Bug#284124: marked as done (multiple heap overflows (CAN-2004-1095))

[Debian Bug Tracking System]

Your message dated Thu, 18 Aug 2005 00:02:05 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#284124: fixed in zgv 5.9-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 3 Dec 2004 21:07:02 +0000
>From [EMAIL PROTECTED] Fri Dec 03 13:07:02 2004
Return-path: <[EMAIL PROTECTED]>
Received: from kitenet.net [64.62.161.42] (postfix)
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1CaKdq-0005Ed-00; Fri, 03 Dec 2004 13:07:02 -0800
Received: from dragon.kitenet.net (unknown [66.168.94.144])
        (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
        (Client CN "Joey Hess", Issuer "Joey Hess" (verified OK))
        by kitenet.net (Postfix) with ESMTP id D09FC1804E
        for <[EMAIL PROTECTED]>; Fri,  3 Dec 2004 21:07:01 +0000 (GMT)
Received: by dragon.kitenet.net (Postfix, from userid 1000)
        id 59FC46E508; Fri,  3 Dec 2004 16:08:33 -0500 (EST)
Date: Fri, 3 Dec 2004 16:08:33 -0500
From: Joey Hess <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: multiple heap overflows (CAN-2004-1095)
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="dDRMvlgZJXvWKvBx"
Content-Disposition: inline
X-Reportbug-Version: 3.2
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
        autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 


--dDRMvlgZJXvWKvBx
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Package: zgv
Version: 5.7-1.2
Severity: grave
Tags: patch, security

There are a bunch of buffer overflows in zgv. See
http://marc.theaimsgroup.com/?l=3Dbugtraq&m=3D109886210702781&w=3D2

Upstream has a patch at http://www.svgalib.org/rus/zgv/ and promised a
better fix later. This patch should be applied to Debian immediatly.

--=20
see shy jo

--dDRMvlgZJXvWKvBx
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBsNXRd8HHehbQuO8RAqXzAKDadHbltGMdy62Owc5e5KIlMu+4TgCfTi8e
+8PfLiqTG2W20A+kvtXtcRM=
=3u2n
-----END PGP SIGNATURE-----

--dDRMvlgZJXvWKvBx--

---------------------------------------
Received: (at 284124-close) by bugs.debian.org; 18 Aug 2005 07:11:21 +0000
>From [EMAIL PROTECTED] Thu Aug 18 00:11:21 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
        id 1E5ePd-0006mX-00; Thu, 18 Aug 2005 00:02:05 -0700
From: Christian Haggstrom <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#284124: fixed in zgv 5.9-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Thu, 18 Aug 2005 00:02:05 -0700
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 4

Source: zgv
Source-Version: 5.9-1

We believe that the bug you reported is fixed in the latest version of
zgv, which is due to be installed in the Debian FTP archive:

zgv_5.9-1.diff.gz
  to pool/main/z/zgv/zgv_5.9-1.diff.gz
zgv_5.9-1.dsc
  to pool/main/z/zgv/zgv_5.9-1.dsc
zgv_5.9-1_i386.deb
  to pool/main/z/zgv/zgv_5.9-1_i386.deb
zgv_5.9.orig.tar.gz
  to pool/main/z/zgv/zgv_5.9.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christian Haggstrom <[EMAIL PROTECTED]> (supplier of updated zgv package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 17 Aug 2005 00:17:57 +0200
Source: zgv
Binary: zgv
Architecture: source i386
Version: 5.9-1
Distribution: unstable
Urgency: low
Maintainer: Christian Haggstrom <[EMAIL PROTECTED]>
Changed-By: Christian Haggstrom <[EMAIL PROTECTED]>
Description: 
 zgv        - SVGAlib graphics viewer
Closes: 262164 263240 263785 284124 321593
Changes: 
 zgv (5.9-1) unstable; urgency=low
 .
   * New upstream release.
     - Added more multiple-image GIF brokenness checks than before.
     - Fixed a problem with freeing memory when a GIF fails to load.
     - Fixed a possible hang when reading GIF files with corrupted extension
       blocks.
     - Fixed a possible hang when reading corrupted non-raw PBM files.
     - Added support for dithering in 15/16-bit modes.
   * Acknowledge security fix in NMU, closes: #284124. The patch also fixed
     CAN-2004-0999: Animated GIF causes segfault.
   * Acknowledge NMUs. Closes: #263240, #262164
   * debian/control: Add amd64 to the list of architectures. Closes: #263785
   * debian/presubj: Suggest bug reporters to consider svgalib instead.
     Many bugs reported on zgv are in fact in svgalib.
   * debian/rules: Don't use deprecated dh_installmanpages.
   * debian/postinst, debian/rules: Use chmod instead of dpkg-statoverride
     for the suid root binary. Closes: #321593
Files: 
 b1c32f6bfc7d7947cc46e0d1c422d6b7 610 graphics optional zgv_5.9-1.dsc
 d65a434ddeb612f0c488177f873afad2 395525 graphics optional zgv_5.9.orig.tar.gz
 d550ac2923af858d3ee08a67a37e4852 8863 graphics optional zgv_5.9-1.diff.gz
 0036a33ebeecc6681754930dfc24c243 235428 graphics optional zgv_5.9-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDBC1sjfWLtkqIVOYRAnVqAJ9dK9ZKpEZD0j0jiVBRBD+Wo8gVDwCfUiMi
eMCs9pHC+5V47G06hOosTWM=
=Gbtq
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]