Your message dated Mon, 17 Dec 2007 18:47:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#456760: fixed in exiv2 0.15-2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: exiv2
Severity: grave
Tags: patch security
Hi,
an integer overflow was reporting in exiv2's EXIF parsing
code which results in a heap-based buffer overflow.
This is CVE-2007-6353 please include the CVE id in your
changelog if you fix the bug.
Because our stable security team is not able to share
information and work together with the testing security team
I can unfortunately just forward you to the bug trackers of
other distributions.
Please see:
https://bugzilla.redhat.com/show_bug.cgi?id=425921
https://bugs.gentoo.org/show_bug.cgi?id=202351
They also include a patch for the issue.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpo3kqi255W4.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: exiv2
Source-Version: 0.15-2
We believe that the bug you reported is fixed in the latest version of
exiv2, which is due to be installed in the Debian FTP archive:
exiv2_0.15-2.diff.gz
to pool/main/e/exiv2/exiv2_0.15-2.diff.gz
exiv2_0.15-2.dsc
to pool/main/e/exiv2/exiv2_0.15-2.dsc
exiv2_0.15-2_amd64.deb
to pool/main/e/exiv2/exiv2_0.15-2_amd64.deb
libexiv2-0_0.15-2_amd64.deb
to pool/main/e/exiv2/libexiv2-0_0.15-2_amd64.deb
libexiv2-dev_0.15-2_amd64.deb
to pool/main/e/exiv2/libexiv2-dev_0.15-2_amd64.deb
libexiv2-doc_0.15-2_all.deb
to pool/main/e/exiv2/libexiv2-doc_0.15-2_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Debian KDE Extras Team <[EMAIL PROTECTED]> (supplier of updated exiv2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 17 Dec 2007 19:13:11 +0100
Source: exiv2
Binary: libexiv2-0 exiv2 libexiv2-doc libexiv2-dev
Architecture: source all amd64
Version: 0.15-2
Distribution: unstable
Urgency: high
Maintainer: Debian KDE Extras Team <[EMAIL PROTECTED]>
Changed-By: Debian KDE Extras Team <[EMAIL PROTECTED]>
Description:
exiv2 - EXIF/IPTC metadata manipulation tool
libexiv2-0 - EXIF/IPTC metadata manipulation library
libexiv2-dev - EXIF/IPTC metadata manipulation library - development files
libexiv2-doc - EXIF/IPTC metadata manipulation library - HTML documentation
Closes: 456760
Changes:
exiv2 (0.15-2) unstable; urgency=high
.
[Ana Beatriz Guerrero Lopez]
* Team upload to fix security bug.
* Add patch to fix integer overflow in EXIF parsing.
CVE-2007-6353 (Closes: #456760)
Files:
5b8d46454017cfada87be91309ccb1c6 845 graphics optional exiv2_0.15-2.dsc
2247958520ab69227fcb730292340165 8209 graphics optional exiv2_0.15-2.diff.gz
7a3b5b1851268f51b8f6bd6b2b336cc5 2235442 doc optional
libexiv2-doc_0.15-2_all.deb
7e9ca57ec062efa3ee131bb17390f310 89940 graphics optional exiv2_0.15-2_amd64.deb
733fb934d8473024fb75984c7f0b6d76 355054 libs optional
libexiv2-0_0.15-2_amd64.deb
212f45ff8502a8396105f201a843aa24 764330 libdevel optional
libexiv2-dev_0.15-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Signed by Ana Guerrero
iD8DBQFHZsGpn3j4POjENGERAmnDAJ9i9aBAFaR2fAuFlyoSJzot2s9VDQCfbow/
moafcHpPl8On9j16j/koTC8=
=86/e
-----END PGP SIGNATURE-----
--- End Message ---
