[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#711317: marked as done (libkdcraw: CVE-2013-2126: double free)

Your message dated Thu, 20 Jun 2013 13:33:02 +0000
with message-id <E1Upez0-0006yl-KT@franck.debian.org>
and subject line Bug#711317: fixed in libkdcraw 4:4.8.4-2
has caused the Debian Bug report #711317,
regarding libkdcraw: CVE-2013-2126: double free
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
711317: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711317
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: libkdcraw
Severity: grave
Tags: security patch

Hi,

There's a double free in the embedded copy of libraw included in your package.
If possible, please use the system copy instead.

For more info:
http://www.openwall.com/lists/oss-security/2013/05/29/7
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710353#17

Could you please prepare fixed packages for oldstable and stable, to
be included in point releases?

Thanks.

Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

--- End Message ---
--- Begin Message --- 
Source: libkdcraw
Source-Version: 4:4.8.4-2

We believe that the bug you reported is fixed in the latest version of
libkdcraw, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 711317@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Maximiliano Curia <maxy@debian.org> (supplier of updated libkdcraw package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 20 Jun 2013 15:10:38 +0200
Source: libkdcraw
Binary: libkdcraw20 libkdcraw-dev libkdcraw-data libkdcraw20-dbg
Architecture: source amd64 all
Version: 4:4.8.4-2
Distribution: unstable
Urgency: low
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Maximiliano Curia <maxy@debian.org>
Description: 
 libkdcraw-data - RAW picture decoding library -- data files
 libkdcraw-dev - RAW picture decoding library -- development files
 libkdcraw20 - RAW picture decoding library
 libkdcraw20-dbg - RAW picture decoding library -- debugging symbols
Closes: 711317
Changes: 
 libkdcraw (4:4.8.4-2) unstable; urgency=low
 .
   * New patch: libkdcraw_CVE-2013-2126.diff. (Closes: #711317).
   * Bump Standards-Version to 3.9.4.
   * Update vcs fields.
   * Update uploaders field.
   * Add myself to uploaders.
Checksums-Sha1: 
 5987e3b6eb633886bedf51eaa1472da184f5b5ca 2226 libkdcraw_4.8.4-2.dsc
 344f68520c4ebcc9473c09e9636044a4c63b1430 7622 libkdcraw_4.8.4-2.debian.tar.gz
 7e0ad6596ad1fde1b060c16fa85735086a2c2273 259336 libkdcraw20_4.8.4-2_amd64.deb
 887068dced93b34747c847ffee9dcac2c3e68eae 25374 libkdcraw-dev_4.8.4-2_amd64.deb
 3024c0318c95efe30c33a79b0debaa9f323197c7 42780 libkdcraw-data_4.8.4-2_all.deb
 ced6fc42e0e50eb66f535707e8bf613ebf4eb233 693080 libkdcraw20-dbg_4.8.4-2_amd64.deb
Checksums-Sha256: 
 c924a8c6c341a15369d3d7c99534644307068965d711cd5e5035c0e881ec74e2 2226 libkdcraw_4.8.4-2.dsc
 d27ed3351a3b1de0c8749200669e9f30a1e8b0768b5c2bb42d2a89c65eac6474 7622 libkdcraw_4.8.4-2.debian.tar.gz
 a6b65ae458eb5685f164f047f5493319715976b0f7bd76acdcb2f237445c9ecd 259336 libkdcraw20_4.8.4-2_amd64.deb
 27acce3caa11509c4f7a6dbf3a3262db67c24d190e06f06f659ed0bbdb45b984 25374 libkdcraw-dev_4.8.4-2_amd64.deb
 41cd205f2493b6f077c200ffba5672348b590741af766edb290ddcf07cfa532a 42780 libkdcraw-data_4.8.4-2_all.deb
 51c5f1912782eaeb22ce0ca3f54f00e91a7893731857312b46178350ee0d5080 693080 libkdcraw20-dbg_4.8.4-2_amd64.deb
Files: 
 c2f9db7a1fba67d3be3e1675c4d6a289 2226 kde optional libkdcraw_4.8.4-2.dsc
 350713d2b62e3ff4815d515fe6b1bc62 7622 kde optional libkdcraw_4.8.4-2.debian.tar.gz
 9ec850b11d9f4347af8a145eb5af8640 259336 libs optional libkdcraw20_4.8.4-2_amd64.deb
 ca6d95d8946995b9fcac067efb305b6a 25374 libdevel optional libkdcraw-dev_4.8.4-2_amd64.deb
 f1e9fc41cb6ef04a4285a23057ae783a 42780 libs optional libkdcraw-data_4.8.4-2_all.deb
 bf9f36a049c1e4f135620a3b60fa239f 693080 debug extra libkdcraw20-dbg_4.8.4-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJRwwJwAAoJEMcZdpmymyMqitcP/1JsrZTl5/gVoRGB6HP2jicC
TjJiTxlMvC/hUKc2Raqhg3uE49nYlYq2NVEQeU7zGKSPQJby0nA3/v2d3o/PRS5r
f2H5gSYRzsdl+7pO5Apce213Y1RQv5SesIDwQbtKXeDEFqp3UBIf3dpdVOEh+UqG
sMATBpPbGZrqDhi4aExLMyyVM6sLDR07Y1GI0VfzVvuECAfEzr9EKvC7mruzVnBN
XYEPb+vQ44345x1n9loYESCXUh1Kcmk3CKuVQx30K9mQ441Duq4HyF9Yx19QLugx
NIS/V1ANqeymE5bRLC+vFmfdKrJgFJGUlu5JOEv3NjFt3gWVAmh6yl7D2G+c5dlo
Ffo5nVqdVrcQ4q0Jo2/xoyIM/Q18CqnX42xCQ7moqPpzSib/tNfhr96RpKhWmZ7p
PLial7OUzjWiEc9vlQJvaKq23m8noDjHA7W3kYPAqRc2ZAo8a1kn+yEYxUbFwNaw
5sHCbMkB+H0g1zub4MjFw7Rq0Q5VgE4dmaQCZ9dZhRAMQNn2+ku9RV7d0Ng2ZY0S
MxIlxjbgOlf8DcQtyPNFHAk1AKOJVx8NiZNfK1323eOyMFSNVIUaEp1D7DoH/PwM
dPO93sEJwyux/H2WihZwKeLsylw6+3wrEJnXGy5vhrn5d6eVDMdyHy/iCSb6jKy2
SqyA9oDzYqHd3h7dBhcu
=8GWa
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: