[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#882503: marked as done (jessie-pu: package sam2p/0.49.2-3)

Your message dated Sat, 09 Dec 2017 10:47:53 +0000
with message-id <1512816473.1994.32.camel@adam-barratt.org.uk>
and subject line Closing bugs for updates included in jessie point release
has caused the Debian Bug report #882503,
regarding jessie-pu: package sam2p/0.49.2-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
882503: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882503
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu

Hi,

sam2p is currently affected by several security issues in Jessie.
Therefore I would like to update the package. I have contacted the
security team but they don't intend to release a DSA. Please find
attached the debdiff.

Regards,

Markus

diff -Nru sam2p-0.49.2/debian/changelog sam2p-0.49.2/debian/changelog
--- sam2p-0.49.2/debian/changelog	2014-08-31 18:31:23.000000000 +0200
+++ sam2p-0.49.2/debian/changelog	2017-11-22 21:39:20.000000000 +0100
@@ -1,3 +1,14 @@
+sam2p (0.49.2-3+deb8u1) jessie; urgency=high
+
+  * Non-maintainer upload.
+  * Fix CVE-2017-14628, CVE-2017-14629, CVE-2017-14630, CVE-2017-14631,
+    CVE-2017-14636, CVE-2017-14637, CVE-2017-16663:
+    Several integer overflow or heap-based buffer overflow issues were
+    discovered in sam2p that may lead to an application crash or other
+    unspecified impact.
+
+ -- Markus Koschany <apo@debian.org>  Wed, 22 Nov 2017 21:39:20 +0100
+
 sam2p (0.49.2-3) unstable; urgency=medium
 
   * debian/sam2p.1: correct the documentation of -m:dpi:RES and document
diff -Nru sam2p-0.49.2/debian/patches/CVE-2017-14628.patch sam2p-0.49.2/debian/patches/CVE-2017-14628.patch
--- sam2p-0.49.2/debian/patches/CVE-2017-14628.patch	1970-01-01 01:00:00.000000000 +0100
+++ sam2p-0.49.2/debian/patches/CVE-2017-14628.patch	2017-11-22 21:39:20.000000000 +0100
@@ -0,0 +1,33 @@
+---
+ in_pcx.cpp | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/in_pcx.cpp b/in_pcx.cpp
+index e65a6b8..592b678 100644
+--- a/in_pcx.cpp
++++ b/in_pcx.cpp
+@@ -355,7 +355,7 @@ static int pcxLoadImage24 ___((char *fname, FILE *fp, PICINFO *pinfo, byte *hdr)
+   
+   w = pinfo->w;  h = pinfo->h;
+   
+-  planes = (int) hdr[PCX_PLANES];
++  planes = (unsigned) hdr[PCX_PLANES];
+   bperlin = hdr[PCX_BPRL] + ((int) hdr[PCX_BPRH]<<8);
+   
+   /* allocate 24-bit image */
+@@ -379,6 +379,7 @@ static int pcxLoadImage24 ___((char *fname, FILE *fp, PICINFO *pinfo, byte *hdr)
+       if (c == EOF) { MACRO_GETC(fp); break; }
+     }
+     else cnt = 1;
++    if (cnt > nbytes) FatalError("Repeat count too large.");
+     
+ #if 0 /**** pts ****/
+     if (c > maxv)  maxv = c;
