Bug#898407: marked as done (flif: CVE-2018-10972)

Mon, 05 Aug 2019 22:09:53 -0700 

Your message dated Tue, 6 Aug 2019 07:06:57 +0200
with message-id <227ae243-9c22-6af2-8db3-bfa35489e...@debian.org>
and subject line Removed package(s) from experimental
has caused the Debian Bug report #898407,
regarding flif: CVE-2018-10972
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
898407: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898407
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: flif
Version: 0.3-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/FLIF-hub/FLIF/issues/503

Hi,

The following vulnerability was published for flif.

CVE-2018-10972[0]:
| An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The
| TransformPaletteC::process function in transform/palette_C.hpp allows
| remote attackers to cause a denial of service (heap-based buffer
| overflow) or possibly have unspecified other impact via a crafted file.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-10972
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10972
[1] https://github.com/FLIF-hub/FLIF/issues/503

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Version: 0.3-7+rm

Dear submitter,

as the package flif has just been removed from the Debian archive
experimental we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/933898

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)

--- End Message ---

Reply via email to