Bug#858491: marked as done (gdk-pixbuf: CVE-2017-6311: crash in gdk-pixbuf-thumbnailer)

Debian Bug Tracking System Tue, 19 Sep 2017 16:33:54 -0700

Your message dated Tue, 19 Sep 2017 19:28:43 -0400
with message-id 
<caaajcmbirhv2j0gbovqshwx52bweswz1klsm8n3yjaibwik...@mail.gmail.com>
and subject line Re: gdk-pixbuf: CVE-2017-6311: crash in gdk-pixbuf-thumbnailer
has caused the Debian Bug report #858491,
regarding gdk-pixbuf: CVE-2017-6311: crash in gdk-pixbuf-thumbnailer
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
858491: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858491
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: libgdk-pixbuf2.0-bin
Severity: serious
Version: 2.36.5-3
Tags: security upstream
Forwarded: https://bugzilla.gnome.org/show_bug.cgi?id=778204

gnome-desktop3 3.24 dropped its thumbnailer code to use gdk-pixbuf's.
Therefore, the Debian GNOME team is introducing gdk-pixbuf's
thumbnailer into Debian after stretch.

The following vulnerability was published for gdk-pixbuf.

CVE-2017-6311[0]:

gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent
attackers to cause a denial of service (NULL pointer dereference and
application crash) via vectors related to printing an error message.

There is no patch upstream yet.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-6311
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6311

I am setting this bug severity to serious so that we won't
accidentally have this migrate to testing until someone looks into
this more.

Thank you,
Jeremy Bicha

--- End Message ---

--- Begin Message ---
Version: 2.36.10-1

This was fixed in upstream 2.36.8.

Thanks,
Jeremy Bicha
--- End Message ---

Bug#858491: marked as done (gdk-pixbuf: CVE-2017-6311: crash in gdk-pixbuf-thumbnailer)

Reply via email to