Your message dated Thu, 17 Dec 2009 00:58:53 +0000
with message-id <[email protected]>
and subject line Bug#537174: fixed in wxwidgets2.6 2.6.3.2.2-3+lenny1
has caused the Debian Bug report #537174,
regarding CVE-2009-2369: Integer overflow in the wxImage::Create function
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
537174: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=537174
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: wxwidgets2.8
Severity: grave
Tags: security patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for wxwidgets2.8.
CVE-2009-2369[0]:
| Integer overflow in the wxImage::Create function in
| src/common/image.cpp in wxWidgets 2.8.10 allows attackers to cause a
| denial of service (crash) and possibly execute arbitrary code via a
| crafted JPEG file, which triggers a heap-based buffer overflow. NOTE:
| the provenance of this information is unknown; the details are
| obtained solely from third party information.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2369
http://security-tracker.debian.net/tracker/CVE-2009-2369
Patch:
http://trac.wxwidgets.org/changeset/60875
http://trac.wxwidgets.org/changeset/60876
http://trac.wxwidgets.org/changeset/60897
Cheers,
Giuseppe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkpeI6IACgkQNxpp46476ao5awCgjQl+5bM8qo94jOMVtWpZyGAK
5toAnjAKmNUXAkPypElmQY1l0q30hFZ3
=Comj
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: wxwidgets2.6
Source-Version: 2.6.3.2.2-3+lenny1
We believe that the bug you reported is fixed in the latest version of
wxwidgets2.6, which is due to be installed in the Debian FTP archive:
libwxbase2.6-0_2.6.3.2.2-3+lenny1_i386.deb
to main/w/wxwidgets2.6/libwxbase2.6-0_2.6.3.2.2-3+lenny1_i386.deb
libwxbase2.6-dbg_2.6.3.2.2-3+lenny1_i386.deb
to main/w/wxwidgets2.6/libwxbase2.6-dbg_2.6.3.2.2-3+lenny1_i386.deb
libwxbase2.6-dev_2.6.3.2.2-3+lenny1_i386.deb
to main/w/wxwidgets2.6/libwxbase2.6-dev_2.6.3.2.2-3+lenny1_i386.deb
libwxgtk2.6-0_2.6.3.2.2-3+lenny1_i386.deb
to main/w/wxwidgets2.6/libwxgtk2.6-0_2.6.3.2.2-3+lenny1_i386.deb
libwxgtk2.6-dbg_2.6.3.2.2-3+lenny1_i386.deb
to main/w/wxwidgets2.6/libwxgtk2.6-dbg_2.6.3.2.2-3+lenny1_i386.deb
libwxgtk2.6-dev_2.6.3.2.2-3+lenny1_i386.deb
to main/w/wxwidgets2.6/libwxgtk2.6-dev_2.6.3.2.2-3+lenny1_i386.deb
python-wxgtk2.6-dbg_2.6.3.2.2-3+lenny1_i386.deb
to main/w/wxwidgets2.6/python-wxgtk2.6-dbg_2.6.3.2.2-3+lenny1_i386.deb
python-wxgtk2.6_2.6.3.2.2-3+lenny1_i386.deb
to main/w/wxwidgets2.6/python-wxgtk2.6_2.6.3.2.2-3+lenny1_i386.deb
python-wxtools_2.6.3.2.2-3+lenny1_all.deb
to main/w/wxwidgets2.6/python-wxtools_2.6.3.2.2-3+lenny1_all.deb
python-wxversion_2.6.3.2.2-3+lenny1_all.deb
to main/w/wxwidgets2.6/python-wxversion_2.6.3.2.2-3+lenny1_all.deb
wx-common_2.6.3.2.2-3+lenny1_i386.deb
to main/w/wxwidgets2.6/wx-common_2.6.3.2.2-3+lenny1_i386.deb
