Your message dated Wed, 18 Nov 2015 18:05:17 +0000 with message-id <e1zz76b-0002uk...@franck.debian.org> and subject line Bug#805113: fixed in libpng 1.2.54-1 has caused the Debian Bug report #805113, regarding CVE-2015-8126: buffer overflow to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 805113: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=805113 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: libpng12-0 Version: 1.2.50-2+b2 Severity: critical Tags: security upstream Quoting https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8126 > Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE > functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and > 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote > attackers to cause a denial of service (application crash) or possibly have > unspecified other impact via a small bit-depth value in an IHDR (aka image > header) chunk in a PNG image. In particular, "1.1.x and 1.2.x before 1.2.54". -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.3.0-trunk-amd64 (SMP w/4 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libpng12-0 depends on: ii libc6 2.19-22 ii multiarch-support 2.19-22 ii zlib1g 1:1.2.8.dfsg-2+b1 libpng12-0 recommends no packages. libpng12-0 suggests no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Source: libpng Source-Version: 1.2.54-1 We believe that the bug you reported is fixed in the latest version of libpng, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 805...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Nobuhiro Iwamatsu <iwama...@debian.org> (supplier of updated libpng package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 18 Nov 2015 11:00:42 +0900 Source: libpng Binary: libpng12-0 libpng12-dev libpng3 libpng12-0-udeb Architecture: source amd64 Version: 1.2.54-1 Distribution: unstable Urgency: medium Maintainer: Anibal Monsalve Salazar <ani...@debian.org> Changed-By: Nobuhiro Iwamatsu <iwama...@debian.org> Description: libpng12-0 - PNG library - runtime libpng12-0-udeb - PNG library - minimal runtime library (udeb) libpng12-dev - PNG library - development libpng3 - PNG library - runtime Closes: 803078 805113 Changes: libpng (1.2.54-1) unstable; urgency=medium . * New upstream release. (Closes: #803078, #805113) * Remove patches/02-required-space.patch. Already applied in upstream. * Bumped standards version to 3.9.6. Checksums-Sha1: 31af22545a4301a9eb381fec6b2e55b1d2365de0 2008 libpng_1.2.54-1.dsc 87bc40e28d51bb9c7e386d9aaefa04178cb5db86 571448 libpng_1.2.54.orig.tar.xz d381cb587fee0c0cd9952f2aea84035387d04573 17220 libpng_1.2.54-1.debian.tar.xz 4fc462479710da6a63701438ee25116c70fcd2a4 62262 libpng12-0-udeb_1.2.54-1_amd64.udeb 249e0353c69f635b644663c00fb19a508b6c708b 171642 libpng12-0_1.2.54-1_amd64.deb 17a6fc7f9faadde7d8f3b4e41aa57a13703264e5 244290 libpng12-dev_1.2.54-1_amd64.deb 0066885ec6008f1f467d35985953c1865d478ceb 974 libpng3_1.2.54-1_amd64.deb Checksums-Sha256: 9328ae94c32bb2c6240163e0fd9db922bf0058e13a96d12fe73e86c567ddc5ec 2008 libpng_1.2.54-1.dsc cf85516482780f2bc2c5b5073902f12b1519019d47bf473326c2018bdff1d272 571448 libpng_1.2.54.orig.tar.xz c9fc1eff18386f984c3abdbdabe4dd0f5b33a766c4f5e2c00d9a0bb3c640091a 17220 libpng_1.2.54-1.debian.tar.xz e1806fb533d0b50d4fd902fd262c6d97b5fd9af3b3430ad0008d7e23ea95628d 62262 libpng12-0-udeb_1.2.54-1_amd64.udeb 929f72a4fb49bb53ccc3caee26edb8e97671e8e9a20df0e0828587f6eeaf072b 171642 libpng12-0_1.2.54-1_amd64.deb 13b5b1b1094b610162d8df7eac67bfe8a27f1aca014d96bdbad52126e693b0e7 244290 libpng12-dev_1.2.54-1_amd64.deb 90e45933111beb654c84c2c7000297bcc9c09a7f279f7db8a0988a932342c15c 974 libpng3_1.2.54-1_amd64.deb Files: bb526baf461251fdf4fb32c5861c6ef5 2008 libs optional libpng_1.2.54-1.dsc bbb7a7264f1c7d9c444fd16bf6f89832 571448 libs optional libpng_1.2.54.orig.tar.xz aad30ef16ed222c463c28e4f66927f11 17220 libs optional libpng_1.2.54-1.debian.tar.xz a8f84f4629bf910b33fc8e69f88fafd5 62262 debian-installer extra libpng12-0-udeb_1.2.54-1_amd64.udeb f36f8eaa97c9f8f8a0d6552babde6431 171642 libs optional libpng12-0_1.2.54-1_amd64.deb 828a973959be61c60ed3ba0de4a7ab70 244290 libdevel optional libpng12-dev_1.2.54-1_amd64.deb 5362826f1e7e76765c135788e8e88eb7 974 oldlibs optional libpng3_1.2.54-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWTLjaAAoJEDIkf7tArR+mA64QAII3ZYDvceh3N7PJgt/AA/sA Ntj14rfj1q8V/BQo+KR4EWosNjlWdxVyOeGeofOg0W0QyVnDef6z1PVBR6STMT7u tu9ejiGXQvWOPz5jlYTQDZ70sdY+lNwM7CVLVZpX631L4cBkkIlQ9I9peXIzfkQ4 X9GKd2RLTGIGqDBbqf5Riva3tgGqOr3eKt1v/cHpx91bcR62ZKXC750JHKMXAr5N zAKuiugyFd5Iavp7uHUcXxrnZ0/iuOTxR8oqLc8DpCDVI8Wx76TrvZ+4AJG86Qkw 6noJUsbuSSPrzXbkl+IEdH3sr2hfXGOxPdpy1HjEF5VveOpEcyafIid6y/UTf5l1 uoBKcmK4bYBMCct3c+gaS94S+UWQu5dJ9d8oDq2o4R3uQVGCXBCnteYUVeaviZQ+ +6rzBcUAq3STI7VqQ2pxNrNwxBPoQV/hXWi0umFUpk81A8ffDhjmJU0FRDB62qf7 BKdbHxpOPn7z/1U9vOc51wz7erm331lOLKV3FoJh280A64Hky/niF6E6lyT0Ld4R gN5kgFSORfZYqnbaIiIySlovcE0VyHNhgkGKLI2ubkzWHkru9Bdtp+g00JJZXeVq R98BkAQZAi/zVUjACAGdq516D3fA8NYIbKdbHxPM+AF6cwFSzGioW2tJyr9zjRN9 sASAwklpMa5HadLn88sz =OIAX -----END PGP SIGNATURE-----
--- End Message ---
