Your message dated Mon, 18 Apr 2016 19:53:44 +0000
with message-id <[email protected]>
and subject line Bug#818882: fixed in ufraw 0.20-4
has caused the Debian Bug report #818882,
regarding CVE-2015-8366
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
818882: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818882
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: ufraw
Severity: grave
Tags: security
CVE-2015-8366 in dcraw also affects ufraw. The dcraw upstream fix is
https://github.com/LibRaw/LibRaw/commit/89d065424f09b788f443734d44857289489ca9e2
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: ufraw
Source-Version: 0.20-4
We believe that the bug you reported is fixed in the latest version of
ufraw, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hubert Chathi <[email protected]> (supplier of updated ufraw package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 18 Apr 2016 10:49:31 -0400
Source: ufraw
Binary: ufraw ufraw-batch gimp-ufraw
Architecture: source amd64
Version: 0.20-4
Distribution: unstable
Urgency: high
Maintainer: Hubert Chathi <[email protected]>
Changed-By: Hubert Chathi <[email protected]>
Description:
gimp-ufraw - gimp importer for raw camera images
ufraw - standalone importer for raw camera images
ufraw-batch - batch importer for raw camera images
Closes: 818882
Changes:
ufraw (0.20-4) unstable; urgency=high
.
* dcraw.cc: Apply fix from
https://github.com/LibRaw/LibRaw/commit/89d065424f09b788f443734d44857289489ca9e2
to prevent buffer overflow in smal_decode_segment (Closes: #818882,
CVE-2015-8366)
Checksums-Sha1:
235ab0d88f1d4d2f37601d89d25d886f02b0d93f 1903 ufraw_0.20-4.dsc
66f77b9c1c16305653d480a017e7a569c198a2c4 9107 ufraw_0.20-4.diff.gz
Checksums-Sha256:
b4fd77016610594925619219dcbdf07789fedde5879adf71a88f7a8e22935c62 1903
ufraw_0.20-4.dsc
e30b61cd3e4dd3d8b48abaed7432f851e32628f631b7695b81db116502457ad6 9107
ufraw_0.20-4.diff.gz
Files:
4d000bd0755b19b27a2f6c54b8134436 1903 graphics optional ufraw_0.20-4.dsc
3a2b339351336aa26eef0cf9a2c45b59 9107 graphics optional ufraw_0.20-4.diff.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJXFTYyAAoJEJFk+h0XvV02XzoP/RFUk1h8Aql/qQszmD3dN+7H
LJ2iNiv/O/3GjpgezIZ+6uaJIaJchCuPTL2C8yJQYz2Bj1C0hYs5FYx3qpoHLsRM
bMZwt6/ZBNNrCqgteUR1PXIwDBiRFd9L/x+E1WyidSjlPq7bgx4i3FIw41xNfof/
7dVErYyLTtSNaOE+uPQEsBYTAosSWLZsShn9FKEtXj/NgYo3TrKnY1tsFgNcRStQ
tZPE9N/W9ylw+xjpjVoA9wAARYKbpGmBUm7ICpaHgSQcvM6eiEd/nQl4X3asySRx
GuqOiq/gwEYJ4+HDjFCLBjT7dXsTwp23bOXmW+TUmWmlrdXnHmm0gNaX5igui90Z
34COvyau8ODfoWEYiSaPaNA60y1wwAA4/nOJNU3pp44Irlb+iAeZEZ/Gy59KAmFp
Z8piPRpTiq/DPUdnZuIHkzKnf4ozu08aAZ+EoizDe2Bt0Hlmhj8z+71+iqvta9Sf
lTMa//yZd4YedC/Gm6kGC8/31o8/27OSguKRvYF4Epn3z0kWPlrdX3Ld0emGFaDa
nccTxbo0mG0NEcDVcWDCa5iUc+PpGDbeTetCRnRzNj7LctdYxdNNtZrjgQnyt07Y
aMVG4vcYAm2xYBfJAmfYFhZu/FFQ2J0bel8FfavaNUCpHhGJ5rHUl9O8/r1DjMUP
8u9PIyH6S7L4ZSuYu82K
=hUW2
-----END PGP SIGNATURE-----
--- End Message ---
