Your message dated Sun, 30 Aug 2009 01:54:47 +0000
with message-id <[email protected]>
and subject line Bug#535909: fixed in camlimages 2.20-8+etch1
has caused the Debian Bug report #535909,
regarding camlimages: CVE-2009-2295 several integer overflows
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
535909: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535909
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
package: camlimages
version: 2.20-8
severity: serious
tags: security
hello,
camlimages is vulnerable to several integer overflows [1]. this has
not yet been fixed upstream, but has been addressed by redhat [2].
[1] http://www.ocert.org/advisories/ocert-2009-009.html
[2] https://bugzilla.redhat.com/show_bug.cgi?id=509531
--- End Message ---
--- Begin Message ---
Source: camlimages
Source-Version: 2.20-8+etch1
We believe that the bug you reported is fixed in the latest version of
camlimages, which is due to be installed in the Debian FTP archive:
camlimages_2.20-8+etch1.diff.gz
to pool/main/c/camlimages/camlimages_2.20-8+etch1.diff.gz
camlimages_2.20-8+etch1.dsc
to pool/main/c/camlimages/camlimages_2.20-8+etch1.dsc
libcamlimages-ocaml-dev_2.20-8+etch1_i386.deb
to pool/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_i386.deb
libcamlimages-ocaml-doc_2.20-8+etch1_all.deb
to pool/main/c/camlimages/libcamlimages-ocaml-doc_2.20-8+etch1_all.deb
libcamlimages-ocaml_2.20-8+etch1_i386.deb
to pool/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Stefano Zacchiroli <[email protected]> (supplier of updated camlimages package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 07 Jul 2009 13:51:06 +0200
Source: camlimages
Binary: libcamlimages-ocaml libcamlimages-ocaml-doc libcamlimages-ocaml-dev
Architecture: source i386 all
Version: 2.20-8+etch1
Distribution: oldstable-security
Urgency: low
Maintainer: Debian OCaml Maintainers <[email protected]>
Changed-By: Stefano Zacchiroli <[email protected]>
Description:
libcamlimages-ocaml - OCaml image processing library
libcamlimages-ocaml-dev - OCaml image processing library
libcamlimages-ocaml-doc - OCaml CamlImages library documentation
Closes: 535909
Changes:
camlimages (2.20-8+etch1) oldstable-security; urgency=low
.
* Add patch fix_integer_overflows to fix integer overflow with PNG
images boundaries (CVE-2009-2295) (Closes: #535909)
Files:
0407fcb4b885258c0b81e979e03df7c4 1196 devel optional
camlimages_2.20-8+etch1.dsc
d933eb58c7983f70b1a000fa01893aa4 1385525 devel optional
camlimages_2.20.orig.tar.gz
1616ade3176c67bc862f7672d4c056dd 8737 devel optional
camlimages_2.20-8+etch1.diff.gz
578f54fe1370704e0bc80dfdf8a20049 599282 doc optional
libcamlimages-ocaml-doc_2.20-8+etch1_all.deb
480002667928107c5a379008abcb6710 24224 libs optional
libcamlimages-ocaml_2.20-8+etch1_i386.deb
483bf540a811aa854565ec26f0812de0 772576 libdevel optional
libcamlimages-ocaml-dev_2.20-8+etch1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJKWLHuAAoJECIIoQCMVaAcJ6kH/i6y8nbJLtUddB6CrS3TrA9T
FnZELQakh9jlPWNCFqg+sT1gyk7kmi2hk1IpVeb91aHcchsUEtbUDWeIGui+xzoR
oVEiv+EubopBbzTwNr/NG0a64cItHlLJpn4SZcxacVFwiMSIpQIlrX+EX0eQ4JGD
yDuiybKEBhk5S97oA87O0zu41h2GcVRCQFxjeAERucdOj+7HfXDKaXQ3f5JjiJoQ
EBkTSy2OINj++ET5i2AJ7c5/70ncuNxwHch0AWBT0jwkE1DJjy057DOx8z/boMRi
WGZ1F0Ob0HUuKrW6+0BiCM86TxWPmhOi7yuAt7pbqpbSMifMAJXtqfn3Gt6NW7I=
=GqKH
-----END PGP SIGNATURE-----
--- End Message ---
