Your message dated Fri, 21 Dec 2007 17:17:04 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#457330: fixed in libexif 0.6.16-2.1 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message ---Package: libexif Version: 0.6.9-6sarge1 Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for libexif. CVE-2007-6352[0]: | Integer overflow in libexif 0.6.16 and earlier allows | context-dependent attackers to execute arbitrary code via an image | with crafted EXIF tags. CVE-2007-6351[1]: | libexif 0.6.16 and earlier allows context-dependent | attackers to cause a denial of service (infinite recursion) | via an image file with crafted EXIF tags. If you fix this vulnerability please also include the CVE id in your changelog entry. For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6352 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6351 Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.pgp8brGpieqfN.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---Source: libexif Source-Version: 0.6.16-2.1 We believe that the bug you reported is fixed in the latest version of libexif, which is due to be installed in the Debian FTP archive: libexif-dev_0.6.16-2.1_i386.deb to pool/main/libe/libexif/libexif-dev_0.6.16-2.1_i386.deb libexif12_0.6.16-2.1_i386.deb to pool/main/libe/libexif/libexif12_0.6.16-2.1_i386.deb libexif_0.6.16-2.1.diff.gz to pool/main/libe/libexif/libexif_0.6.16-2.1.diff.gz libexif_0.6.16-2.1.dsc to pool/main/libe/libexif/libexif_0.6.16-2.1.dsc A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Nico Golde <[EMAIL PROTECTED]> (supplier of updated libexif package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Fri, 21 Dec 2007 17:13:58 +0100 Source: libexif Binary: libexif12 libexif-dev Architecture: source i386 Version: 0.6.16-2.1 Distribution: unstable Urgency: high Maintainer: Frederic Peters <[EMAIL PROTECTED]> Changed-By: Nico Golde <[EMAIL PROTECTED]> Description: libexif-dev - library to parse EXIF files (development files) libexif12 - library to parse EXIF files Closes: 457330 457330 Changes: libexif (0.6.16-2.1) unstable; urgency=high . * Non-maintainer upload by security team. * This update addresses the following security issues: - possible denial of service attack via crafted image file leading to an infinite recursion in the exif-loader.c (CVE-2007-6351; Closes: #457330). - integer overflow in exif-data.c triggered by a crafted image file could lead to arbitrary code execution (CVE-2007-6352; Closes: #457330). Files: a22d0350058d240f2fb337c473ebe0fd 615 libs optional libexif_0.6.16-2.1.dsc 077206efeafbee981b41f5eea67024c7 15103 libs optional libexif_0.6.16-2.1.diff.gz d92a74a44d95d55f1d8b44381af7a0de 147904 libdevel optional libexif-dev_0.6.16-2.1_i386.deb 70683c69cdc384dd6717c88f09557c2e 235592 libs optional libexif12_0.6.16-2.1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHa/CKHYflSXNkfP8RAjnsAKCEGaAjLE940JGa7SX+PlpOEleDxQCcC+qO M+NaccVuEGJEEZYJfmj3bcI= =pxdQ -----END PGP SIGNATURE-----
--- End Message ---