Your message dated Thu, 15 Jan 2009 19:17:04 +0000
with message-id <[email protected]>
and subject line Bug#511844: fixed in devil 1.7.5-3
has caused the Debian Bug report #511844,
regarding CVE-2008-5262: DevIL "iGetHdrHeader()" Buffer Overflow Vulnerabilities
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
511844: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511844
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: devil
Severity: grave
Tags: security
Justification: user security hole
Hi,
please see http://secunia.com/secunia_research/2008-59/ for details.
Cheers,
Moritz
-- System Information:
Debian Release: 5.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
--- End Message ---
--- Begin Message ---
Source: devil
Source-Version: 1.7.5-3
We believe that the bug you reported is fixed in the latest version of
devil, which is due to be installed in the Debian FTP archive:
devil_1.7.5-3.diff.gz
to pool/main/d/devil/devil_1.7.5-3.diff.gz
devil_1.7.5-3.dsc
to pool/main/d/devil/devil_1.7.5-3.dsc
libdevil-dev_1.7.5-3_i386.deb
to pool/main/d/devil/libdevil-dev_1.7.5-3_i386.deb
libdevil1c2_1.7.5-3_i386.deb
to pool/main/d/devil/libdevil1c2_1.7.5-3_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bradley Smith <[email protected]> (supplier of updated devil package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 15 Jan 2009 18:50:11 +0000
Source: devil
Binary: libdevil1c2 libdevil-dev
Architecture: source i386
Version: 1.7.5-3
Distribution: unstable
Urgency: low
Maintainer: Bradley Smith <[email protected]>
Changed-By: Bradley Smith <[email protected]>
Description:
libdevil-dev - Cross-platform image loading and manipulation toolkit
libdevil1c2 - Cross-platform image loading and manipulation toolkit
Closes: 511844
Changes:
devil (1.7.5-3) unstable; urgency=low
.
* 03_CVE-2008-5262.diff - Backport fix for CVE-2008-5262.
Closes: #511844.
Checksums-Sha1:
b768bdc6598cbabdeb94d3b8ac178e11567b1ae1 1269 devil_1.7.5-3.dsc
ae1ff3da1c4c4459544b998103883cf642746a73 13135 devil_1.7.5-3.diff.gz
d1dfa48ed0de3620cddd828bae8caef087e80d15 225496 libdevil1c2_1.7.5-3_i386.deb
ae7f642df0bc2ab13e44693453bfeeb8d28e3a64 267702 libdevil-dev_1.7.5-3_i386.deb
Checksums-Sha256:
4105736a5f217fe019aa930e50b52a4f437bc8def793f42913695e25be6b16f6 1269
devil_1.7.5-3.dsc
c437a1e968dc0ed7d19ce724d5effc7f1618cc01ef8de87d3d5c6765f2a4df96 13135
devil_1.7.5-3.diff.gz
ba5887cb706a97eab11d6cdbae26e70c42a925b96c5d3c9dd254bd1e00f3759b 225496
libdevil1c2_1.7.5-3_i386.deb
461d71c0413db84904748221cb394acc2046ccd1a025e4ad18daad70d70dcce1 267702
libdevil-dev_1.7.5-3_i386.deb
Files:
7ff99460f9e552a02d52014c3857ee2c 1269 devel optional devil_1.7.5-3.dsc
e1f5564a4cc62fce8cebfa5bc9eb97da 13135 devel optional devil_1.7.5-3.diff.gz
a1f385610b4af80e4cd0615949d71088 225496 libs optional
libdevil1c2_1.7.5-3_i386.deb
3677e77c253d09fd7a4f8777a68d36ea 267702 libdevel optional
libdevil-dev_1.7.5-3_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAklviQAACgkQj3BimscY00eRegCghGifrSrF2PTkIXx9OVQYnFPw
BEwAn00467iA257YtP4UtlnFN8UAJaN7
=KkUr
-----END PGP SIGNATURE-----
--- End Message ---
