Bug#575741: marked as done (CVE-2010-0280: Array index error)

To: Moritz Muehlenhoff <jmm@debian.org>
Subject: Bug#575741: marked as done (CVE-2010-0280: Array index error)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sun, 10 Oct 2010 17:21:07 +0000
Message-id: <[🔎] handler.575741.D575741.128673104810361.ackdone@bugs.debian.org>
References: <E1P4zWY-00082k-PX@franck.debian.org> <20100328210449.32210.94647.reportbug@SD6-Casa.iuculano.it>

Your message dated Sun, 10 Oct 2010 17:17:26 +0000
with message-id <E1P4zWY-00082k-PX@franck.debian.org>
and subject line Bug#575741: fixed in lib3ds 1.3.0-5
has caused the Debian Bug report #575741,
regarding CVE-2010-0280: Array index error
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
575741: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575741
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2010-0280: Array index error
From: Giuseppe Iuculano <iuculano@debian.org>
Date: Sun, 28 Mar 2010 23:04:49 +0200
Message-id: <20100328210449.32210.94647.reportbug@SD6-Casa.iuculano.it>

Package: lib3ds
Severity: grave
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for lib3ds.

CVE-2010-0280[0]:
| Array index error in Jan Eric Kyprianidis lib3ds 1.x, as used in
| Google SketchUp 7.x before 7.1 M2, allows remote attackers to cause a
| denial of service (memory corruption) or possibly execute arbitrary
| code via crafted structures in a 3DS file, probably related to mesh.c.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0280
    http://security-tracker.debian.org/tracker/CVE-2010-0280


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkuvxHAACgkQNxpp46476apkxQCdG7o/h2LxuGqqXbWLl7a+1gmO
aQYAn0IayiOyvMi7MuGt2UbHA5ZS2fA/
=HYKo
-----END PGP SIGNATURE-----

--- End Message ---

--- Begin Message ---

To: 575741-close@bugs.debian.org
Subject: Bug#575741: fixed in lib3ds 1.3.0-5
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Sun, 10 Oct 2010 17:17:26 +0000
Message-id: <E1P4zWY-00082k-PX@franck.debian.org>

Source: lib3ds
Source-Version: 1.3.0-5

We believe that the bug you reported is fixed in the latest version of
lib3ds, which is due to be installed in the Debian FTP archive:

lib3ds-1-3_1.3.0-5_i386.deb
  to main/lib3/lib3ds/lib3ds-1-3_1.3.0-5_i386.deb
lib3ds-dev_1.3.0-5_i386.deb
  to main/lib3/lib3ds/lib3ds-dev_1.3.0-5_i386.deb
lib3ds_1.3.0-5.diff.gz
  to main/lib3/lib3ds/lib3ds_1.3.0-5.diff.gz
lib3ds_1.3.0-5.dsc
  to main/lib3/lib3ds/lib3ds_1.3.0-5.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 575741@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Moritz Muehlenhoff <jmm@debian.org> (supplier of updated lib3ds package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 10 Oct 2010 18:56:37 +0200
Source: lib3ds
Binary: lib3ds-1-3 lib3ds-dev
Architecture: source i386
Version: 1.3.0-5
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Moritz Muehlenhoff <jmm@debian.org>
Description: 
 lib3ds-1-3 - Autodesk 3D Studio file reader C library
 lib3ds-dev - Autodesk 3D Studio file reader development files
Closes: 575741
Changes: 
 lib3ds (1.3.0-5) unstable; urgency=medium
 .
   * QA upload.
   * Fix CVE-2010-0280, patch by Ralf Corsepius. (Closes: #575741)
Checksums-Sha1: 
 56073b25bc20011b80a7fd47cc72f5f6f262c5ab 1050 lib3ds_1.3.0-5.dsc
 e6dffffec56a5d1f693c173546831f69295a5faa 249510 lib3ds_1.3.0-5.diff.gz
 d0fbf9da3c10ac3ff3ab3116a5ef3ed8be3f8b99 54744 lib3ds-1-3_1.3.0-5_i386.deb
 e694b732a11ceb67407fbc9c93fcfd0bc0d67b31 82688 lib3ds-dev_1.3.0-5_i386.deb
Checksums-Sha256: 
 c6724c1a893a2bc748687671e09a4f7a5cbdbb590328547c6d4b388c4c2971b7 1050 lib3ds_1.3.0-5.dsc
 219bdefd874419b833ff524c2eaa821bd7e8f50dd23e1821664c658458a77999 249510 lib3ds_1.3.0-5.diff.gz
 39bf8ecc1d2af58800a2a13a37fb0d2bd799f39abdda3e51de3bdc09029d4cd4 54744 lib3ds-1-3_1.3.0-5_i386.deb
 f5c0aed95cc9f11db89e7019bb5441b6b2754f674bad946f6a5bf51099a1c273 82688 lib3ds-dev_1.3.0-5_i386.deb
Files: 
 4db49d7667ba859e5a77fb460c5f82b8 1050 libs optional lib3ds_1.3.0-5.dsc
 5483063718584d1e7aef3c942c0bceae 249510 libs optional lib3ds_1.3.0-5.diff.gz
 fe5aaa377b7a5cd228570531639ea2c4 54744 libs optional lib3ds-1-3_1.3.0-5_i386.deb
 f85c1b51775c50c4b9aa7c221910c768 82688 libdevel optional lib3ds-dev_1.3.0-5_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkyx8TIACgkQXm3vHE4uylpVjgCg28L1xawS18U1QNAR7Lj17vqG
qkoAoLuvqFkRAk1/c3tKk7ypig/2nE8A
=a0bj
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Processing of lib3ds_1.3.0-5_i386.changes
Next by Date: lib3ds_1.3.0-5_i386.changes ACCEPTED into unstable
Previous by thread: Processing of lib3ds_1.3.0-5_i386.changes
Next by thread: lib3ds_1.3.0-5_i386.changes ACCEPTED into unstable
Index(es):
- Date
- Thread