[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#535909: marked as done (camlimages: CVE-2009-2295 several integer overflows)

Your message dated Mon, 10 Aug 2009 19:57:57 +0000
with message-id <E1Mab0H-0006Yv-JJ@ries.debian.org>
and subject line Bug#535909: fixed in camlimages 1:2.2.0-4+lenny1
has caused the Debian Bug report #535909,
regarding camlimages: CVE-2009-2295 several integer overflows
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
535909: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535909
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
package: camlimages
version: 2.20-8
severity: serious
tags: security

hello,

camlimages is vulnerable to several integer overflows [1].  this has
not yet been fixed upstream, but has been addressed by redhat [2].

[1] http://www.ocert.org/advisories/ocert-2009-009.html
[2] https://bugzilla.redhat.com/show_bug.cgi?id=509531

--- End Message ---
--- Begin Message --- 
Source: camlimages
Source-Version: 1:2.2.0-4+lenny1

We believe that the bug you reported is fixed in the latest version of
camlimages, which is due to be installed in the Debian FTP archive:

camlimages_2.2.0-4+lenny1.diff.gz
  to pool/main/c/camlimages/camlimages_2.2.0-4+lenny1.diff.gz
camlimages_2.2.0-4+lenny1.dsc
  to pool/main/c/camlimages/camlimages_2.2.0-4+lenny1.dsc
libcamlimages-ocaml-dev_2.2.0-4+lenny1_i386.deb
  to pool/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_i386.deb
libcamlimages-ocaml-doc_2.2.0-4+lenny1_all.deb
  to pool/main/c/camlimages/libcamlimages-ocaml-doc_2.2.0-4+lenny1_all.deb
libcamlimages-ocaml_2.2.0-4+lenny1_i386.deb
  to pool/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 535909@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Stefano Zacchiroli <zack@debian.org> (supplier of updated camlimages package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 07 Jul 2009 14:30:01 +0200
Source: camlimages
Binary: libcamlimages-ocaml libcamlimages-ocaml-dev libcamlimages-ocaml-doc
Architecture: source all i386
Version: 1:2.2.0-4+lenny1
Distribution: stable-security
Urgency: high
Maintainer: Debian OCaml Maintainers <debian-ocaml-maint@lists.debian.org>
Changed-By: Stefano Zacchiroli <zack@debian.org>
Description: 
 libcamlimages-ocaml - OCaml image processing library
 libcamlimages-ocaml-dev - OCaml image processing library
 libcamlimages-ocaml-doc - OCaml CamlImages library documentation
Closes: 535909
Changes: 
 camlimages (1:2.2.0-4+lenny1) stable-security; urgency=high
 .
   * Add patch fix_integer_overflows to fix integer overflow with PNG
     images boundaries (CVE-2009-2295) (Closes: #535909)
Checksums-Sha1: 
 6bd6bbaa272a3e6890f0c64d25265f2954864c07 1993 camlimages_2.2.0-4+lenny1.dsc
 bc0062739be5ca9236f28145f17f840bf3f295ee 1385525 camlimages_2.2.0.orig.tar.gz
 f41143fc40cb417a38acfc4afd616d2a29381de8 9707 camlimages_2.2.0-4+lenny1.diff.gz
 5a1cc7a4315ab4d1afdcf8a9128ff7c57e6960b4 601364 libcamlimages-ocaml-doc_2.2.0-4+lenny1_all.deb
 76cba92f9524071aecfce7a5c233af689170142f 27722 libcamlimages-ocaml_2.2.0-4+lenny1_i386.deb
 e313f2cd674c0a8aa406486010eb0b28bb21a1f9 953866 libcamlimages-ocaml-dev_2.2.0-4+lenny1_i386.deb
Checksums-Sha256: 
 06c5fc40717c8f1a2e3d62ae07fab1e3651a083df4238475f89d4a5bea461e51 1993 camlimages_2.2.0-4+lenny1.dsc
 9b8861d7b8c6752ad33ef2af5c486efa626b19ad9ea190641a736384629f1026 1385525 camlimages_2.2.0.orig.tar.gz
 9eb7b9d26dd77a3383cba8f2424c4f04bd13f9ec0cec244ed3f9c8ee314a18fc 9707 camlimages_2.2.0-4+lenny1.diff.gz
 9d18d4c3089e432966e29e2fa3e867c37ab2104c49492d83eeef4b9f4806bb78 601364 libcamlimages-ocaml-doc_2.2.0-4+lenny1_all.deb
 f314a5e4fe3914ed32e272c8f044f605e3e1d6c6b937be029848cf748c19e8ad 27722 libcamlimages-ocaml_2.2.0-4+lenny1_i386.deb
 ab9bc5c482e7436c0192586e88d07c5ee97a1c85ba0efb200de8293234713e25 953866 libcamlimages-ocaml-dev_2.2.0-4+lenny1_i386.deb
Files: 
 06d190174afce7dbe2d337bf3577c0a8 1993 devel optional camlimages_2.2.0-4+lenny1.dsc
 d933eb58c7983f70b1a000fa01893aa4 1385525 devel optional camlimages_2.2.0.orig.tar.gz
 3c88dc5e8528e685876485d310edf1c4 9707 devel optional camlimages_2.2.0-4+lenny1.diff.gz
 577c511958087e582e893a4f174fa31c 601364 doc optional libcamlimages-ocaml-doc_2.2.0-4+lenny1_all.deb
 dbda0c3362977d516c9b9799a052f330 27722 libs optional libcamlimages-ocaml_2.2.0-4+lenny1_i386.deb
 eebdf69c111869e266fe0d273ffc2f21 953866 libdevel optional libcamlimages-ocaml-dev_2.2.0-4+lenny1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJKWKVJAAoJECIIoQCMVaAcfjgH/jL+Gq3PFVk7MjVHV0P5CNgY
wzKJSkApjcUSIe+ODP8Q47zC0Z9YKG1pTt1p6wP6d6ppZy96IL50MAfE1c0CZpSP
yqIRnemWZeuDouFdjVCtnxHbyFFCQ9NdPgSabUiUxqsCrM8c4qX5rwrPMGpvabR0
En/8lCSxn3x/CzsdYC56KjWTqW3jiJczDQ7KTX7bCO8dRzMpdWV8tnBvFOOUMlkX
e4TQPPIsnUggNd3YSfPpWvT8G5pP3DZqfwpzlcJYlyyop9MGJCuo4C5GV7zoVCja
GZIEuGecTPM3Yp5OsEwSgQq7OM39Rm5I/Lsc+r3Q6nZ11oyoec3mBA2CwXSe+Xw=
=/lAY
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: