Bug#535909: marked as done (camlimages: CVE-2009-2295 several integer overflows)

To: Stefano Zacchiroli <zack@debian.org>
Subject: Bug#535909: marked as done (camlimages: CVE-2009-2295 several integer overflows)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sun, 30 Aug 2009 02:30:03 +0000
Message-id: <[🔎] handler.535909.D535909.12515990736014.ackdone@bugs.debian.org>
References: <E1MhZd1-0002TD-Qh@ries.debian.org> <20090705193851.87faf38f.michael.s.gilbert@gmail.com>

Your message dated Sun, 30 Aug 2009 01:54:47 +0000
with message-id <E1MhZd1-0002TD-Qh@ries.debian.org>
and subject line Bug#535909: fixed in camlimages 2.20-8+etch1
has caused the Debian Bug report #535909,
regarding camlimages: CVE-2009-2295 several integer overflows
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
535909: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535909
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: submit@bugs.debian.org

Subject: camlimages: CVE-2009-2295 several integer overflows

From: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>

Date: Sun, 5 Jul 2009 19:38:51 -0400

Message-id: <20090705193851.87faf38f.michael.s.gilbert@gmail.com>
package: camlimages
version: 2.20-8
severity: serious
tags: security

hello,

camlimages is vulnerable to several integer overflows [1].  this has
not yet been fixed upstream, but has been addressed by redhat [2].

[1] http://www.ocert.org/advisories/ocert-2009-009.html
[2] https://bugzilla.redhat.com/show_bug.cgi?id=509531
--- End Message ---

--- Begin Message ---

To: 535909-close@bugs.debian.org
Subject: Bug#535909: fixed in camlimages 2.20-8+etch1
From: Stefano Zacchiroli <zack@debian.org>
Date: Sun, 30 Aug 2009 01:54:47 +0000
Message-id: <E1MhZd1-0002TD-Qh@ries.debian.org>

Source: camlimages
Source-Version: 2.20-8+etch1

We believe that the bug you reported is fixed in the latest version of
camlimages, which is due to be installed in the Debian FTP archive:

camlimages_2.20-8+etch1.diff.gz
  to pool/main/c/camlimages/camlimages_2.20-8+etch1.diff.gz
camlimages_2.20-8+etch1.dsc
  to pool/main/c/camlimages/camlimages_2.20-8+etch1.dsc
libcamlimages-ocaml-dev_2.20-8+etch1_i386.deb
  to pool/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_i386.deb
libcamlimages-ocaml-doc_2.20-8+etch1_all.deb
  to pool/main/c/camlimages/libcamlimages-ocaml-doc_2.20-8+etch1_all.deb
libcamlimages-ocaml_2.20-8+etch1_i386.deb
  to pool/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 535909@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Stefano Zacchiroli <zack@debian.org> (supplier of updated camlimages package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 07 Jul 2009 13:51:06 +0200
Source: camlimages
Binary: libcamlimages-ocaml libcamlimages-ocaml-doc libcamlimages-ocaml-dev
Architecture: source i386 all
Version: 2.20-8+etch1
Distribution: oldstable-security
Urgency: low
Maintainer: Debian OCaml Maintainers <debian-ocaml-maint@lists.debian.org>
Changed-By: Stefano Zacchiroli <zack@debian.org>
Description: 
 libcamlimages-ocaml - OCaml image processing library
 libcamlimages-ocaml-dev - OCaml image processing library
 libcamlimages-ocaml-doc - OCaml CamlImages library documentation
Closes: 535909
Changes: 
 camlimages (2.20-8+etch1) oldstable-security; urgency=low
 .
   * Add patch fix_integer_overflows to fix integer overflow with PNG
     images boundaries (CVE-2009-2295) (Closes: #535909)
Files: 
 0407fcb4b885258c0b81e979e03df7c4 1196 devel optional camlimages_2.20-8+etch1.dsc
 d933eb58c7983f70b1a000fa01893aa4 1385525 devel optional camlimages_2.20.orig.tar.gz
 1616ade3176c67bc862f7672d4c056dd 8737 devel optional camlimages_2.20-8+etch1.diff.gz
 578f54fe1370704e0bc80dfdf8a20049 599282 doc optional libcamlimages-ocaml-doc_2.20-8+etch1_all.deb
 480002667928107c5a379008abcb6710 24224 libs optional libcamlimages-ocaml_2.20-8+etch1_i386.deb
 483bf540a811aa854565ec26f0812de0 772576 libdevel optional libcamlimages-ocaml-dev_2.20-8+etch1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJKWLHuAAoJECIIoQCMVaAcJ6kH/i6y8nbJLtUddB6CrS3TrA9T
FnZELQakh9jlPWNCFqg+sT1gyk7kmi2hk1IpVeb91aHcchsUEtbUDWeIGui+xzoR
oVEiv+EubopBbzTwNr/NG0a64cItHlLJpn4SZcxacVFwiMSIpQIlrX+EX0eQ4JGD
yDuiybKEBhk5S97oA87O0zu41h2GcVRCQFxjeAERucdOj+7HfXDKaXQ3f5JjiJoQ
EBkTSy2OINj++ET5i2AJ7c5/70ncuNxwHch0AWBT0jwkE1DJjy057DOx8z/boMRi
WGZ1F0Ob0HUuKrW6+0BiCM86TxWPmhOi7yuAt7pbqpbSMifMAJXtqfn3Gt6NW7I=
=GqKH
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: camlimages_2.20-8+etch1_i386.changes ACCEPTED
Next by Date: janest-core_0.5.3-1_amd64.changes ACCEPTED
Previous by thread: Bug#535909: marked as done (camlimages: CVE-2009-2295 several integer overflows)
Next by thread: camlimages_3.0.1-3_amd64.changes ACCEPTED
Index(es):
- Date
- Thread