Your message dated Wed, 15 Jan 2025 13:49:08 +0000
with message-id <e1ty3lc-008ibo...@fasolo.debian.org>
and subject line Bug#1068153: fixed in cimg 3.5.0+dfsg-1
has caused the Debian Bug report #1068153,
regarding cimg: CVE-2024-26540
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1068153: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068153
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: cimg
Version: 3.2.1+dfsg-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/GreycLab/CImg/issues/403
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for cimg.
CVE-2024-26540[0]:
| A heap-based buffer overflow in Clmg before 3.3.3 can occur via a
| crafted file to cimg_library::CImg<unsigned char>::_load_analyze.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-26540
https://www.cve.org/CVERecord?id=CVE-2024-26540
[1] https://github.com/GreycLab/CImg/issues/403
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: cimg
Source-Version: 3.5.0+dfsg-1
Done: Loren M. Lang <lor...@north-winds.org>
We believe that the bug you reported is fixed in the latest version of
cimg, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1068...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Loren M. Lang <lor...@north-winds.org> (supplier of updated cimg package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 14 Jan 2025 23:12:03 -0800
Source: cimg
Architecture: source
Version: 3.5.0+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Science Maintainers
<debian-science-maintain...@lists.alioth.debian.org>
Changed-By: Loren M. Lang <lor...@north-winds.org>
Closes: 1068153
Changes:
cimg (3.5.0+dfsg-1) unstable; urgency=medium
.
* Team upload.
* New upstream version 3.5.0+dfsg (Closes: #1068153)
* Split up the two CeCILL licenses in debian/copyright
* Added copyright and license details for plugins/inpaint.h
Checksums-Sha1:
11419625a4bf2899389e5591361929bd25d45bbd 2617 cimg_3.5.0+dfsg-1.dsc
badffef4fec7410df485775677b2393e62a28e04 10676216 cimg_3.5.0+dfsg.orig.tar.xz
766c1d8fb474ce9298506d1a06f56d1d89f517ef 20720 cimg_3.5.0+dfsg-1.debian.tar.xz
eb3f49b3b83a01992e31b09abfe6225e9363db4f 23560
cimg_3.5.0+dfsg-1_amd64.buildinfo
Checksums-Sha256:
ea923c0a083b4c72be283059e4909aa234004eea60dd3b08ff8f2f7d0165f355 2617
cimg_3.5.0+dfsg-1.dsc
848a9595d99ecc49fac2e9d621f83d25a930629956d977cca405e2a0623eaeff 10676216
cimg_3.5.0+dfsg.orig.tar.xz
12f78b88c2c37ec493edaaa37646cd0bb9cdd6b6b99bde79d8b1aadf04baabc6 20720
cimg_3.5.0+dfsg-1.debian.tar.xz
c00c01050f3b25b702dee184c7256b16dd3a96cc59fa7802ab6379ebaa6bdbaa 23560
cimg_3.5.0+dfsg-1_amd64.buildinfo
Files:
bb24881c59d2455373a69b25ebfa6e49 2617 math optional cimg_3.5.0+dfsg-1.dsc
8c0e64b6bd3d3f4216e06896f7e8aeee 10676216 math optional
cimg_3.5.0+dfsg.orig.tar.xz
fb13fc924a6fecd093e0f1de2ea01234 20720 math optional
cimg_3.5.0+dfsg-1.debian.tar.xz
a2949dcafd346dbe7a9e775e0ff411c6 23560 math optional
cimg_3.5.0+dfsg-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEE8fAHMgoDVUHwpmPKV4oElNHGRtEFAmeHuWcRHHRpbGxlQGRl
Ymlhbi5vcmcACgkQV4oElNHGRtHL8A/9HvNlFwYYHhq4PLKUYHzzrDqsxSez7hUk
YCML7XYlv9LUIEt9aGJZnOulpooa8SUDg6CtbaiJhedZ8R3A/QRfGgCM1htGQhFo
GRkWvqeVEdpXc/NI1WfPiRpTHz9uP66OJj/z1H3Dw5Ne9d6+BcxauJp0UflIZqse
3CwUZANGhVpC8afEpe48swh8cLLLJG6c48iHH+o3ou7O8Thur34wk4DLiMKeusUk
SaimXKdjS1gqIl8M6ICrv8JHBgD2Ykln1CXt1ShRHj+xn5zX+V4MTp0DLycKFzMi
0l+eHx6enH8ccH0STB+IS66QaB8bApxeUyypfDR8/6ECnKW9vZfARRNFCtJsTeW0
rwdwTq3GbuPSf9Lo1sgpeL41hvj/gPC/QOhaDa21l3EAWiut9QZYR9XEIZqf+MuE
MmGsrV1aRUsxn48ZdiI1WWq3tZNtF3OinIY49dz63Qt5B+fnkBY37ASaKIOgpygg
81vUVmin5Pr+j9EdEKCHC0jJVWTbwJ9OuQaNGSE3B3vn0Qtwjp5P3ZFuoiS//NAm
VGyHIXQkKIWwzkTPER7+ValwwA+7veZzFH7iz05On/LnhlKJqC8OvRf+lrqz4Zbh
spqtnD3oKXhPHcCoFpjsOCPXUZGLqF3C+w0p/3/rX+gs6HcpZtDg5LD/KVp5/exr
ya47iX5FNgA=
=K3qv
-----END PGP SIGNATURE-----
pgpciTwHIUoEZ.pgp
Description: PGP signature
--- End Message ---
--
debian-science-maintainers mailing list
debian-science-maintainers@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
