Your message dated Tue, 19 Sep 2017 22:05:02 +0000
with message-id <[email protected]>
and subject line Bug#874552: fixed in gdk-pixbuf 2.36.10-1
has caused the Debian Bug report #874552,
regarding gdk-pixbuf: CVE-2017-2862: JPEG gdk_pixbuf__jpeg_image_load_increment 
Code Execution Vulnerability
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
874552: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874552
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: gdk-pixbuf
Version: 2.36.5-1
Severity: grave
Tags: upstream patch security
Forwarded: https://bugzilla.gnome.org/show_bug.cgi?id=784866

Hi,

the following vulnerability was published for gdk-pixbuf.

CVE-2017-2862[0]:
| An exploitable heap overflow vulnerability exists in the
| gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf
| 2.36.6. A specially crafted jpeg file can cause a heap overflow
| resulting in remote code execution. An attacker can send a file or url
| to trigger this vulnerability.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-2862
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2862
[1] https://bugzilla.gnome.org/show_bug.cgi?id=784866

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: gdk-pixbuf
Source-Version: 2.36.10-1

We believe that the bug you reported is fixed in the latest version of
gdk-pixbuf, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Emilio Pozuelo Monfort <[email protected]> (supplier of updated gdk-pixbuf 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 19 Sep 2017 23:39:30 +0200
Source: gdk-pixbuf
Binary: libgdk-pixbuf2.0-0 libgdk-pixbuf2.0-bin libgdk-pixbuf2.0-common 
libgdk-pixbuf2.0-dev libgdk-pixbuf2.0-doc libgdk-pixbuf2.0-0-udeb 
gir1.2-gdkpixbuf-2.0
Architecture: source
Version: 2.36.10-1
Distribution: unstable
Urgency: medium
Maintainer: Debian GNOME Maintainers 
<[email protected]>
Changed-By: Emilio Pozuelo Monfort <[email protected]>
Description:
 gir1.2-gdkpixbuf-2.0 - GDK Pixbuf library - GObject-Introspection
 libgdk-pixbuf2.0-0 - GDK Pixbuf library
 libgdk-pixbuf2.0-0-udeb - GDK Pixbuf library - minimal runtime (udeb)
 libgdk-pixbuf2.0-bin - GDK Pixbuf library (thumbnailer)
 libgdk-pixbuf2.0-common - GDK Pixbuf library - data files
 libgdk-pixbuf2.0-dev - GDK Pixbuf library (development files)
 libgdk-pixbuf2.0-doc - GDK Pixbuf library (documentation)
Closes: 874552 875704
Changes:
 gdk-pixbuf (2.36.10-1) unstable; urgency=medium
 .
   [ Jeremy Bicha ]
   * New upstream release 2.36.9.
   * Drop obsolete 0001-skip-perturb-for-cve-2015-4491-original-test.patch
   * debian/libgdk-pixbuf2.0-0.symbols: Add new symbol
 .
   [ Emilio Pozuelo Monfort ]
   * New upstream release 2.36.10.
     - CVE-2017-2862: fix code execution vulnerability in jpeg loader.
       Closes: #874552.
   * Switch to copyright format 1.0.
   * copyright: exclude non-free test ref images.
   * rules: drop obsolete dh_strip --dbgsym-migration switch.
   * postinst: make loaders.cache reproducible. Thanks Chris Lamb for the
     patch. Closes: #875704.
Checksums-Sha1:
 9b2275f6d86b4fc9a32b48b477ef161645a618d7 2925 gdk-pixbuf_2.36.10-1.dsc
 1d0a8e77214d59645473535f5efb2d7837d05750 5497116 gdk-pixbuf_2.36.10.orig.tar.xz
 4e866228368033ab943bf0df9574dc5c99a15610 13468 
gdk-pixbuf_2.36.10-1.debian.tar.xz
 7b568a4b5b52c4fb71b9fb52733aa57d9fbcd987 7811 
gdk-pixbuf_2.36.10-1_source.buildinfo
Checksums-Sha256:
 ef75ef876dc753c3454f6634a452385dd60404b8e3d4076a11cf60d51345245d 2925 
gdk-pixbuf_2.36.10-1.dsc
 9226eee3be46811d25e3f2d9a1267ad6d8e78d9af95d8bc68d6556e92f3f0aaf 5497116 
gdk-pixbuf_2.36.10.orig.tar.xz
 c2c77ec156d79af102d57d1cadbafac5d36dec9445fd7e1705f3d50884d51ebf 13468 
gdk-pixbuf_2.36.10-1.debian.tar.xz
 1ebdad2d2c77b861badbbf702f3a574d016c646ab70e8de30ad0d15fc5e7cf6a 7811 
gdk-pixbuf_2.36.10-1_source.buildinfo
Files:
 b20fb3c4d3b59b03e20ea3d22938de1d 2925 libs optional gdk-pixbuf_2.36.10-1.dsc
 db7251a0f639617b94de1a0616908e6a 5497116 libs optional 
gdk-pixbuf_2.36.10.orig.tar.xz
 62da12266104f6e39b4cbe3fcee9ad50 13468 libs optional 
gdk-pixbuf_2.36.10-1.debian.tar.xz
 11427115aface882ab2d93fda732568c 7811 libs optional 
gdk-pixbuf_2.36.10-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlnBjrAACgkQnUbEiOQ2
gwIalhAAtGgKq0bwpFQNRSBhWb3CaWLl2EmPjjCiEZ+BAGwIkcJaToavIXaC+bTs
RfydRQY7jBDwZQxDRM4Jh+d8shO0Kxot+soRFvpr+g017vgoZpg7spQnBL2QuxLr
4snIhjtlx/BKe48OkRt0w5wU2MPQ4RaS1hjCyAyv5PpNUps1cmOkjs7uuuyx6uoF
uEEvvmmwvUSQfCUMm7fklwVS1ZBxFFTPNvOtupiaAX1eO0Nt9PFS3mDa8YV/qPXd
6n3VLt+0vRTZ217FC+Cd//74TaJQGZ66YBWVjXD1FW8M9GQ/le3Tc2VHxEc/bJBL
N8ebXVE7OQM7Rq1ON14otIOJzUNZRcqisumFZsns8EFtZe/9z2HyRYtT8BpZLxZK
lvOgxVpp8CJxt5cSnJEwzVKeNtKZvcireE54lWgEijAZDqqZQruRMashPD52PkWQ
kY9XXpHYqxupQ7htBC3nhzCrPZYhCDj+RZ07Hz/b912GJTDhnm7rBVesmbJ5Cejq
h17iZEOdPNDw4Paki3pWj5Ddfq1hz4zznY70cx6av63RbxyM7VGb0R1pfSCMKaVd
dBI7fZbowzE22rpB2pVN2Xxv7qIZKcHRwtSnM5Q+VLC5hrHV9TcdXR5pE5xTNbnr
svPp8jSrqZEdDhIPche7FBTNdoanbHP+8B8ud3VP+AUCWjg4X9c=
=J95R
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to