[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#540146: marked as done (CVE-2009-2660: Multiple integer overflows)

Your message dated Sat, 08 Aug 2009 09:32:31 +0000
with message-id <E1MZiHv-000756-3o@ries.debian.org>
and subject line Bug#540146: fixed in camlimages 1:3.0.1-3
has caused the Debian Bug report #540146,
regarding CVE-2009-2660: Multiple integer overflows
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
540146: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=540146
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: camlimages
Severity: grave
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for camlimages.

CVE-2009-2660[0]:
| Multiple integer overflows in CamlImages 2.2 might allow
| context-dependent attackers to execute arbitrary code via images
| containing large width and height values that trigger a heap-based
| buffer overflow, related to (1) crafted GIF files (gifread.c) and (2)
| crafted JPEG files (jpegread.c), a different vulnerability than
| CVE-2009-2295.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2660
    http://security-tracker.debian.net/tracker/CVE-2009-2660

Cheers,
Giuseppe.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkp6ggEACgkQNxpp46476ar1/gCfc/keILkLon57EJQMFCRtSlB4
NxQAn0yvAYKn3Cmg6YUGr1bX10Ju+wa/
=4KlA
-----END PGP SIGNATURE-----

--- End Message ---
--- Begin Message --- 
Source: camlimages
Source-Version: 1:3.0.1-3

We believe that the bug you reported is fixed in the latest version of
camlimages, which is due to be installed in the Debian FTP archive:

camlimages_3.0.1-3.diff.gz
  to pool/main/c/camlimages/camlimages_3.0.1-3.diff.gz
camlimages_3.0.1-3.dsc
  to pool/main/c/camlimages/camlimages_3.0.1-3.dsc
libcamlimages-ocaml-dev_3.0.1-3_amd64.deb
  to pool/main/c/camlimages/libcamlimages-ocaml-dev_3.0.1-3_amd64.deb
libcamlimages-ocaml-doc_3.0.1-3_all.deb
  to pool/main/c/camlimages/libcamlimages-ocaml-doc_3.0.1-3_all.deb
libcamlimages-ocaml_3.0.1-3_amd64.deb
  to pool/main/c/camlimages/libcamlimages-ocaml_3.0.1-3_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 540146@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sylvain Le Gall <gildor@debian.org> (supplier of updated camlimages package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 07 Aug 2009 23:56:55 +0200
Source: camlimages
Binary: libcamlimages-ocaml libcamlimages-ocaml-dev libcamlimages-ocaml-doc
Architecture: source all amd64
Version: 1:3.0.1-3
Distribution: unstable
Urgency: low
Maintainer: Debian OCaml Maintainers <debian-ocaml-maint@lists.debian.org>
Changed-By: Sylvain Le Gall <gildor@debian.org>
Description: 
 libcamlimages-ocaml - OCaml image processing library
 libcamlimages-ocaml-dev - OCaml image processing library
 libcamlimages-ocaml-doc - OCaml CamlImages library documentation
Closes: 540146
Changes: 
 camlimages (1:3.0.1-3) unstable; urgency=low
 .
   * Add a patch fix_more_integer_overflows to fix security issues,
    (Closes: 540146)
    Fixes: CVE-2009-2660
Checksums-Sha1: 
 7eee6a3482cbbaa9a1ebe6f234abea8d78ba25cf 1687 camlimages_3.0.1-3.dsc
 8bc0c961cc0f8e53bc403c22f48bbdc591b8434d 9999 camlimages_3.0.1-3.diff.gz
 af8e4f44a894025336e03c9f4a3b2b0dd375defb 683120 libcamlimages-ocaml-doc_3.0.1-3_all.deb
 67947cb0ca8dd694d0a221c54c095fc491e6ef49 27292 libcamlimages-ocaml_3.0.1-3_amd64.deb
 c8190a0e02fedc7f372310583402581b1fd17acd 394818 libcamlimages-ocaml-dev_3.0.1-3_amd64.deb
Checksums-Sha256: 
 eec2f2692ac568d0d2e7b38b39872415d413d262305ec13faa3fe2e95da67864 1687 camlimages_3.0.1-3.dsc
 9837c48934475350f3760cee26bb3c80731181b3ca6c47cba4b46ed25d7251b8 9999 camlimages_3.0.1-3.diff.gz
 4a03587b640d9adedcbb3058c673b032289aa60cdd1c7f1c9780e3d94e28343f 683120 libcamlimages-ocaml-doc_3.0.1-3_all.deb
 d542ebee12ca81e8a79690d2f45954df0f29d0027299d2247c7e338598429904 27292 libcamlimages-ocaml_3.0.1-3_amd64.deb
 4b95322647a2621aa73f63b2fa59cfc49110cecac4c0a0e0180ad23eef10c4bb 394818 libcamlimages-ocaml-dev_3.0.1-3_amd64.deb
Files: 
 46cf0bed0f99ca1119eb7eeb2f65ec9f 1687 devel optional camlimages_3.0.1-3.dsc
 2f76c7d4741e28a89949d5c112f94089 9999 devel optional camlimages_3.0.1-3.diff.gz
 e7f60df1c86df53b791c0879508a2dc5 683120 doc optional libcamlimages-ocaml-doc_3.0.1-3_all.deb
 04543ba0c33a5335da120ec7730b543f 27292 ocaml optional libcamlimages-ocaml_3.0.1-3_amd64.deb
 3e80203c15f7182ab266f9d3f7ab0801 394818 ocaml optional libcamlimages-ocaml-dev_3.0.1-3_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkp9OTQACgkQir2bofsN/pvh9gCglclQo5wk3sf8F9AR+JsufG4J
xYkAnjP2BFIcLo4frUAriX7FWRDiVHMz
=DEy7
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: