Bug#721340: marked as done (CVE-2013-1438: libkdcraw: multiple vulnerabilities)

To: Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org>
Subject: Bug#721340: marked as done (CVE-2013-1438: libkdcraw: multiple vulnerabilities)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Tue, 01 Oct 2013 19:06:12 +0000
Message-id: <[🔎] handler.721340.D721340.13806542318731.ackdone@bugs.debian.org>
References: <E1VR5Ec-0003Rx-Eh@franck.debian.org> <CAA7hUgECFjwWgqQzf23D3y+DQpXoSbyKTH+B0noUTwCwb5GioQ@mail.gmail.com>

Your message dated Tue, 01 Oct 2013 19:03:50 +0000
with message-id <E1VR5Ec-0003Rx-Eh@franck.debian.org>
and subject line Bug#721340: fixed in libkdcraw 4:4.10.5-2
has caused the Debian Bug report #721340,
regarding CVE-2013-1438: libkdcraw: multiple vulnerabilities
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
721340: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721340
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2013-1439: libraw world: multiple vulnerabilities
From: Raphael Geissert <geissert@debian.org>
Date: Fri, 30 Aug 2013 16:02:52 +0200
Message-id: <CAA7hUgECFjwWgqQzf23D3y+DQpXoSbyKTH+B0noUTwCwb5GioQ@mail.gmail.com>

Source: libraw
Severity: important
Tags: security
Control: clone -1 -2 -3
Control: retitle -1 CVE-2013-1438: libraw: multiple vulnerabilities
Control: retitle -2 CVE-2013-1438: darktable: multiple vulnerabilities
Control: reassign -2 darktable
Control: retitle -3 CVE-2013-1438: libkdcraw: multiple vulnerabilities
Control: reassign -3 libkdcraw

Hi,

In addition to the vulnerabilities mentioned in my other bug report, I
found a few other that are all covered by the CVE-2013-1439 id.

Please refer to the following page for the details:
 http://www.openwall.com/lists/oss-security/2013/08/29/3

Please include the CVE id when fixing these vulnerabilities and
consider fixing them in old/stable via a {O,}SPU by following standard
procedures for stable release updates.

Thanks in advance.

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

--- End Message ---

--- Begin Message ---

To: 721340-close@bugs.debian.org
Subject: Bug#721340: fixed in libkdcraw 4:4.10.5-2
From: Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org>
Date: Tue, 01 Oct 2013 19:03:50 +0000
Message-id: <E1VR5Ec-0003Rx-Eh@franck.debian.org>

Source: libkdcraw
Source-Version: 4:4.10.5-2

We believe that the bug you reported is fixed in the latest version of
libkdcraw, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 721340@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org> (supplier of updated libkdcraw package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 01 Oct 2013 15:48:33 -0300
Source: libkdcraw
Binary: libkdcraw22 libkdcraw-dev libkdcraw-data libkdcraw22-dbg
Architecture: source amd64 all
Version: 4:4.10.5-2
Distribution: unstable
Urgency: low
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org>
Description: 
 libkdcraw-data - RAW picture decoding library -- data files
 libkdcraw-dev - RAW picture decoding library -- development files
 libkdcraw22 - RAW picture decoding library
 libkdcraw22-dbg - RAW picture decoding library -- debugging symbols
Closes: 721239 721340
Changes: 
 libkdcraw (4:4.10.5-2) unstable; urgency=low
 .
   * Team upload.
   * Add libkdcraw_CVE-2013-143x.diff to fix multiple vulnerabilities
     (Closes: #721239, #721340).
     - CVE-2013-1438.
     - CVE-2013-1439.
     Thanks Scott Kitterman for the patch.
   * Add missing line break in debian/copyright.
Checksums-Sha1: 
 75ac1a344bcade4492e8541d0981f5561708b03a 2243 libkdcraw_4.10.5-2.dsc
 127c66232a34cb21b912b64fe2a0246ccc2ffd1d 12650 libkdcraw_4.10.5-2.debian.tar.gz
 d165d9223a4ec075c5a172e2ded061f8aad57f7c 288872 libkdcraw22_4.10.5-2_amd64.deb
 11aaf6e7f5d2b32ddcca15299f053debbb85f5d0 27432 libkdcraw-dev_4.10.5-2_amd64.deb
 5549ebbbfe6fbf9762295c132c14d67b87234684 44732 libkdcraw-data_4.10.5-2_all.deb
 9b2cf145668c4f57ee69ad46bcef25e1e56d1106 1055496 libkdcraw22-dbg_4.10.5-2_amd64.deb
Checksums-Sha256: 
 54eea96c76ed7e5df52e9d5a021ff8143157598a131309892af317b124a0ef08 2243 libkdcraw_4.10.5-2.dsc
 c0031aa37df05699148eec4c7cd3e06777480d32d0422817ca559bcec41faaf8 12650 libkdcraw_4.10.5-2.debian.tar.gz
 c1f053c84e48aa294fa068ef4ada2c9497846a659ed8dd190ae95c75f5646f93 288872 libkdcraw22_4.10.5-2_amd64.deb
 6caf1f5aba68a4b1b7f82198100518812732a9a69b46d07ef7cab3c911715085 27432 libkdcraw-dev_4.10.5-2_amd64.deb
 e4e98886cd4cf978d7ae09f9fc618d0578d9e6e721913fc9adea1c733d639f9c 44732 libkdcraw-data_4.10.5-2_all.deb
 f879a85644a9616b50615d05da2635f6bc838c16dd0d29b3f36484197aba3f61 1055496 libkdcraw22-dbg_4.10.5-2_amd64.deb
Files: 
 3cfdb6de75cd1536669ba1612f58a77b 2243 kde optional libkdcraw_4.10.5-2.dsc
 77891c9271a0de4ef3d73b43e276f0c1 12650 kde optional libkdcraw_4.10.5-2.debian.tar.gz
 b5acaac43a5c24ad3af9a658f306237a 288872 libs optional libkdcraw22_4.10.5-2_amd64.deb
 cc3505e0cbb2e6e9663c9e07893acbea 27432 libdevel optional libkdcraw-dev_4.10.5-2_amd64.deb
 903514e9e766d23b2b188186924611d1 44732 libs optional libkdcraw-data_4.10.5-2_all.deb
 7a16121bde3f3f3b58efdbf4639c3e39 1055496 debug extra libkdcraw22-dbg_4.10.5-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBCAAGBQJSSxmRAAoJEKtkX0BihqfQmCAP/jir3k/Zwyrw/xQnCWax3K1D
dAp9Ql6T7tZ/mNhX6ktMKQnpqYCVoeopY18G5SsSBC14BGFKiKLKlSH+8hvifsVb
MBeQybczu2z2He8EzqxEZkp90obGcbh1eSDWrqaAMS/RzddjH8rY/VZGjXn0ojE3
7Y1yTC/lbU9DZEFK5W8XNaEPjl4Wmbr6celbbCuWyGU2km5IJ8XPb7eN0bbIy8sT
dtJ3VHYJm0Wl8kHKenmMPOUdOZbm5hrbhouMTyz3hKdb1QTn5M/SmdHrA+7tHPcH
yidzJ/j4fzaI0xUma2mN0lxrhfrvy4lRgO/GNySivNGqkVniNXWNQ0ydVohlVbYc
kAxq1DFfDw5YzwOEpWHsNvv4iijon/00VK8leqFhkinsCc+LdyN/97J+g4bZwoOh
/dKWEHYjfsifHYelkIgYveIZapwGzzeNFjftKjJ/S08uJl9bqXxNMcWB21gpsivX
32lRKTPXv/DgzzGbMm78OZamZSPR0OfqPGVnXQ/V55HOEqSSlmwFXKFV62K6XIe3
ZuKTus6M1bDosisK0+4D81K5vIlCi+1Zd4DDCBP0jpImIO7gqzLKUr2TIUQjRh9Z
01ppkGMmFKFMBmS+YGPyWIBPlq6UoWRcMd6xhacQEENUDroij9uXlJx4vtif3h0W
LNqBD7K6qCiEMbSpk6xy
=TUv0
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Bug#721239: marked as done (CVE-2013-1438: libkdcraw: multiple vulnerabilities)
Next by Date: Processing of libkdcraw_4.10.5-2_amd64.changes
Previous by thread: Bug#721239: marked as done (CVE-2013-1438: libkdcraw: multiple vulnerabilities)
Next by thread: Processing of libkdcraw_4.10.5-2_amd64.changes
Index(es):
- Date
- Thread