Bug#850497: marked as done (jbig2dec: CVE-2016-9601: Heap-buffer overflow due to Integer overflow in jbig2_image_new function)
Your message dated Mon, 23 Jan 2017 21:07:26 +0000
with message-id <E1cVlpm-0006QC-Ng@fasolo.debian.org>
and subject line Bug#850497: fixed in jbig2dec 0.13-4
has caused the Debian Bug report #850497,
regarding jbig2dec: CVE-2016-9601: Heap-buffer overflow due to Integer overflow in jbig2_image_new function
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact firstname.lastname@example.org
Debian Bug Tracking System
Contact email@example.com with problems
--- Begin Message ---
Tags: security upstream
the following vulnerability was published for jbig2dec.
NOTE: Actually not much has been published yet. There is an upstream
bugreport at , so I opening this bug in the Debian BTS to help
tracking the issue. There is a report, but it is restricted to the
developers yet. From a look at the trace and the current code some
issue might be present, but it is not really possible to say more yet
without having access to the report ... hope you as maintainers could
find more out from upstream. There is as well no patch referenced yet.
Heap-buffer overflow due to Integer overflow in jbig2_image_new function
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
Please adjust the affected versions in the BTS as needed, once more
--- End Message ---
--- Begin Message ---
- To: firstname.lastname@example.org
- Subject: Bug#850497: fixed in jbig2dec 0.13-4
- From: Jonas Smedegaard <email@example.com>
- Date: Mon, 23 Jan 2017 21:07:26 +0000
- Message-id: <E1cVlpm-0006QC-Ng@fasolo.debian.org>
We believe that the bug you reported is fixed in the latest version of
jbig2dec, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to firstname.lastname@example.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
Jonas Smedegaard <email@example.com> (supplier of updated jbig2dec package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing firstname.lastname@example.org)
-----BEGIN PGP SIGNED MESSAGE-----
Date: Mon, 23 Jan 2017 21:13:34 +0100
Binary: libjbig2dec0-dev libjbig2dec0 jbig2dec
Maintainer: Debian Printing Team <email@example.com>
Changed-By: Jonas Smedegaard <firstname.lastname@example.org>
jbig2dec - JBIG2 decoder library - tools
libjbig2dec0 - JBIG2 decoder library - shared libraries
libjbig2dec0-dev - JBIG2 decoder library - development files
jbig2dec (0.13-4) unstable; urgency=medium
* Add patches cherry-picked upstream to squash signed/unsigned
warnings and to fix warning for always-false unsigned < 0 tests.
Closes: Bug#850497. Thanks to Salvatore Bonaccorso.
* Modernize Vcs-Browser field: Use git subdir (not cgit).
* Stop override lintian for
package-needs-versioned-debhelper-build-depends: Fixed in lintian.
* Update copyright info: Extend coverage of Debian packaging.
2db0ccd11b95df2922fc89580610de291f02688d 2128 jbig2dec_0.13-4.dsc
970d576e73e5a0de0b19d78820b0febc5181b3dc 24772 jbig2dec_0.13-4.debian.tar.xz
0dcf037787d3f96b572ede3a72cb4e06503bbdcd48dd323d2a31eec13ce8e5c2 2128 jbig2dec_0.13-4.dsc
c4776c27e4633a7216e02ca6efcc19039ca757e8bd8fe0a7fbfdb07fa4c30d23 24772 jbig2dec_0.13-4.debian.tar.xz
6a67f43ba7787eff7f95d21fba9cba57 2128 libs optional jbig2dec_0.13-4.dsc
870247e545c46712a6de6257974d7eee 24772 libs optional jbig2dec_0.13-4.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
--- End Message ---