Your message dated Mon, 07 Mar 2005 13:17:17 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#298464: fixed in libexif 0.6.9-5
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 7 Mar 2005 17:27:05 +0000
>From [EMAIL PROTECTED] Mon Mar 07 09:27:05 2005
Return-path: <[EMAIL PROTECTED]>
Received: from box79162.elkhouse.de [213.9.79.162]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1D8M0X-000606-00; Mon, 07 Mar 2005 09:27:05 -0800
Received: from martin by box79162.elkhouse.de with local (Exim 4.44)
id 1D8M01-0005yc-1g
for [EMAIL PROTECTED]; Mon, 07 Mar 2005 18:26:33 +0100
Date: Mon, 7 Mar 2005 18:26:32 +0100
From: Martin Pitt <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: libexif10: Vulnerable to buffer overflows
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="k+w/mQv8wyuph6w0"
Content-Disposition: inline
X-Reportbug-Version: 3.8
X-Debbugs-Cc: [EMAIL PROTECTED]
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
--k+w/mQv8wyuph6w0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Package: libexif10
Severity: grave
Tags: security patch
Justification: user security hole
Hi!
libexif is vulnerable against some buffer overflows. Please see
https://bugzilla.ubuntulinux.org/show_bug.cgi?id=3D7152
for details. You can get the Ubuntu patch at
http://patches.ubuntu.com/patches/libexif.security.diff
Thanks,
Martin
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.11
Locale: LANG=3Dde_DE.UTF-8, LC_CTYPE=3Dde_DE.UTF-8 (charmap=3DUTF-8)
Versions of packages libexif10 depends on:
ii libc6 2.3.2.ds1-20 GNU C Library: Shared librarie=
s an
--=20
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntulinux.org
Debian GNU/Linux Developer http://www.debian.org
--k+w/mQv8wyuph6w0
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFCLI7IDecnbV4Fd/IRAvl2AKDX3CCVgLs2tlo6Jfe7pEDzVM0ojgCg778i
L7IgeMWVEfyMuZ3hCOholAw=
=1UbC
-----END PGP SIGNATURE-----
--k+w/mQv8wyuph6w0--
---------------------------------------
Received: (at 298464-close) by bugs.debian.org; 7 Mar 2005 18:23:08 +0000
>From [EMAIL PROTECTED] Mon Mar 07 10:23:07 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1D8Msl-0005ef-00; Mon, 07 Mar 2005 10:23:07 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1D8Mn7-00043h-00; Mon, 07 Mar 2005 13:17:17 -0500
From: Frederic Peters <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#298464: fixed in libexif 0.6.9-5
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Mon, 07 Mar 2005 13:17:17 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Source: libexif
Source-Version: 0.6.9-5
We believe that the bug you reported is fixed in the latest version of
libexif, which is due to be installed in the Debian FTP archive:
libexif-dev_0.6.9-5_i386.deb
to pool/main/libe/libexif/libexif-dev_0.6.9-5_i386.deb
libexif10_0.6.9-5_i386.deb
to pool/main/libe/libexif/libexif10_0.6.9-5_i386.deb
libexif_0.6.9-5.diff.gz
to pool/main/libe/libexif/libexif_0.6.9-5.diff.gz
libexif_0.6.9-5.dsc
to pool/main/libe/libexif/libexif_0.6.9-5.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Frederic Peters <[EMAIL PROTECTED]> (supplier of updated libexif package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 7 Mar 2005 18:56:31 +0100
Source: libexif
Binary: libexif10 libexif-dev
Architecture: source i386
Version: 0.6.9-5
Distribution: unstable
Urgency: high
Maintainer: Frederic Peters <[EMAIL PROTECTED]>
Changed-By: Frederic Peters <[EMAIL PROTECTED]>
Description:
libexif-dev - library to parse EXIF files (development files)
libexif10 - library to parse EXIF files
Closes: 298464
Changes:
libexif (0.6.9-5) unstable; urgency=high
.
* Urgency high since it fixes a security issue.
* Patch provided from Ubuntu by Martin Pitt, written by Sylvain Defresne.
* libexif/exif-data.c: Add buffer size checks in several places before
trying to access it. (closes: #298464)
* Reference: https://bugzilla.ubuntulinux.org/show_bug.cgi?id=7152
* debian/control: reworded description synopsis.
Files:
ea2a9569859ce74f1c07f58cc7bf9dac 579 libs optional libexif_0.6.9-5.dsc
5c75af2ea0bac0cebc858b8ee596d5c7 4322 libs optional libexif_0.6.9-5.diff.gz
593b699131a8b5469b0bd8ea73c4a7ff 66588 libdevel optional
libexif-dev_0.6.9-5_i386.deb
be542f3a7366f8c31379447f40a51754 80952 libs optional libexif10_0.6.9-5_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCLJaPoR3LsWeD7V4RAryRAJ9Kz1jbhiKz2tc6SvGg8elF1KuM1wCdFyJj
LGwOhNa32GLGWoHtVZUDrLw=
=TTCt
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