+@@ -403,6 +404,7 @@ static int pcxLoadImage24 ___((char *fname, FILE *fp, PICINFO *pinfo, byte *hdr)
+       }
+     }
+   }
++  if (nbytes != 0) pcxError(0, "Image data truncated.");
+   
+   
+ #if 0 /**** pts ****/  
diff -Nru sam2p-0.49.2/debian/patches/CVE-2017-14629.patch sam2p-0.49.2/debian/patches/CVE-2017-14629.patch
--- sam2p-0.49.2/debian/patches/CVE-2017-14629.patch	1970-01-01 01:00:00.000000000 +0100
+++ sam2p-0.49.2/debian/patches/CVE-2017-14629.patch	2017-11-22 21:39:20.000000000 +0100
@@ -0,0 +1,40 @@
+---
+ in_xpm.cpp | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/in_xpm.cpp b/in_xpm.cpp
+index dce69bf..33bda0f 100644
+--- a/in_xpm.cpp
++++ b/in_xpm.cpp
+@@ -285,14 +285,14 @@ static Image::Sampled *in_xpm_reader(Image::Loader::UFD *ufd, SimBuffer::Flat co
+     memset(bin, 255, sizeof(*bin) * 65536); /* Make bin[*]=-1 */
+     for (i=0,p=tab; (unsigned)i<colors; i++, p+=2) {
+       iimg->setPal(i, rgb[i]);
+-      bin[(p[0]<<8)+p[1]]=i;
++      bin[(((unsigned char*)p)[0]<<8)+((unsigned char*)p)[1]]=i;
+     }
+     assert(p==pend);
+     while (ht--!=0) {
+       tok.getComma();
+       for (p=outbuf+ret->getRlen(); outbuf!=p; ) {
+         tok.readInStr(pend,2);
+-        if ((s=bin[(pend[0]<<8)+pend[1]])<0) Error::sev(Error::EERROR) << "XPM: unpaletted color" << (Error*)0;
++        if ((s=bin[(((unsigned char*)pend)[0]<<8)+((unsigned char*)pend)[1]])<0) Error::sev(Error::EERROR) << "XPM: unpaletted color" << (Error*)0;
+         *outbuf++=s;
+       }
+     }
+@@ -301,12 +301,12 @@ static Image::Sampled *in_xpm_reader(Image::Loader::UFD *ufd, SimBuffer::Flat co
+     Image::Sampled::rgb_t rgb1;
+     unsigned short *bin=new unsigned short[65536], s;
+     memset(bin, 255, sizeof(*bin) * 65536); /* Make bin[*]=max */
+-    for (i=0,p=tab; (unsigned)i<colors; i++, p+=2) bin[(p[0]<<8)+p[1]]=i;
++    for (i=0,p=tab; (unsigned)i<colors; i++, p+=2) bin[(((unsigned char*)p)[0]<<8)+((unsigned char*)p)[1]]=i;
+     while (ht--!=0) {
+       tok.getComma();
+       for (p=outbuf+ret->getRlen(); outbuf!=p; ) {
+         tok.readInStr(pend,2);
+-        if ((s=bin[(pend[0]<<8)+pend[1]])==(unsigned short)-1) Error::sev(Error::EERROR) << "XPM: unpaletted color" << (Error*)0;
++        if ((s=bin[(((unsigned char*)pend)[0]<<8)+((unsigned char*)pend)[1]])==(unsigned short)-1) Error::sev(Error::EERROR) << "XPM: unpaletted color" << (Error*)0;
+         *outbuf++=(rgb1=rgb[s])>>16;
+         *outbuf++=rgb1>>8;
+         *outbuf++=rgb1;
diff -Nru sam2p-0.49.2/debian/patches/CVE-2017-14630.patch sam2p-0.49.2/debian/patches/CVE-2017-14630.patch
--- sam2p-0.49.2/debian/patches/CVE-2017-14630.patch	1970-01-01 01:00:00.000000000 +0100
+++ sam2p-0.49.2/debian/patches/CVE-2017-14630.patch	2017-11-22 21:39:20.000000000 +0100
@@ -0,0 +1,177 @@
+---
+ image.cpp  | 36 ++++++++++++++++++++++++++++++++++--
+ in_pcx.cpp | 41 ++++++++++++++++++++++++++++-------------
+ 2 files changed, 62 insertions(+), 15 deletions(-)
+
+diff --git a/image.cpp b/image.cpp
+index 5238fd7..45762c2 100644
+--- a/image.cpp
++++ b/image.cpp
+@@ -105,6 +105,36 @@ char const *Image::Sampled::cs2devcs(unsigned char cs) {
+   return cs>=1 && cs<=5 ? names[cs] : (char*)NULLP;
+ }
+ 
++static void fatal_image_too_large() {
++  Error::sev(Error::EERROR) << "Image: Image too large." << (Error*)0;
++}
++
++static slen_t multiply_check(slen_t a, slen_t b) {
++  const slen_t result = a * b;
++  /* Check for overflow. Works only if everything is unsigned. */
++  if (result / a != b) fatal_image_too_large();
++  return result;
++}
++
++static slen_t multiply_check(slen_t a, slen_t b, slen_t c) {
++  return multiply_check(multiply_check(a, b), c);
++}
++
++static slen_t add_check(slen_t a, slen_t b) {
++  /* Check for overflow. Works only if everything is unsigned. */
++  if (b > (slen_t)-1 - a) fatal_image_too_large();
++  return a + b;
++}
++
++#if 0
++static slen_t add_check(slen_t a, slen_t b, slen_t c) {
++  return add_check(add_check(a, b), c);
++}
++#endif
++
++static slen_t add_check(slen_t a, slen_t b, slen_t c, slen_t d) {
++  return add_check(add_check(a, b), add_check(c, d));
++}
+ 
+ void Image::Sampled::init(slen_t l_comment, slen_t l_header, dimen_t wd_, dimen_t ht_,
+   /* ^^^ 24 is required for /Transparent in out_tiff_work */
+@@ -117,8 +147,10 @@ void Image::Sampled::init(slen_t l_comment, slen_t l_header, dimen_t wd_, dimen_
+   cpp=cpp_;
+   // pred=1;
+   transpc=0x1000000UL; /* Dat: this means: no transparent color */
+-  rlen=(((rlen_t)bpc_)*cpp_*wd_+7)>>3;
+-  beg=new char[len=l_comment+l_header+rlen*ht_+PADDING];
++  const slen_t rlens = add_check(multiply_check(bpc_, cpp_, wd_), 7) >> 3;
++  rlen = rlens;
++  if (rlen != rlens) fatal_image_too_large();
++  beg=new char[len=add_check(l_comment, l_header, multiply_check(rlen, ht_), bpc)];
+   rowbeg=(headp=const_cast<char*>(beg)+l_comment)+l_header;
+   trail=const_cast<char*>(beg)+len-bpc;
+ }
+diff --git a/in_pcx.cpp b/in_pcx.cpp
+index 592b678..a64be49 100644
+--- a/in_pcx.cpp
++++ b/in_pcx.cpp
+@@ -27,6 +27,7 @@
+ #define return_pcxError(bname, conststr) Error::sev(Error::EERROR) << "PCX: " conststr << (Error*)0
+ #define byte unsigned char
+ #define size_t slen_t
++#define PCX_SIZE_T slen_t
+ #define malloc_byte(n) new byte[n]
+ #define free(p) delete p
+ #define DEBUG 1
+@@ -108,6 +109,16 @@ static void pcxLoadRaster  PARM((FILE *, byte *, int, byte *, dimen, dimen));
+ static int  pcxError       PARM((char *, char *));
+ #endif
+ 
++static PCX_SIZE_T multiply_check(PCX_SIZE_T a, PCX_SIZE_T b) {
