[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#711317: marked as done (libkdcraw: CVE-2013-2126: double free)

Your message dated Fri, 12 Jul 2013 13:19:11 +0000
with message-id <E1UxdFf-0001Wk-72@franck.debian.org>
and subject line Bug#711317: fixed in libkdcraw 4:4.10.5-1
has caused the Debian Bug report #711317,
regarding libkdcraw: CVE-2013-2126: double free
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
711317: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711317
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: libkdcraw
Severity: grave
Tags: security patch

Hi,

There's a double free in the embedded copy of libraw included in your package.
If possible, please use the system copy instead.

For more info:
http://www.openwall.com/lists/oss-security/2013/05/29/7
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710353#17

Could you please prepare fixed packages for oldstable and stable, to
be included in point releases?

Thanks.

Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

--- End Message ---
--- Begin Message --- 
Source: libkdcraw
Source-Version: 4:4.10.5-1

We believe that the bug you reported is fixed in the latest version of
libkdcraw, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 711317@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Maximiliano Curia <maxy@debian.org> (supplier of updated libkdcraw package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 12 Jul 2013 14:44:51 +0200
Source: libkdcraw
Binary: libkdcraw22 libkdcraw-dev libkdcraw-data libkdcraw22-dbg
Architecture: source amd64 all
Version: 4:4.10.5-1
Distribution: unstable
Urgency: low
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Maximiliano Curia <maxy@debian.org>
Description: 
 libkdcraw-data - RAW picture decoding library -- data files
 libkdcraw-dev - RAW picture decoding library -- development files
 libkdcraw22 - RAW picture decoding library
 libkdcraw22-dbg - RAW picture decoding library -- debugging symbols
Closes: 711317
Changes: 
 libkdcraw (4:4.10.5-1) unstable; urgency=low
 .
   * New upstream release.
   * New patch: libkdcraw_CVE-2013-2126.diff. (Closes: #711317)
   * New patch: libkdcraw_CVE-2013-2127.diff.
   * Merge 4:4.8.4-2 from sid.
   * Add lintian-override for libraw.
Checksums-Sha1: 
 b7c846d1dbc514000d7e3b8bc8e9eca9ad998f07 2243 libkdcraw_4.10.5-1.dsc
 fc124bb21db24dea02233e26f852628e10dd11d4 349916 libkdcraw_4.10.5.orig.tar.xz
 79a1424d1ae075023c1d50fbffb866ea815f9847 10239 libkdcraw_4.10.5-1.debian.tar.gz
 87c8e1dbdc4b60a260a1b80c11892c39e3ef5299 288542 libkdcraw22_4.10.5-1_amd64.deb
 ef8716338d8ad35e6cde740eb04bbdcf4a668736 27234 libkdcraw-dev_4.10.5-1_amd64.deb
 2aba87645698aacc917aac42291c3a116888f11d 44580 libkdcraw-data_4.10.5-1_all.deb
 f55d5c0a788741bf1a67286920febc98d6c14d02 1055716 libkdcraw22-dbg_4.10.5-1_amd64.deb
Checksums-Sha256: 
 af91a889fe1bca787c820b802a10f04ea6248317d35d22d10794421b6cb97491 2243 libkdcraw_4.10.5-1.dsc
 cad35e13ea44c4e0bf0932bfb0aae951e24ec957b06737057ad9dc0b735b3c5c 349916 libkdcraw_4.10.5.orig.tar.xz
 178567894fef6d8bc0799016a92e32d107a8f5e63d8ca672fffac951829b5f25 10239 libkdcraw_4.10.5-1.debian.tar.gz
 f70bf0d17b598f6062110efee0310e91ea191a28cfc767f15a35c38e18024d16 288542 libkdcraw22_4.10.5-1_amd64.deb
 86253d040573337491a9e205d8e9d4323fe5bff8ca77d6d48e203a2e3ac8c38e 27234 libkdcraw-dev_4.10.5-1_amd64.deb
 d96478be5bbefa9e17fd10478667ad33bdd779867c31be983b3c85325029835b 44580 libkdcraw-data_4.10.5-1_all.deb
 8cbc5f3adee1958199c268e7f5d52fcf877f1c0b026a3d42a067d8cee401077c 1055716 libkdcraw22-dbg_4.10.5-1_amd64.deb
Files: 
 f7eb14377bf4958361217e28a1c5b804 2243 kde optional libkdcraw_4.10.5-1.dsc
 ffe5fbd6d21df0d40ad005d1eff0bb50 349916 kde optional libkdcraw_4.10.5.orig.tar.xz
 2a430230d4123a4cbda55d3f7b5b1e4b 10239 kde optional libkdcraw_4.10.5-1.debian.tar.gz
 b62a8c92d9644fd14c18977a47f222e7 288542 libs optional libkdcraw22_4.10.5-1_amd64.deb
 96a9e9dbb3c90e672d2bf1280bf8c8ae 27234 libdevel optional libkdcraw-dev_4.10.5-1_amd64.deb
 68242d9f522c8fc6df7ebf22c4076f2b 44580 libs optional libkdcraw-data_4.10.5-1_all.deb
 1a6e8835baf34482e0eb043ac23e31e0 1055716 debug extra libkdcraw22-dbg_4.10.5-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJR3/6bAAoJEMcZdpmymyMqt+AQAMGl3XcHlmhsIqlPzQHaLil7
nsHl20eR3ZRa6BLi7N/KnjpYZIusMjL3GMEy0CLTYTOo0Fi5o8G1vbPnBLaJ2rY5
+x54jqfgI0/Uuh3zLGunmLIOPd9SSozTcPM9pptQb+S0Cc6503i8eE4QCA1zlJa2
Qhftqt/G/bGTMXerI6ocWI1ioLYazjSjmKm2TAA0/ZNwX7U6hA7YY9QimoC8ySgN
vCUWsAo0ZhrjEPfsFVN7yOZNK9AjOi510NPQZxPmnMl612MGkeegi6Twl+M77M9o
Hn0I0jC5V9rNyKqT6Vzyrn0XcB/6jI0AU2e98pe8OGLH1Nc3V0hR2WVcgAD7dQCw
keHLhxcRNzOI+w6BiXRmgC+KD1SgYtRarme7qEwP3D/27hLOt4qbqpqF41hU44HE
VZBNujLtaMuSZvZk7pCEQh097WomZMGZDIxqjB3450PlHBCBc+uRkaTbM7woN9eO
2fxZXbM2XOQggShpdRU8TLEiKk4EfCTHJFwtYCO4EWdp61p79HknMuQnQkyX1UX4
GeY7PzFTEJO5afQYkxYOeAjA7Psy7j2BA3wXdYPtMCjFfG+PikMu3rtYV9MabOlz
e1tKlgxCt/KVlBVnUpUwmFDFY9Ti25MU3PaZsjuEWKnRi5YVZ2dG3tKTnfv7UwiD
la9PH4VCkURLhPBTvMHM
=ycsS
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: