Your message dated Mon, 02 Jan 2017 18:17:09 +0000
with message-id <[email protected]>
and subject line Bug#849038: fixed in libgd2 2.1.0-5+deb8u8
has caused the Debian Bug report #849038,
regarding libgd2: CVE-2016-9933: imagefilltoborder stackoverflow on truecolor
images
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
849038: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849038
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libgd2
Severity: serious
Tags: security
Hi,
the following vulnerability was published for libgd2.
CVE-2016-9933[0]:
imagefilltoborder stackoverflow on truecolor images
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-9933
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9933
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: libgd2
Source-Version: 2.1.0-5+deb8u8
We believe that the bug you reported is fixed in the latest version of
libgd2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated libgd2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 01 Jan 2017 17:18:01 +0100
Source: libgd2
Binary: libgd-tools libgd-dev libgd3 libgd-dbg libgd2-xpm-dev libgd2-noxpm-dev
Architecture: source
Version: 2.1.0-5+deb8u8
Distribution: jessie-security
Urgency: high
Maintainer: GD team <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 849038
Description:
libgd-dbg - Debug symbols for GD Graphics Library
libgd-dev - GD Graphics Library (development version)
libgd-tools - GD command line tools and example code
libgd2-noxpm-dev - GD Graphics Library (transitional package)
libgd2-xpm-dev - GD Graphics Library (transitional package)
libgd3 - GD Graphics Library
Changes:
libgd2 (2.1.0-5+deb8u8) jessie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2016-9933: gdImageFillToBorder stack-overflow when invalid color is
used (Closes: #849038)
Checksums-Sha1:
8199f04ca4d038dc847ee9119171e91b53b8db35 2506 libgd2_2.1.0-5+deb8u8.dsc
98e54c80f88572aed7ea4146249d5991dcf188c6 46360
libgd2_2.1.0-5+deb8u8.debian.tar.xz
Checksums-Sha256:
21156b41a28c1803d60408e7e671abdc8ee40c17eda68bd5189c0bf0c41b7288 2506
libgd2_2.1.0-5+deb8u8.dsc
577300429012cdfcdd16528bbc14c7a3b90172f8b40cfb873ef50019bbf22638 46360
libgd2_2.1.0-5+deb8u8.debian.tar.xz
Files:
051f3c39007e8342995bcd3945e972bd 2506 graphics optional
libgd2_2.1.0-5+deb8u8.dsc
ef681ba90f9d18d1784ad446b236b71a 46360 graphics optional
libgd2_2.1.0-5+deb8u8.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlhpLWxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89ExlgP/jvGTnTdl1PtCnMeKWJjQEA34GwDHVe9
Fqp+RwxL07N8yFgpKPBaqVYJEnbVnXKgZNUH3QotozI8ufCFYhDgiJuVbm/GU4gV
gbdS8xq96VnJ+Qoo12ONaprhbbP0A6CEwP/XqOZTk3SzMcEwMdH4++x1Bpp3nxVB
Unnt7aLpNElvTujjqbdiffEHfjE8R1SMnJIvM7e+CfGZxDiRAWkYyRJjAXMhyF9T
FlGbyMsib6/Ff339qEo+hbj2HwSrpEvJ92S6mQgqoCzt3dcQLPASxOSCeOgxbs92
fpdWS/UB1hTxmZri6SZ3L1BoqYXma6cB0wjSRQ9NZaACGksDbOi200cqgtugOLT8
PugEdP1BDWVAen3MGYQO5WlaeP9TCNdiST64MLqQJ54p9FTVla3AD+S7VeKyNfcU
x0e3nRVB0tt0UxsZUNJdqR8loEKRqb+eoL9S5Xa+l+tbDx8BaQSQ7iXSbkbGPyRu
kZHiB8J/oQ0dMX0Uoci/+/C1xtA6FahuLT1y0VuVRy2hDxOyN5h9NhCZRvpVKbmr
b7g9foH56e3giyh/O8vaPBo6A58pxaCSXkEenm8BZA/rKZL+SfJMIxkHF1e8UD4o
t3zK7eKVMPSINROCJsmi0bonUPTR3oTQdPTucYmSLaIuiBAi11depW0qpifgZOTT
EtxjkJrAgkQg
=kfhu
-----END PGP SIGNATURE-----
--- End Message ---
