Your message dated Tue, 11 Sep 2012 12:17:55 +0000 with message-id <e1tbppf-0007uo...@franck.debian.org> and subject line Bug#687275: fixed in argyll 1.4.0-7 has caused the Debian Bug report #687275, regarding CVE-2012-4405 integer overflow leading to heap based buffer overflow in embedded icclib to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 687275: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687275 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: ghostscript Severity: grave Tags: security patch Hi, the following vulnerability was published for ghostscript. Quoting from the original report, as the mitre entry does not exist so far.. CVE-2012-4405[0]: | An array index error leading to heap-based buffer out-of-buffer bounds write | flaw was found in the way International Color Consortium (ICC) Format library | (aka icclib) as used in Ghostscript and Argyll Color Management System computed | dimensional increment through the clut based on the count of input channels. | Using specially-crafted ICC profiles, an attacker could create a malicious | PostScript or PDF file with embedded images which would cause Ghostscript to | crash or, potentially, execute arbitrary code when opened by the victim. | Similarly when such specially-crafted ICC profile was inspected by some of the | Argyll Color Management System tools it could lead to particular executable | crash or, arbitrary code execution with the privileges of the user running the If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4405 http://security-tracker.debian.org/tracker/CVE-2012-4405 Patch: https://bugzilla.redhat.com/attachment.cgi?id=609986 -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0AAAA
pgpr5klM5VxNb.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---Source: argyll Source-Version: 1.4.0-7 We believe that the bug you reported is fixed in the latest version of argyll, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 687...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Christian Marillat <maril...@debian.org> (supplier of updated argyll package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 11 Sep 2012 13:45:12 +0200 Source: argyll Binary: argyll argyll-dbg icc-utils libicc-dev libicc2 libimdi-dev libimdi0 Architecture: source i386 Version: 1.4.0-7 Distribution: unstable Urgency: high Maintainer: Christian Marillat <maril...@debian.org> Changed-By: Christian Marillat <maril...@debian.org> Description: argyll - Color Management System, calibrator and profiler argyll-dbg - debugging symbols for argyll icc-utils - ICC profile I/O library libicc-dev - Development files for the ICC profile I/O library libicc2 - ICC profile I/O library libimdi-dev - Development files for the IMDI library libimdi0 - Integer Multi-Dimensional Interpolation routines (IMDI) library Closes: 687275 Changes: argyll (1.4.0-7) unstable; urgency=high . * New patch 04_CVE-2012-4405.diff to fix CVE-2012-4405 issue (Closes: #687275) Checksums-Sha1: 14585742c2bc3aeee90ae53a9ebf7ce671555dcc 1607 argyll_1.4.0-7.dsc f8369f58d44738a56926690ad666131917c3475e 350784 argyll_1.4.0-7.debian.tar.gz 23d971409d88bec51e70a468118909c1d604e2ec 161428 libicc2_2.12+argyll1.4.0-7_i386.deb 9bac964702cfc62265f538275490f1779c564cb3 186336 libicc-dev_2.12+argyll1.4.0-7_i386.deb b1ab996312224bf85889df4e3cf750a5b2abe122 4374052 argyll_1.4.0-7_i386.deb 119e95964247c9f1b0000671c2dc498e42ae3eef 4176918 argyll-dbg_1.4.0-7_i386.deb ee6368e0c537c1677f068518fab2a7138c40e3dd 73662 icc-utils_1.4.0-7_i386.deb f8c0f6dca394157ac957089cd2854ad3ca73ca6a 220068 libimdi-dev_1.4.0-7_i386.deb 05e09bb5d7adfef6176be1cf28f11d466c73cb16 241328 libimdi0_1.4.0-7_i386.deb Checksums-Sha256: c6508a1a1cc7f0d17c276e810b9806ceb2f7ea3a9d2327d30fb685cecc55e5d0 1607 argyll_1.4.0-7.dsc 454075b9d069c48ba5091bc3bbf2023f793da9e0a50e31b83939017a6821ad15 350784 argyll_1.4.0-7.debian.tar.gz 2c7ac9394c03c825f6ba8f20cd906f3a8d976fdcb3a11b3120100e401e9179f3 161428 libicc2_2.12+argyll1.4.0-7_i386.deb 49c7eaf5734f91a012acd1ec920091474faaa1e0bb51ceffdbc7288791d458fc 186336 libicc-dev_2.12+argyll1.4.0-7_i386.deb 1361d4ec1c82c22a00b4f128510b61706670fd16c3220ca83cedb8a024f3f1c9 4374052 argyll_1.4.0-7_i386.deb ca56b0f3ca88faba812ebda7366fc0aa9d4faa695ccac195f2fff08cf4e6b7da 4176918 argyll-dbg_1.4.0-7_i386.deb bc4d0f9a4f17a7852e08e8d0a629f0d8a1a761a01dc526a542926540f368dd3b 73662 icc-utils_1.4.0-7_i386.deb 85de227e057f947d732d006b16bf6690f6812d5366e842f07689f5209d42f77d 220068 libimdi-dev_1.4.0-7_i386.deb cecb0eb5312c8ee516824f6adcc91b9655dd8a515461a62a843f74c210af1fdb 241328 libimdi0_1.4.0-7_i386.deb Files: 80034338598c8d1957e13ab6fdca8075 1607 graphics optional argyll_1.4.0-7.dsc 7ba9230dfe163af1b609d39e47bb52f3 350784 graphics optional argyll_1.4.0-7.debian.tar.gz 5d20958796d896bfb2dac609b3e3676e 161428 libs optional libicc2_2.12+argyll1.4.0-7_i386.deb 21de8666d88110c4af7a42fe1aa75e40 186336 libdevel optional libicc-dev_2.12+argyll1.4.0-7_i386.deb 7eaf4f8c626cbe17585cf195027dadb8 4374052 graphics optional argyll_1.4.0-7_i386.deb 9fdbced2d8c04f43b08fb7035bb46f33 4176918 debug extra argyll-dbg_1.4.0-7_i386.deb cce892dc865cdfdc45ac6a7c12a3961c 73662 graphics optional icc-utils_1.4.0-7_i386.deb f6290368ff89f29416d772f56faff34a 220068 libdevel optional libimdi-dev_1.4.0-7_i386.deb d56a598743569b7735ee9cb59d5d6dfe 241328 libs optional libimdi0_1.4.0-7_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFQTyeeB9xWPR9BuQcRAueAAJ4iWCmDuJxaoKtz3PPvZiWJ4AAd/wCffdCu YT/oeQ9cOJgZNYZrks5qCY8= =6vrC -----END PGP SIGNATURE-----
--- End Message ---
