Your message dated Sat, 15 Apr 2017 16:18:51 +0000
with message-id <[email protected]>
and subject line Bug#860367: fixed in feh 2.18-2
has caused the Debian Bug report #860367,
regarding feh: CVE-2017-7875
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
860367: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860367
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: feh
Version: 2.12-1
Severity: normal
Tags: upstream security patch fixed-upstream
Hi,
the following vulnerability was published for fehl.
CVE-2017-7875[0]:
| In wallpaper.c in feh before v2.18.3, if a malicious client pretends to
| be the E17 window manager, it is possible to trigger an out-of-boundary
| heap write while receiving an IPC message. An integer overflow leads to
| a buffer overflow and/or a double free.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-7875
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7875
[1] https://github.com/derf/feh/commit/f7a547b7ef8fc8ebdeaa4c28515c9d72e592fb6d
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: feh
Source-Version: 2.18-2
We believe that the bug you reported is fixed in the latest version of
feh, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <[email protected]> (supplier of updated feh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 15 Apr 2017 15:42:10 +0000
Source: feh
Binary: feh
Architecture: source amd64
Version: 2.18-2
Distribution: unstable
Urgency: high
Maintainer: Debian PhotoTools Maintainers
<[email protected]>
Changed-By: Laszlo Boszormenyi (GCS) <[email protected]>
Description:
feh - imlib2 based image viewer
Closes: 860367
Changes:
feh (2.18-2) unstable; urgency=high
.
* Backport security fix for CVE-2017-7875, double-free/OOB-write while
receiving IPC data (closes: #860367).
Checksums-Sha1:
8da94ede5c5792cc3818a5afe01baeee589a80fc 2050 feh_2.18-2.dsc
ca90db6ee23819a2efe0e1a92566ccdba6194339 17424 feh_2.18-2.debian.tar.bz2
94d54f90b49d270307aea93376b76c61638e4628 246792 feh-dbgsym_2.18-2_amd64.deb
52d9f52e8eddbf20ccc82d1eba581b2a15ba57c8 8639 feh_2.18-2_amd64.buildinfo
3ee0fd0e3f94457709dacb5a0db7f299a9ba28f7 196590 feh_2.18-2_amd64.deb
Checksums-Sha256:
7d04893150a9c2ff7287f0f3e9c76c067a8bd6c773f9bd241bb9512dc71ae1d6 2050
feh_2.18-2.dsc
0e80bf86a6396be2add9a889e79c652ffd158b7caa21450a1057eb880a2a4ed5 17424
feh_2.18-2.debian.tar.bz2
2fdf06233a9071afb30b3dcd8d2e7b10f1edc7fa27387989b5626acd2c7a7d61 246792
feh-dbgsym_2.18-2_amd64.deb
375c018232498a3d826444eb6b38c9f4726994ca0ad207810ca198032fde3702 8639
feh_2.18-2_amd64.buildinfo
01f9bab518e8736a5536e42d1a68129424b035983adf46cb276f5c087fcd6533 196590
feh_2.18-2_amd64.deb
Files:
aae9892572d8ba86a22a3766ca1b7afd 2050 graphics optional feh_2.18-2.dsc
ce30e6f81beba87a3b5b901abc054020 17424 graphics optional
feh_2.18-2.debian.tar.bz2
03bf595827adabc215d13fdd55f2ffc8 246792 debug extra feh-dbgsym_2.18-2_amd64.deb
ce8c5c629145eb7aa6a783c9d19bb9b4 8639 graphics optional
feh_2.18-2_amd64.buildinfo
d6ddd6661ef4180e6e5e742c94fafe6d 196590 graphics optional feh_2.18-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAljyQ/EACgkQ3OMQ54ZM
yL/iRxAApDrmF2tkGQUetJRHAe+S3WrXZ4ckKXKleHi9O8EGHlCIPiudnmQno/44
ff1a2fK9BlfNZOenoYA+7PyJ/cZMdpwOfnBa0ZRBg3Oa4WC5FpZ6WDnmTpITwJyk
hFVgI/hs3d1K71sgEnQSt1WF5TmU+l13nRx988JspVrvhKiCgtO7FpDSx0Eysddl
os3aL0d73u3IF7GnAxaTAY8l3Vj0frhBrxY53o4DY7/2pI6R60rGA4Ye4JllzSsj
IAE0OqpjDQQmJIiIfzk+iWmIlgy8qrsFXK+GjlIchcWPPv9+ALiruIBYkFZHANkC
+O0o+exgi/ZQLAwP53CCbohXTwUMGydEFJMywLpvw9DCjAJ2lfK1b2TlcJBwqCfV
pDXM6t1zoXPqn2jUBEpXE3mK700h7YhEPl0ZILIYzpbXPiUp2t6fZOKmLUhWJpOX
+5uML2tKEn8c+xAk29Y2mAQ/Hdk8msg8R0FHI7x0og/08IGDwVbwux/WZTyFVYVH
SJm2L8/ZLZXrrvdSAUWn9eHm08cysQqv83obhSTBoLAduSInPHtaVbpQpQm+T/ht
MIwv/+/aOPEtk95GXdyWHsGnHHzuPiQ7OsRW8FiTLc7cA/tQ8xx7Yh8DSeMm+tYH
/oqSGouKoTJP5uep27TfAuUA9emrsYVyHh8HeZ+IOX3+gLH5fsQ=
=lPZD
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Pkg-phototools-devel mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