wx2.6-doc_2.6.3.2.2-3+lenny1_all.deb
to main/w/wxwidgets2.6/wx2.6-doc_2.6.3.2.2-3+lenny1_all.deb
wx2.6-examples_2.6.3.2.2-3+lenny1_all.deb
to main/w/wxwidgets2.6/wx2.6-examples_2.6.3.2.2-3+lenny1_all.deb
wx2.6-headers_2.6.3.2.2-3+lenny1_i386.deb
to main/w/wxwidgets2.6/wx2.6-headers_2.6.3.2.2-3+lenny1_i386.deb
wx2.6-i18n_2.6.3.2.2-3+lenny1_all.deb
to main/w/wxwidgets2.6/wx2.6-i18n_2.6.3.2.2-3+lenny1_all.deb
wxwidgets2.6_2.6.3.2.2-3+lenny1.diff.gz
to main/w/wxwidgets2.6/wxwidgets2.6_2.6.3.2.2-3+lenny1.diff.gz
wxwidgets2.6_2.6.3.2.2-3+lenny1.dsc
to main/w/wxwidgets2.6/wxwidgets2.6_2.6.3.2.2-3+lenny1.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Giuseppe Iuculano <[email protected]> (supplier of updated wxwidgets2.6
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 17 Sep 2009 20:18:37 +0200
Source: wxwidgets2.6
Binary: libwxbase2.6-0 libwxbase2.6-dev libwxbase2.6-dbg libwxgtk2.6-0
libwxgtk2.6-dev libwxgtk2.6-dbg python-wxgtk2.6 python-wxgtk2.6-dbg
python-wxversion python-wxtools wx-common wx2.6-headers wx2.6-i18n wx2.6-doc
wx2.6-examples libwxmsw2.6-dev libwxmsw2.6-dbg wx2.6-headers-msw
Architecture: source i386 all
Version: 2.6.3.2.2-3+lenny1
Distribution: stable-security
Urgency: high
Maintainer: Ron Lee <[email protected]>
Changed-By: Giuseppe Iuculano <[email protected]>
Description:
libwxbase2.6-0 - wxBase library (runtime) - non-GUI support classes of
wxWidgets t
libwxbase2.6-dbg - wxBase library (debug) - non-GUI support classes of
wxWidgets too
libwxbase2.6-dev - wxBase library (development) - non-GUI support classes of
wxWidge
libwxgtk2.6-0 - wxWidgets Cross-platform C++ GUI toolkit (GTK+ runtime)
libwxgtk2.6-dbg - wxWidgets Cross-platform C++ GUI toolkit (GTK+ development)
libwxgtk2.6-dev - wxWidgets Cross-platform C++ GUI toolkit (GTK+ development)
libwxmsw2.6-dbg - wxMSW mingw32msvc-cross (debug)
libwxmsw2.6-dev - wxMSW mingw32msvc-cross
python-wxgtk2.6 - wxWidgets Cross-platform C++ GUI toolkit (wxPython binding)
python-wxgtk2.6-dbg - wxWidgets Cross-platform C++ GUI toolkit (wxPython
binding, debug
python-wxtools - wxWidgets Cross-platform C++ GUI toolkit (wxPython common
files)
python-wxversion - wxWidgets Cross-platform C++ GUI toolkit (wxPython version
select
wx-common - wxWidgets Cross-platform C++ GUI toolkit (common support files)
wx2.6-doc - wxWidgets Cross-platform C++ GUI toolkit (documentation)
wx2.6-examples - wxWidgets Cross-platform C++ GUI toolkit (examples)
wx2.6-headers - wxWidgets Cross-platform C++ GUI toolkit (header files)
wx2.6-headers-msw - Extra wxWidgets headers for mingw32msvc-cross
wx2.6-i18n - wxWidgets Cross-platform C++ GUI toolkit (i18n support)
Closes: 537174
Changes:
wxwidgets2.6 (2.6.3.2.2-3+lenny1) stable-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fixed Integer overflow in the wxImage::Create function.
