Bug#924281: marked as done (Orphan libcaca)

To: Sebastian Ramacher <sramacher@debian.org>
Subject: Bug#924281: marked as done (Orphan libcaca)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sun, 12 Jun 2022 13:51:07 +0000
Message-id: <[🔎] handler.924281.D924281.165504181816966.ackdone@bugs.debian.org>
Reply-to: 924281@bugs.debian.org
References: <E1o0Nyn-0009ua-KA@fasolo.debian.org> <154618452439.20892.11613074125322613817.reportbug@eldamar.local>

Your message dated Sun, 12 Jun 2022 13:50:13 +0000
with message-id <E1o0Nyn-0009ua-KA@fasolo.debian.org>
and subject line Bug#924281: fixed in libcaca 0.99.beta20-2
has caused the Debian Bug report #924281,
regarding Orphan libcaca
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
924281: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924281
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libcaca: CVE-2018-20544 CVE-2018-20545 CVE-2018-20546 CVE-2018-20547 CVE-2018-20548 CVE-2018-20549
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sun, 30 Dec 2018 16:42:04 +0100
Message-id: <154618452439.20892.11613074125322613817.reportbug@eldamar.local>

Source: libcaca
Version: 0.99.beta19-2
Severity: important
Tags: security upstream fixed-upstream

Hi,

The following vulnerabilities were published for libcaca.

CVE-2018-20544[0]:
| There is floating point exception at caca/dither.c (function
| caca_dither_bitmap) in libcaca 0.99.beta19.

CVE-2018-20545[1]:
| There is an illegal WRITE memory access at common-image.c (function
| load_image) in libcaca 0.99.beta19 for 4bpp data.

CVE-2018-20546[2]:
| There is an illegal READ memory access at caca/dither.c (function
| get_rgba_default) in libcaca 0.99.beta19 for the default bpp case.

CVE-2018-20547[3]:
| There is an illegal READ memory access at caca/dither.c (function
| get_rgba_default) in libcaca 0.99.beta19 for 24bpp data.

CVE-2018-20548[4]:
| There is an illegal WRITE memory access at common-image.c (function
| load_image) in libcaca 0.99.beta19 for 1bpp data.

CVE-2018-20549[5]:
| There is an illegal WRITE memory access at caca/file.c (function
| caca_file_read) in libcaca 0.99.beta19.

Note: obviously I realize given you are both upstream am Debian
maintainer you have already fixed this upstream with the reports
submitted and two of those issues are actually unimportant as the
Debian build does not use the fallback.

Reporting these issues still in the BTS for tracking purpose.

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-20544
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20544
[1] https://security-tracker.debian.org/tracker/CVE-2018-20545
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20545
[2] https://security-tracker.debian.org/tracker/CVE-2018-20546
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20546
[3] https://security-tracker.debian.org/tracker/CVE-2018-20547
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20547
[4] https://security-tracker.debian.org/tracker/CVE-2018-20548
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20548
[5] https://security-tracker.debian.org/tracker/CVE-2018-20549
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20549

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

To: 924281-close@bugs.debian.org
Subject: Bug#924281: fixed in libcaca 0.99.beta20-2
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Sun, 12 Jun 2022 13:50:13 +0000
Message-id: <E1o0Nyn-0009ua-KA@fasolo.debian.org>
Reply-to: Sebastian Ramacher <sramacher@debian.org>

Source: libcaca
Source-Version: 0.99.beta20-2
Done: Sebastian Ramacher <sramacher@debian.org>

We believe that the bug you reported is fixed in the latest version of
libcaca, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 924281@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastian Ramacher <sramacher@debian.org> (supplier of updated libcaca package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 12 Jun 2022 15:39:18 +0200
Source: libcaca
Architecture: source
Version: 0.99.beta20-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Sebastian Ramacher <sramacher@debian.org>
Closes: 924281 1011570
Changes:
 libcaca (0.99.beta20-2) unstable; urgency=medium
 .
   * debian/control:
     - Adopt package (Closes: #924281, #1011570)
     - Replace libncursesw5-dev with libncurses-dev
   * debian/: Clean up d/rules
   * debian/copyright: Remove duplicate entry
Checksums-Sha1:
 e3d5ba2e05f6169b5dab8fb70cf3bc5813a9d6b6 2263 libcaca_0.99.beta20-2.dsc
 2cdce31e2976171b0b086376435361d6072e9074 9336 libcaca_0.99.beta20-2.debian.tar.xz
Checksums-Sha256:
 650cdbac3022fa2990ed05a21d7dda445169be834e52a63d61da53cad85277fb 2263 libcaca_0.99.beta20-2.dsc
 ecece761d2d18efe140f9a883774ddf5b15362cc7f3a94abf10e1eb23c824dcc 9336 libcaca_0.99.beta20-2.debian.tar.xz
Files:
 e352649230eb4b930b7fa3bfcbee4bdf 2263 libs optional libcaca_0.99.beta20-2.dsc
 3ae2f15205200d00b2c5f8318bb4e48b 9336 libs optional libcaca_0.99.beta20-2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE94y6B4F7sUmhHTOQafL8UW6nGZMFAmKl7U8ACgkQafL8UW6n
GZNkKQ//QIUR/g9BciUChNNHUJsTwvzfYczxSO/Z0n4m4++vXg0c2RSiG6OBuRMC
XpQsKf8Hnj6+QBX2bWmDYQcMxyhQ5NBEP53hl9bIfnpXRxmIdqusCSDKB2erjTnj
kiHeHfWLomL9xRSDOIMB1NyTxNvW5LApj7JpLKJ0PDdNmGuwYBYEmcnp/khyYDV/
OVGmZsLs96Tf60NKevGsYgXmPbrWTlfObxYqIMHFA2aEQNc3fal4o3H00X1vf7vi
htw3zrJVhiZ/MAzz58gqkqQ4gbZDZyDGRR1Z8cZSouf3/9er21eP399EQk7Prva9
R7HZZaKrI6Kkzpsl9wqrlbNEsyjcmf1xHy4EGuwAYddUaWyjpyVgDTI/XuTqJAvp
InaPzW+U0YfdnJZbeUaaooba0bpMrzX9bFVMXXA1Ia9kEbAPRbnba90Nn+eSqUIV
94beLYBbzfnYAxcXGkP4VKkH6Sljgu859n5cukzv6xv+D+ZaXJ/7vzdznTK04vwJ
w5dnnLAOOMJFrA0yiXTwKdHOnO8Pa1qEiTRMQQeIGaDmlbFKqAXtOimn8jfQO5+u
Uwy50f6wKe/0vgpB1Dh+sFAedxZQlEgYIEp/ap7OD6Pk2dDYR+k+tcncqOpQJH7D
H5RkSP3o8T4//Y75iABSFhRMzJJAQjotS10iCzoI/yQbWYrpoZ8=
=7nqm
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Bug#287729: marked as done (caca-utils: no mailcap entries)
Next by Date: Bug#954884: marked as done (Please make autopkgtests cross-test-friendly)
Previous by thread: Bug#287729: marked as done (caca-utils: no mailcap entries)
Next by thread: Bug#954884: marked as done (Please make autopkgtests cross-test-friendly)
Index(es):
- Date
- Thread