++  const PCX_SIZE_T result = a * b;
++  /* Check for overflow. Works only if everything is unsigned. */
++  if (result / a != b) FatalError("Image too large.");
++  return result;
++}
++
++static PCX_SIZE_T multiply_check(PCX_SIZE_T a, PCX_SIZE_T b, PCX_SIZE_T c) {
++  return multiply_check(multiply_check(a, b), c);
++}
+ 
+ /*******************************************/
+ static Image::Sampled *LoadPCX
+@@ -197,12 +208,12 @@ static Image::Sampled *LoadPCX
+     Image::Indexed *img=new Image::Indexed(pinfo->w, pinfo->h, colors, 8);
+     pinfo->pal=(byte*)img->getHeadp();
+     ASSERT_SIDE(pcxLoadImage8((char*)NULLP/*bname*/, fp, pinfo, hdr));
+-    memcpy(img->getRowbeg(), pinfo->pic, pinfo->w*pinfo->h);
++    memcpy(img->getRowbeg(), pinfo->pic, multiply_check(pinfo->w, pinfo->h));
+     ret=img;
+   } else {
+     Image::RGB *img=new Image::RGB(pinfo->w, pinfo->h, 8);
+     ASSERT_SIDE(pcxLoadImage24((char*)NULLP/*bname*/, fp, pinfo, hdr));
+-    memcpy(img->getRowbeg(), pinfo->pic, pinfo->w*pinfo->h*3);
++    memcpy(img->getRowbeg(), pinfo->pic, multiply_check(pinfo->w, pinfo->h, 3));
+     ret=img;
+   }
+   free(pinfo->pic);
+@@ -304,8 +315,6 @@ static Image::Sampled *LoadPCX
+   return ret;
+ }
+ 
+-
+-
+ /*****************************/
+ static int pcxLoadImage8 ___((char *fname, FILE *fp, PICINFO *pinfo, byte *hdr), (fname, fp, pinfo, hdr),
+     (char    *fname;
+@@ -318,11 +327,10 @@ static int pcxLoadImage8 ___((char *fname, FILE *fp, PICINFO *pinfo, byte *hdr),
+   
+   byte *image;
+   
+-  /* note:  overallocation to make life easier... */
+-  image = (byte *) malloc_byte((size_t) (pinfo->h + 1) * pinfo->w + 16);
++  image = (byte *) malloc_byte(multiply_check(pinfo->h, pinfo->w));
+   if (!image) FatalError("Can't alloc 'image' in pcxLoadImage8()");
+   
+-  xvbzero((char *) image, (size_t) ((pinfo->h+1) * pinfo->w + 16));
++  xvbzero((char *) image, multiply_check(pinfo->h, pinfo->w));
+   
+   switch (hdr[PCX_BPP]) {
+   case 1: case 2: case 4: case 8: pcxLoadRaster(fp, image, hdr[PCX_BPP], hdr, pinfo->w, pinfo->h);   break;
+@@ -359,10 +367,17 @@ static int pcxLoadImage24 ___((char *fname, FILE *fp, PICINFO *pinfo, byte *hdr)
+   bperlin = hdr[PCX_BPRL] + ((int) hdr[PCX_BPRH]<<8);
+   
+   /* allocate 24-bit image */
+-  pic24 = (byte *) malloc_byte((size_t) w*h*planes);
++  const PCX_SIZE_T alloced = multiply_check(w, h, planes);
++  const PCX_SIZE_T w_planes = multiply_check(w, planes);
++  pic24 = (byte *) malloc_byte(alloced);
++
+   if (!pic24) FatalError("couldn't malloc 'pic24'");
+   
+-  xvbzero((char *) pic24, (size_t) w*h*planes);
++  /* This may still fail with a segfault for large values of alloced, even
++   * if malloc_byte has succeeded.
