Your message dated Sat, 23 Sep 2017 11:33:15 +0000
with message-id <[email protected]>
and subject line Bug#874552: fixed in gdk-pixbuf 2.31.1-2+deb8u6
has caused the Debian Bug report #874552,
regarding gdk-pixbuf: CVE-2017-2862: JPEG gdk_pixbuf__jpeg_image_load_increment 
Code Execution Vulnerability
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
874552: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874552
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: gdk-pixbuf
Version: 2.36.5-1
Severity: grave
Tags: upstream patch security
Forwarded: https://bugzilla.gnome.org/show_bug.cgi?id=784866

Hi,

the following vulnerability was published for gdk-pixbuf.

CVE-2017-2862[0]:
| An exploitable heap overflow vulnerability exists in the
| gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf
| 2.36.6. A specially crafted jpeg file can cause a heap overflow
| resulting in remote code execution. An attacker can send a file or url
| to trigger this vulnerability.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-2862
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2862
[1] https://bugzilla.gnome.org/show_bug.cgi?id=784866

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: gdk-pixbuf
Source-Version: 2.31.1-2+deb8u6

We believe that the bug you reported is fixed in the latest version of
gdk-pixbuf, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Moritz Muehlenhoff <jmm@hullmann> (supplier of updated gdk-pixbuf package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 15 Sep 2017 18:57:50 +0200
Source: gdk-pixbuf
Binary: libgdk-pixbuf2.0-0 libgdk-pixbuf2.0-0-dbg libgdk-pixbuf2.0-common 
libgdk-pixbuf2.0-dev libgdk-pixbuf2.0-doc libgdk-pixbuf2.0-0-udeb 
gir1.2-gdkpixbuf-2.0
Architecture: source all amd64
Version: 2.31.1-2+deb8u6
Distribution: jessie-security
Urgency: medium
Maintainer: Debian GNOME Maintainers 
<[email protected]>
Changed-By: Moritz Muehlenhoff <jmm@hullmann>
Description:
 gir1.2-gdkpixbuf-2.0 - GDK Pixbuf library - GObject-Introspection
 libgdk-pixbuf2.0-0 - GDK Pixbuf library
 libgdk-pixbuf2.0-0-dbg - GDK Pixbuf library - debug symbols
 libgdk-pixbuf2.0-0-udeb - GDK Pixbuf library - minimal runtime (udeb)
 libgdk-pixbuf2.0-common - GDK Pixbuf library - data files
 libgdk-pixbuf2.0-dev - GDK Pixbuf library (development files)
 libgdk-pixbuf2.0-doc - GDK Pixbuf library (documentation)
Closes: 874552
Changes:
 gdk-pixbuf (2.31.1-2+deb8u6) jessie-security; urgency=medium
 .
   * CVE-2017-2862 (Closes: #874552)
Checksums-Sha1:
 c01dc1fe82c84a4a247f2d87ad2d6544c099458d 2916 gdk-pixbuf_2.31.1-2+deb8u6.dsc
 dfdaaff0189d90a1f70888887ce7283d45a9c5ad 18820 
gdk-pixbuf_2.31.1-2+deb8u6.debian.tar.xz
 46effa1866f7c184e4032e60da49a0844bc6ec4d 294066 
libgdk-pixbuf2.0-common_2.31.1-2+deb8u6_all.deb
 89775fed366e24c561ef26e4bdc1f541678f409d 177558 
libgdk-pixbuf2.0-doc_2.31.1-2+deb8u6_all.deb
 e73c617f87f74785647776b2804ccdb9bd2e827a 167134 
libgdk-pixbuf2.0-0_2.31.1-2+deb8u6_amd64.deb
 9637269fe9185858c8ac4cb8747f698f1ecd0fe4 431734 
libgdk-pixbuf2.0-0-dbg_2.31.1-2+deb8u6_amd64.deb
 9360699e2940daa172cbeccfdc5df5e9fd6ce457 52824 