(CVE-2009-2369) (Closes: #537174)
Checksums-Sha1:
9faa9fe4682f45b9c935b2bd43135f84954338af 1582
wxwidgets2.6_2.6.3.2.2-3+lenny1.dsc
62b541cb35bd4a80778368f8ee33f73faf0d67fa 15136648
wxwidgets2.6_2.6.3.2.2.orig.tar.gz
924a28e9a5a0dbe36ef9bf6bc88ba76c33c0feef 117286
wxwidgets2.6_2.6.3.2.2-3+lenny1.diff.gz
b30038dfca5152a156aadd47172cd2ed3175b6cb 553214
libwxbase2.6-0_2.6.3.2.2-3+lenny1_i386.deb
b40306d6d733889dc24b538004c85a342935cb53 37312
libwxbase2.6-dev_2.6.3.2.2-3+lenny1_i386.deb
aeed165f0fbb9a5db1276996c59496cd114c8e5e 3025296
libwxbase2.6-dbg_2.6.3.2.2-3+lenny1_i386.deb
0c50bdb09d8de0821f52b67f0bc7519bee0d8070 2791368
libwxgtk2.6-0_2.6.3.2.2-3+lenny1_i386.deb
40dd3d6043c39a96e1aca1294f40378905e0e7d4 37572
libwxgtk2.6-dev_2.6.3.2.2-3+lenny1_i386.deb
840e5e93661f1b8a4312ef7891a64580ee236907 18528676
libwxgtk2.6-dbg_2.6.3.2.2-3+lenny1_i386.deb
4e041b8c6b2ffb4b68b3f69f1a7200d13faf7acd 4957894
python-wxgtk2.6_2.6.3.2.2-3+lenny1_i386.deb
5111014a1713a4c3df13b5e7d435385dd4c78542 18693586
python-wxgtk2.6-dbg_2.6.3.2.2-3+lenny1_i386.deb
71e381eebad230dc74c93e11e1644081d84a9576 48538
wx-common_2.6.3.2.2-3+lenny1_i386.deb
790318b5ae9c5776b0e5f1b978a9d780856b3ed0 898950
wx2.6-headers_2.6.3.2.2-3+lenny1_i386.deb
38b0c511143a3a59eaf7fd58eda7016a3fd9201d 23578
python-wxversion_2.6.3.2.2-3+lenny1_all.deb
f0e65d99b286cc4759351d2960d3e2d7b26eff93 18820
python-wxtools_2.6.3.2.2-3+lenny1_all.deb
5b10389bfaf53449982396ce45e7b2fd0840886b 668962
wx2.6-i18n_2.6.3.2.2-3+lenny1_all.deb
2e2b21c935119bb5f87f2470c6b4e7dc98837be1 1253844
wx2.6-doc_2.6.3.2.2-3+lenny1_all.deb
c16e72d1a14f3662ee4768a2fc3e425a415e2bda 3630132
wx2.6-examples_2.6.3.2.2-3+lenny1_all.deb
Checksums-Sha256:
7031c4b9c963c48ad968f9607eb54a4cf139a291cb699676a4b8a895741f13cc 1582
wxwidgets2.6_2.6.3.2.2-3+lenny1.dsc
ed443432fba1fcbaa6d90b9d9cc0248aed1dec0f15e159f95f470f5ca009efda 15136648
wxwidgets2.6_2.6.3.2.2.orig.tar.gz
1a7688336a75075469c096a8953029f3d3b0795fb052b03d63cb9e140fb71248 117286
wxwidgets2.6_2.6.3.2.2-3+lenny1.diff.gz
2acd8fef83287515d74486d3bcc272bab40e72409960746854210d8c5e95d082 553214
libwxbase2.6-0_2.6.3.2.2-3+lenny1_i386.deb
6aff53c1972288c634d8d8e7075ec528e3e7e35a800862f192a34f4d4819aa91 37312
libwxbase2.6-dev_2.6.3.2.2-3+lenny1_i386.deb
15e8c8dd654a7045faf4c0411536a047cd180d983140c52133e041caef454611 3025296
libwxbase2.6-dbg_2.6.3.2.2-3+lenny1_i386.deb
db88ecb0e2eeaaa120b5b85a45f22a8ddd41159239356aa0d5c59d2bc7f0fdc9 2791368
libwxgtk2.6-0_2.6.3.2.2-3+lenny1_i386.deb
7664a2006fb08e3a0a902fe25f0a7322e59e5a514dcf9b0750442d34c5ed49bb 37572
libwxgtk2.6-dev_2.6.3.2.2-3+lenny1_i386.deb
5a1c341a868019a61c547f5b9f5f682d72719b776f1f3f3043e4bde4336f8470 18528676
libwxgtk2.6-dbg_2.6.3.2.2-3+lenny1_i386.deb
93944246f67ca3370d0418d39125195bfcbdeac28d2ee38bc5ee32bbfef209ec 4957894
python-wxgtk2.6_2.6.3.2.2-3+lenny1_i386.deb
