasterizer library - development
libt1-doc - Type 1 font rasterizer library - developers documentation
t1lib-bin - Type 1 font rasterizer library - user binaries
Closes: 439927
Changes:
t1lib (5.0.2-3sarge1) oldstable-security; urgency=high
.
* Non-maintainer upload by the security team
* Apply patch from Artur R. Czechowski to fix CVE-2007-4033.
(Closes: #439927)
Files:
d82a7a9aaeca3868a1c01f3588a59137 717 libs optional t1lib_5.0.2-3sarge1.dsc
cc5d4130b25bb8a1c930488b78930e9b 1697086 libs optional t1lib_5.0.2.orig.tar.gz
73b04c0083681da97813ced3783dbd02 315328 libs optional
t1lib_5.0.2-3sarge1.diff.gz
9f58a16450cc7c2ccd7477cc04c30fac 607008 doc optional
libt1-doc_5.0.2-3sarge1_all.deb
e65ca2e30180f0ed3d9eadc6cc62216d 144334 libs optional
libt1-5_5.0.2-3sarge1_i386.deb
ad6838104a95c3a9f6933cdb072abaee 171504 libdevel optional
libt1-dev_5.0.2-3sarge1_i386.deb
68660615bdbb04de7c79c56efcfe4e96 53630 misc optional
t1lib-bin_5.0.2-3sarge1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHET0VYrVLjBFATsMRAsjMAJ9OgdyYZHyEll9Ymw2lQIL2psSDTQCfTF9e
AnThZYryTGfS3n3Gom2agSA=
=8OBx
-----END PGP SIGNATURE-----
--- End Message ---
