Your message dated Sat, 13 May 2017 16:48:53 +0000
with message-id <[email protected]>
and subject line Bug#862446: fixed in lepton 1.2.1+20170405-1
has caused the Debian Bug report #862446,
regarding lepton: CVE-2017-8891
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
862446: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862446
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: lepton
Version: 1.2.1-2
Severity: important
Tags: upstream security
Forwarded: https://github.com/dropbox/lepton/issues/87
Hi,
the following vulnerability was published for lepton.
CVE-2017-8891[0]:
| Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a
| malformed lepton file because the code does not ensure setup of a
| correct number of threads.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-8891
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8891
[1] https://github.com/dropbox/lepton/issues/87
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: lepton
Source-Version: 1.2.1+20170405-1
We believe that the bug you reported is fixed in the latest version of
lepton, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
ChangZhuo Chen (陳昌倬) <[email protected]> (supplier of updated lepton package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 14 May 2017 00:16:01 +0800
Source: lepton
Binary: lepton
Architecture: source
Version: 1.2.1+20170405-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PhotoTools Maintainers
<[email protected]>
Changed-By: ChangZhuo Chen (陳昌倬) <[email protected]>
Description:
lepton - tool to compress JPEGs losslessly
Closes: 862446
Changes:
lepton (1.2.1+20170405-1) unstable; urgency=medium
.
* Use git snapshot 6d940eb00576f2b262e9c478c8dfed1559d32563 for
CVE-2017-8891 (Closes: #862446).
Checksums-Sha1:
a6eb688157d737aea1bf8205d51062c3cd2ecc81 2096 lepton_1.2.1+20170405-1.dsc
38a42d8dfe839a4feaf98ddc35bbd0810fca7e96 51828804
lepton_1.2.1+20170405.orig.tar.xz
cef76a68cef0ef63769c4a0b4715dab08bc4faa2 5456
lepton_1.2.1+20170405-1.debian.tar.xz
05d739b4d0d256fa9e5610c43c2e03905f5bce0e 6297
lepton_1.2.1+20170405-1_source.buildinfo
Checksums-Sha256:
72c418a0acc6964dc2aff5e1b4814e764abc80c77ac202d80e7a0a4d4e639c67 2096
lepton_1.2.1+20170405-1.dsc
a2f3f76603d0fc37fcde4d616e405b820912b1c28b952969e60c93314baccb55 51828804
lepton_1.2.1+20170405.orig.tar.xz
ff939c3670623e0f126566749c4279ac33fa2aefd74b6ca91aae8f58bc857cf4 5456
lepton_1.2.1+20170405-1.debian.tar.xz
23d91e552f63c1c531bf59ba6465e19f3aa744f9ce582195cdd4b2c9c07d95c8 6297
lepton_1.2.1+20170405-1_source.buildinfo
Files:
f1776008a2ecbb90a00bbb7e6fc205d7 2096 graphics optional
lepton_1.2.1+20170405-1.dsc
a9a4645754f1a53611e335a6888ca67b 51828804 graphics optional
lepton_1.2.1+20170405.orig.tar.xz
1605f641db603f77876f62d339b3848e 5456 graphics optional
lepton_1.2.1+20170405-1.debian.tar.xz
72e8e3e209f73e15263b8bb1db7ce8db 6297 graphics optional
lepton_1.2.1+20170405-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEE5H9tOJ8ReWWaF1PGrc2MXdaTaQFAlkXNOMACgkQGrc2MXda
TaR63A//bRdE5WCNVWMZjQNUSNVu6iFGCstg/ErcBYyFqqwJJu+DpDtTAb2AjQhK
Ao6vFOn46pe7SzwKv4wKwPPdl8rsb9AVgXDbwKjlVVaEMdhLVpISpCDf0MInp/O3
JRljlhfzB6miXI+o/LRaljU7XDwIsrbuEQHyvEsnwidWh88+fYeTc9N73V9c5lUm
rZmSQoui6MsaSXR3a5hVrZi6RSW2SvnFR2t8oLrUP5+x/Qiaa6BQgxrV9KM10waq
LgZ1i6VmvpMirEElI1pjUZUfuUwWJx2ZaMG3PdpLKFyFMZUO9Pmxh+HkW6mW0YR2
bIW0RWbeAC79hUDIBg2ZTEX7AXd1Qr/98kr+qfNrN0hHlnPKFEoZRrFXChzXmF0T
BTlSahJ0ixmXeBv8cG65HrcG/MVWo4frvuPxsgCmcMAvIzeIQ/jxEqG0QXLp4t9C
EtqC6hCQuRL2VdbE4qEoBZ6dRtQZF9FqLdomjrr4F/h1xeNDov8Q+9cLSHxra7hE
qmH4Et/h4pvMrO03fnWunksUJhe/0MHzYGCjkC3Y4fBkUbEqn4ljwyzdNMjmxbJo
RLphUh1585tMWpGGRVa/gQ28+R4aXBceH2M3kq3FqydMfot1d6mncWTlpc+p9y5u
SbnNBXrCwocX0urz6ref8OYFtAprXyidwz0PwL8INNb0op89+3M=
=lKqp
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Pkg-phototools-devel mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
