Your message dated Mon, 5 Apr 2010 15:23:19 +0200
with message-id <[email protected]>
and subject line Re: Bug#576469: imlib2: CVE-2008-6079 multiple vulnerabilities
has caused the Debian Bug report #576469,
regarding imlib2: CVE-2008-6079 multiple vulnerabilities
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
576469: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576469
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: imlib2
Version: 1.4.0-1.2
Severity: important
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for imlib2, which is claimed fixed by upstream 1.4.2, which
is already in unstable. lenny is very likely affected, but I can't find
any actionable info, so you will need to touch base upstream to figure
this out.
CVE-2008-6079[0]:
| Multiple unspecified vulnerabilities in imlib2 before 1.4.2 have
| unknown impact and attack vectors.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6079
http://security-tracker.debian.org/tracker/CVE-2008-6079
--- End Message ---
--- Begin Message ---
Version: 1.4.2-1
Hey,
* Michael Gilbert <[email protected]> [2010-04-05 00:34]:
> Package: imlib2
> Version: 1.4.0-1.2
> Severity: important
raised the severity
> the following CVE (Common Vulnerabilities & Exposures) id was
> published for imlib2, which is claimed fixed by upstream 1.4.2, which
> is already in unstable. lenny is very likely affected, but I can't find
> any actionable info, so you will need to touch base upstream to figure
> this out.
This is indeed fixed in 1.4.2. For lenny, yes it is affected and actually I
already identified and backported the fixes to the lenny version. This is
about multiple buffer overflows (heap and stack based) in various loaders. The
stable update will come today or tomorrow.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - [email protected] - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
pgpPs4uGz2XhL.pgp
Description: PGP signature
--- End Message ---