cb3cf94939a91b4d44ae6f5f904346fbfa86265032b0021dfb3a768de49dddf2 18693586
python-wxgtk2.6-dbg_2.6.3.2.2-3+lenny1_i386.deb
ffbc4a06b465c4ab43841fe4b2f0ba998e797f22927552c92e418828387cbe68 48538
wx-common_2.6.3.2.2-3+lenny1_i386.deb
373c246d796a6507e638fc6723a7c172b87e32d85d6c995467e2761b1694b022 898950
wx2.6-headers_2.6.3.2.2-3+lenny1_i386.deb
0ba80fbe1e2c5da7ae17c64e6b37ace5aa72d4c2a7d874d1838d449f4430f128 23578
python-wxversion_2.6.3.2.2-3+lenny1_all.deb
71f77a16ee8653c7773d069b36518a3b3f1ec6f64f844fb13d0cb89547975251 18820
python-wxtools_2.6.3.2.2-3+lenny1_all.deb
bcf512424e033b0076185f7b0407c5dde3a99e7f72c329114e5a8a57512e975c 668962
wx2.6-i18n_2.6.3.2.2-3+lenny1_all.deb
5ab71d43827e924263699ed6c6142a88f852d04fff759506aceb838902704c7e 1253844
wx2.6-doc_2.6.3.2.2-3+lenny1_all.deb
ae8a9372691492d6a76d77cb74a2f07cb731b25b0db996e6c59b83e272328c48 3630132
wx2.6-examples_2.6.3.2.2-3+lenny1_all.deb
Files:
e375d8ab0c7603bf7920325d9ba81af7 1582 libs optional
wxwidgets2.6_2.6.3.2.2-3+lenny1.dsc
c07edbcab40c4a6ebd47df0cf3337ba8 15136648 libs optional
wxwidgets2.6_2.6.3.2.2.orig.tar.gz
15784243277609fbe69e759ce207202c 117286 libs optional
wxwidgets2.6_2.6.3.2.2-3+lenny1.diff.gz
071a1fddbf369258acc17583621241df 553214 libs optional
libwxbase2.6-0_2.6.3.2.2-3+lenny1_i386.deb
e6f409b022f41044b3181329038e85d0 37312 libdevel optional
libwxbase2.6-dev_2.6.3.2.2-3+lenny1_i386.deb
737d0f2dd26a8313785103502b23ba65 3025296 libdevel extra
libwxbase2.6-dbg_2.6.3.2.2-3+lenny1_i386.deb
f32064d8be5c08a42ff43ab7e6922f30 2791368 libs optional
libwxgtk2.6-0_2.6.3.2.2-3+lenny1_i386.deb
de43e58b721735a10d8cacbd42335eac 37572 libdevel optional
libwxgtk2.6-dev_2.6.3.2.2-3+lenny1_i386.deb
f41d3c66aa94ccd8dbf7080b20ef8ced 18528676 libdevel extra
libwxgtk2.6-dbg_2.6.3.2.2-3+lenny1_i386.deb
efb4d0486379f1198553ce049fe42e8b 4957894 python optional
python-wxgtk2.6_2.6.3.2.2-3+lenny1_i386.deb
a793df0f92efe8acdbfc1f71b841c542 18693586 python extra
python-wxgtk2.6-dbg_2.6.3.2.2-3+lenny1_i386.deb
8e8dadd5bba0773aa9c6561d6c745d19 48538 devel optional
wx-common_2.6.3.2.2-3+lenny1_i386.deb
ac9485a1b970b7c0b049207adff00e8b 898950 devel optional
wx2.6-headers_2.6.3.2.2-3+lenny1_i386.deb
04401a9faaa01cf7c950809003bca164 23578 python optional
python-wxversion_2.6.3.2.2-3+lenny1_all.deb
17be0a766774f7c211129a56d713f9ea 18820 python optional
python-wxtools_2.6.3.2.2-3+lenny1_all.deb
f369c5bf561b02b02efc0ee869ccd0d5 668962 libs optional
wx2.6-i18n_2.6.3.2.2-3+lenny1_all.deb
d328e6b75e39de240d311b09aada31dc 1253844 doc optional
wx2.6-doc_2.6.3.2.2-3+lenny1_all.deb
512b7502b701952bc756dccac0e44fc6 3630132 devel optional
wx2.6-examples_2.6.3.2.2-3+lenny1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkqzhWgACgkQ62zWxYk/rQeAxwCfXV+JVz4wAH/01/ooSROVqAzt
wK4AoKnrFqfR8lW1qAE9GqoPQh6cbfvb
=1gLi
-----END PGP SIGNATURE-----
--- End Message ---
