Your message dated Mon, 08 Apr 2019 20:48:51 +0000 with message-id <e1hdbcf-000a97...@fasolo.debian.org> and subject line Bug#917807: fixed in libcaca 0.99.beta19-2.1 has caused the Debian Bug report #917807, regarding libcaca: CVE-2018-20544 CVE-2018-20545 CVE-2018-20546 CVE-2018-20547 CVE-2018-20548 CVE-2018-20549 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 917807: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917807 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libcaca Version: 0.99.beta19-2 Severity: important Tags: security upstream fixed-upstream Hi, The following vulnerabilities were published for libcaca. CVE-2018-20544[0]: | There is floating point exception at caca/dither.c (function | caca_dither_bitmap) in libcaca 0.99.beta19. CVE-2018-20545[1]: | There is an illegal WRITE memory access at common-image.c (function | load_image) in libcaca 0.99.beta19 for 4bpp data. CVE-2018-20546[2]: | There is an illegal READ memory access at caca/dither.c (function | get_rgba_default) in libcaca 0.99.beta19 for the default bpp case. CVE-2018-20547[3]: | There is an illegal READ memory access at caca/dither.c (function | get_rgba_default) in libcaca 0.99.beta19 for 24bpp data. CVE-2018-20548[4]: | There is an illegal WRITE memory access at common-image.c (function | load_image) in libcaca 0.99.beta19 for 1bpp data. CVE-2018-20549[5]: | There is an illegal WRITE memory access at caca/file.c (function | caca_file_read) in libcaca 0.99.beta19. Note: obviously I realize given you are both upstream am Debian maintainer you have already fixed this upstream with the reports submitted and two of those issues are actually unimportant as the Debian build does not use the fallback. Reporting these issues still in the BTS for tracking purpose. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-20544 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20544 [1] https://security-tracker.debian.org/tracker/CVE-2018-20545 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20545 [2] https://security-tracker.debian.org/tracker/CVE-2018-20546 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20546 [3] https://security-tracker.debian.org/tracker/CVE-2018-20547 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20547 [4] https://security-tracker.debian.org/tracker/CVE-2018-20548 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20548 [5] https://security-tracker.debian.org/tracker/CVE-2018-20549 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20549 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libcaca Source-Version: 0.99.beta19-2.1 We believe that the bug you reported is fixed in the latest version of libcaca, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 917...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Tobias Frost <t...@debian.org> (supplier of updated libcaca package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 06 Apr 2019 22:18:41 +0200 Source: libcaca Architecture: source Version: 0.99.beta19-2.1 Distribution: unstable Urgency: medium Maintainer: Sam Hocevar <s...@debian.org> Changed-By: Tobias Frost <t...@debian.org> Closes: 917807 Changes: libcaca (0.99.beta19-2.1) unstable; urgency=medium . * Non-maintainer upload. * Cherry-Pick fixes from upstream git repository: - CVE-2018-20545, CVE-2018-20546, CVE-2018-20547,CVE-2018-20548 and CVE-2018-20549 (Closes: #917807) Checksums-Sha1: 2e1614dd299b7b7c39425e48b2d31c63ca9f7754 2224 libcaca_0.99.beta19-2.1.dsc 2d1ec4d5c49f78ed4348484c5c32c9dc8c10dc3a 12624 libcaca_0.99.beta19-2.1.debian.tar.xz 25dd46f63e4c858645423de74a5c337694e82e6a 8416 libcaca_0.99.beta19-2.1_source.buildinfo Checksums-Sha256: 952f7ad2716b6c227597298ffc7d37b0ce199e18b58a5a810019473299e72b99 2224 libcaca_0.99.beta19-2.1.dsc 7e2e265972d56c9aeb46686378a25543c6a3d2810cc1649102884dbe9aaf947a 12624 libcaca_0.99.beta19-2.1.debian.tar.xz 429ca726810739703e22cd18e6e1c01bbb1798024eaef596739091708199eaba 8416 libcaca_0.99.beta19-2.1_source.buildinfo Files: 436e73482e570ec80763d4839ea6aa3a 2224 libs optional libcaca_0.99.beta19-2.1.dsc c7b52b38fcf26c2fcbc8bdef5cc99928 12624 libs optional libcaca_0.99.beta19-2.1.debian.tar.xz 414a1cc1b23fc0acc6bd653c86be9151 8416 libs optional libcaca_0.99.beta19-2.1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAlypCjIACgkQkWT6HRe9 XTYHZBAA0WPV2UWce3+bRaq6uUYOARUiW3bplW1JdNeDbh4po5LIgUJlyqYDk+3d /5cBuK+5M0Xz8KVn/2TYIKYW8RM6E5/6atWiNWHaWFwOqUr4n2juaMy3WyuMxb/c qp/m4VPgYyfMz7CSsnQS3CiEgD0ZVq2MCMFSDfnz6h5RffHNunHW1rz4aNS9kjP1 qIRNMThJY6PqygrIez4tP7lhBPYBvaj8DSZlsrkm4jV2RfxHvWTOfZzpgB6jvFWl /CkqX+wLDiXM/Vh3kJKV5f+MkAvd7UnWqCq/+qRe0j+oj28RsbQ6DdrEVU9zZQA5 NGGqsyr/2sd8Fi7BQzazR//rWlg4S1fRiukihuTaPv7GNMaDi7/Cv4UBTpb3FmQs BeLRgSxEeM6xoi7RuDw65BZunaJWLxrSiMwwImW98n2p6MgQaX8wvid7rHBnp4Rl rCoFV+aadzdn+TzleFLQMkBlCHSv1zIMcTn2l+MQommOmLe+BcS1x7TfzPyrehW1 hLLz7Qu5M5swlISpA04OErCEx7y6uPqwPK4s8RALQNR5WPpYjTVuHRa1jeVG0w/8 +jjpyYD2IpKGEeSi+Csok6LVcQu65UMleGnayjpjxKh4GO/wNsh+zNuxxUal0JwF QrAgy+gpLCIdp0HzUv4X6OPKp25SxD4/bEIm6sCcALCsuASsI3Y= =MvhB -----END PGP SIGNATURE-----
--- End Message ---
