Your message dated Fri, 14 Oct 2016 20:10:20 +0000 with message-id <e1bv8o8-00015s...@franck.debian.org> and subject line Bug#839827: fixed in freeimage 3.15.4-4.2+deb8u1 has caused the Debian Bug report #839827, regarding freeimage: CVE-2016-5684 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 839827: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839827 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: freeimage Version: 3.17.0+ds1-2 Severity: grave Tags: security upstream Justification: user security hole Hi, the following vulnerability was published for freeimage. CVE-2016-5684[0]: XMP Image Handling Code Execution Vulnerability If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-5684 Please adjust the affected versions in the BTS as needed. Only sid has been checked source wise in this case. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: freeimage Source-Version: 3.15.4-4.2+deb8u1 We believe that the bug you reported is fixed in the latest version of freeimage, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 839...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Anton Gladky <gl...@debian.org> (supplier of updated freeimage package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 11 Oct 2016 21:00:24 +0200 Source: freeimage Binary: libfreeimage-dev libfreeimage3 libfreeimage3-dbg Architecture: source Version: 3.15.4-4.2+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian QA Group <packa...@qa.debian.org> Changed-By: Anton Gladky <gl...@debian.org> Description: libfreeimage-dev - Support library for graphics image formats (development files) libfreeimage3 - Support library for graphics image formats (library) libfreeimage3-dbg - Support library for graphics image formats (debugging symbols) Closes: 786790 839827 Changes: freeimage (3.15.4-4.2+deb8u1) jessie-security; urgency=high . * [f51f898] Fix CVE-2015-3885: integer overflow in the ljpeg_start function (Closes: #786790) * [b2e0c3f] Fix CVE-2016-5864: apply patch from wheezy-security. Thanks to Salvatore Bonaccorso, Balint Reczey and Chris Lamb (Closes: #839827) Checksums-Sha1: ea30cb74210f4e847c67cf6ef2c56c4f2a9d98df 2160 freeimage_3.15.4-4.2+deb8u1.dsc 0a33537e32ad9bd4cf7b151a32de96905da27d3e 5768019 freeimage_3.15.4.orig.tar.gz 3ce43cf089d11596f14ea34fbf79d60744305524 34200 freeimage_3.15.4-4.2+deb8u1.debian.tar.xz Checksums-Sha256: 25905f9ec54630e38cfda93391f876779f5b6ff5c413b765e2537f788b61c375 2160 freeimage_3.15.4-4.2+deb8u1.dsc f85b43e8bffda2b26b15a2d09242a77dd08ba17d7207ec2f18278163a29565d9 5768019 freeimage_3.15.4.orig.tar.gz 3099001958df24a48afaa4d4c4f913656de4d8ca8705cdb9d0846418cd14cb17 34200 freeimage_3.15.4-4.2+deb8u1.debian.tar.xz Files: 6f12176255121ffc422cf4c67d9cdf6e 2160 libs optional freeimage_3.15.4-4.2+deb8u1.dsc a1164eb85ab51bda023328ec740a5679 5768019 libs optional freeimage_3.15.4.orig.tar.gz 088bb33194e5b256e8f6a9bbb7805830 34200 libs optional freeimage_3.15.4-4.2+deb8u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJX/VVzAAoJENPhc4PPp/8GptcP/0PCO+rWGX6SF09UF8IvEzBB pgKk+e3AYR+VdsMhVdHMVWytwMSOa5yGs+6ZZHZKOUV8JgA+4ohFINxZJ5Xpcfr6 kA53+g/L/r+WyOsXJTVdG1PDd9wOA5aLb4JV4lzxoo/lY6JS7oEYzSOC/PbLGZTp TS+EF32lmo9JMjhYe5Nxr3qq5CuWCLBW3QadSfLQQoYnoxTD5Sxtn4aRzz8ocwpe 6U2cgGFuKez+1o6GpNrihV97pW9jKWPWXjA4+GCLG9Th9X9C7zgD3mx1yRmOhT5i yDN8fXm3xxoLAI2etX5IuqMuCuKRRcB/Q3ypsKAkAxiUksND8UPpLb6C4q0AzepN YMUCL3h27FFcwHViFRS3UOxiH5i6uJqHdRMqeIedG1qyNUnQv4c9QWOdOfnp+Kvi oFT0f7XEwEOKVcl0L180Q702ZWqtVncMRkep/sxvd80Gog/ykPoT6bOa0i2qzJXd yLXNHkAKYSbf3zz74zL/s65EE/qiiIAMdYMrD/LsGg7c2uz7V54Cw/VHneeMFsar dNKnGUx4g2ZaX9LcxwCIaw0L8yflpFPLxQCcmcLQA7uEMollY2wpNeLXdvpSCE1U DQC8l/hp8EHvHmhoq17V2vZn+5aJGLTYwbkOTzt1fi3QRycXnVs0y3FMl50K55uc pqGHaAUYwuH4tcXPnh+p =9+YY -----END PGP SIGNATURE-----
--- End Message ---
-- debian-science-maintainers mailing list debian-science-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/debian-science-maintainers