libgdk-pixbuf2.0-dev_2.31.1-2+deb8u6_amd64.deb
 dd6c405482c9f0798f50a99fa2d96064828de380 372618 
libgdk-pixbuf2.0-0-udeb_2.31.1-2+deb8u6_amd64.udeb
 2d717dc6f65fd3d134c8f5c48e810a7e4da0a332 16902 
gir1.2-gdkpixbuf-2.0_2.31.1-2+deb8u6_amd64.deb
Checksums-Sha256:
 8847edd7110cbdb23a98285176f8f2954746197f4d84476455b8e3353661ccf4 2916 
gdk-pixbuf_2.31.1-2+deb8u6.dsc
 08b58c4ba182eba172ce086f92cdb974844c1a09c759c1f2c73dca78313b746a 18820 
gdk-pixbuf_2.31.1-2+deb8u6.debian.tar.xz
 7288698ee5d88501aada98736822f440672f23549fbbacca1c04ba66dac4b286 294066 
libgdk-pixbuf2.0-common_2.31.1-2+deb8u6_all.deb
 90057dcab131ac42e55a8c54dec07f533f00892a62fbb4fa42138a7e60115af1 177558 
libgdk-pixbuf2.0-doc_2.31.1-2+deb8u6_all.deb
 a75cbe337cb96fddd51d124344abf562d71572d9e38c8577a6011ee58d028701 167134 
libgdk-pixbuf2.0-0_2.31.1-2+deb8u6_amd64.deb
 9f0b54a817e3ec2b837a199254e5b63d45f9b65f312ee74cfb4604a390c9d3de 431734 
libgdk-pixbuf2.0-0-dbg_2.31.1-2+deb8u6_amd64.deb
 07a96374ac8d76314a19e390e2eb3d0da79c0ca8990c2c9e2cd038ee95715181 52824 
libgdk-pixbuf2.0-dev_2.31.1-2+deb8u6_amd64.deb
 706d7aa27030a20af0be8c887a3a5a457588bed818557f503913a602b3df73c4 372618 
libgdk-pixbuf2.0-0-udeb_2.31.1-2+deb8u6_amd64.udeb
 9a752121d78b6d56e76689983acb5131a2fd61c165bc1e6b470db1d912c2fc9a 16902 
gir1.2-gdkpixbuf-2.0_2.31.1-2+deb8u6_amd64.deb
Files:
 3b34b0bffa8c1e0bfd53d1b04472df62 2916 libs optional 
gdk-pixbuf_2.31.1-2+deb8u6.dsc
 843a1c9345c88089f8682cb666fa81e3 18820 libs optional 
gdk-pixbuf_2.31.1-2+deb8u6.debian.tar.xz
 f01aad0e21f495c22253c4e79221cfe8 294066 libs optional 
libgdk-pixbuf2.0-common_2.31.1-2+deb8u6_all.deb
 8a6d43187b3e79241ec54e448b15738f 177558 doc optional 
libgdk-pixbuf2.0-doc_2.31.1-2+deb8u6_all.deb
 e88905fc36186f57337583e51df2af1d 167134 libs optional 
libgdk-pixbuf2.0-0_2.31.1-2+deb8u6_amd64.deb
 6187b472c113d1836c2360d79f88d426 431734 debug extra 
libgdk-pixbuf2.0-0-dbg_2.31.1-2+deb8u6_amd64.deb
 1da78b5905ece0620a85f83db04417c3 52824 libdevel optional 
libgdk-pixbuf2.0-dev_2.31.1-2+deb8u6_amd64.deb
 b4a00e6e4e27f37cd7b99b13b747d2b5 372618 debian-installer extra 
libgdk-pixbuf2.0-0-udeb_2.31.1-2+deb8u6_amd64.udeb
 14fa63b0f50c0a0353a19ba3ae376b76 16902 introspection optional 
gir1.2-gdkpixbuf-2.0_2.31.1-2+deb8u6_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlm8CRoACgkQEMKTtsN8
TjZALw/+KVZ+7UsgCl9K8mWsR5/K1eaBV3sANIryqpRi+wznBPSLP0LXqR9oMyZ7
QaoQx6kZZX0EVJ9XIsrvG98SrO0PsK1M/aJZrE5kP8O/RXAPuDg4T0PV6iLGasR7
KZR4q8n3Xh2DeeZnsJLRORYnARlcWN0GdbG27CACsBnrMjc9gyw/eTLMxHvXl+oG
IzUXamI6CTvkTJk8G3c7Sy+5y427xJsLWyGPBaXr51ga1G+wHYf8px34lNHhQP4r
EMT8P8/rm+tPkh4SV2miiAejNSB7Six/3V2y89kv6b+vNrNSnEdqkJOMBcuZHkIN
yLjPggOu/gi4XWYsWNmc1n78G3aiHN4/hdiRPqoklx3LvnxoubVaTxgo2keDeJmh
5gUhHRHMyu7PNxJ42sQxAnwY0YzWvr60Zq5UsWxb1gSL3nEIS9SziyLPCq1YyrgB
QgF4YhPCH3Y3buT7irgrYGbXfUfGFvtgZFpFgFe7SdjnRaLSoDKRY28ugFLfcKt3
tAJxgPKH1Bz8UW9Lo72Srm5Dii+kP7bp4fxbTBydKWRzeu6WL4TA3/QONQoGrnE9
rdkE26UvObLEJZIMsCHThcTH0gdXW0QnTU8o2scf2M1snEACnXKidy2g7PQs5xRz
1S1K4wAhpnnuNdbIlDV1HUUWj4EKUiBkPkS/Kt+yTw/A+q/Wtbs=
=6RM6
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to