++   */
++  xvbzero((char *) pic24, alloced);
++  fprintf(stderr, "AAA3\n");
+   
+ #if 0 /**** pts ****/
+   maxv = 0;
+@@ -370,7 +385,7 @@ static int pcxLoadImage24 ___((char *fname, FILE *fp, PICINFO *pinfo, byte *hdr)
+   pix = pinfo->pic = pic24;
+   i = 0;      /* planes, in this while loop */
+   j = 0;      /* bytes per line, in this while loop */
+-  nbytes = bperlin*h*planes;
++  nbytes = multiply_check(bperlin, h, planes);
+  
+   while (nbytes > 0 && (c = MACRO_GETC(fp)) != EOF) {
+     if (c>=0xC0) {   /* have a rep. count */
+@@ -395,10 +410,10 @@ static int pcxLoadImage24 ___((char *fname, FILE *fp, PICINFO *pinfo, byte *hdr)
+       if (j == bperlin) {
+ 	j = 0;
+ 	if (++i < planes) {
+-	  pix -= (w*planes)-1;  /* next plane on this line */
++	  pix -= w_planes-1;  /* next plane on this line */
+ 	}
+ 	else {
+-	  pix -= (planes-1);    /* start of next line, first plane */
++	  pix -= planes-1;    /* start of next line, first plane */
+ 	  i = 0;
+ 	}
+       }
+@@ -415,7 +430,7 @@ static int pcxLoadImage24 ___((char *fname, FILE *fp, PICINFO *pinfo, byte *hdr)
+     
+     for (i=0, pix=pic24; i<h; i++) {
+       if ((i&0x3f)==0) WaitCursor();
+-      for (j=0; j<w*planes; j++, pix++) *pix = scale[*pix];
++      for (j=0; j<w_planes; j++, pix++) *pix = scale[*pix];
+     }
+   }
+ #endif
diff -Nru sam2p-0.49.2/debian/patches/CVE-2017-14631.patch sam2p-0.49.2/debian/patches/CVE-2017-14631.patch
--- sam2p-0.49.2/debian/patches/CVE-2017-14631.patch	1970-01-01 01:00:00.000000000 +0100
+++ sam2p-0.49.2/debian/patches/CVE-2017-14631.patch	2017-11-22 21:39:20.000000000 +0100
@@ -0,0 +1,56 @@
+---
+ in_pcx.cpp | 19 ++++++++++---------
+ 1 file changed, 10 insertions(+), 9 deletions(-)
+
+diff --git a/in_pcx.cpp b/in_pcx.cpp
+index a64be49..f04e4c1 100644
+--- a/in_pcx.cpp
++++ b/in_pcx.cpp
+@@ -171,11 +171,11 @@ static Image::Sampled *LoadPCX
+     return_pcxError(bname,"unrecognized magic number");
+   }
+ 
+-  pinfo->w = (hdr[PCX_XMAXL] + ((int) hdr[PCX_XMAXH]<<8)) 
+-           - (hdr[PCX_XMINL] + ((int) hdr[PCX_XMINH]<<8));
++  pinfo->w = (hdr[PCX_XMAXL] + ((dimen) hdr[PCX_XMAXH]<<8))
++           - (hdr[PCX_XMINL] + ((dimen) hdr[PCX_XMINH]<<8));
+ 
+-  pinfo->h = (hdr[PCX_YMAXL] + ((int) hdr[PCX_YMAXH]<<8)) 
+-           - (hdr[PCX_YMINL] + ((int) hdr[PCX_YMINH]<<8));
++  pinfo->h = (hdr[PCX_YMAXL] + ((dimen) hdr[PCX_YMAXH]<<8))
++           - (hdr[PCX_YMINL] + ((dimen) hdr[PCX_YMINH]<<8));
+ 
+   pinfo->w++;  pinfo->h++;
+ 
+@@ -188,7 +188,7 @@ static Image::Sampled *LoadPCX
+ 	    pinfo->w, pinfo->h, hdr[PCX_VER], hdr[PCX_ENC]);
+     fprintf(stderr,"   BitsPerPixel=%d, planes=%d, BytePerRow=%d, colors=%d\n",
+ 	    hdr[PCX_BPP], hdr[PCX_PLANES], 
+-	    hdr[PCX_BPRL] + ((int) hdr[PCX_BPRH]<<8),
++	    hdr[PCX_BPRL] + ((dimen) hdr[PCX_BPRH]<<8),
+ 	    colors);
+   }
+ #endif
+@@ -364,7 +364,7 @@ static int pcxLoadImage24 ___((char *fname, FILE *fp, PICINFO *pinfo, byte *hdr)
+   w = pinfo->w;  h = pinfo->h;
+   
+   planes = (unsigned) hdr[PCX_PLANES];
+-  bperlin = hdr[PCX_BPRL] + ((int) hdr[PCX_BPRH]<<8);
++  bperlin = hdr[PCX_BPRL] + ((dimen) hdr[PCX_BPRH]<<8);
+   
+   /* allocate 24-bit image */
+   const PCX_SIZE_T alloced = multiply_check(w, h, planes);
+@@ -453,9 +453,10 @@ static void pcxLoadRaster ___((FILE *fp, byte *image, int depth, byte *hdr, dime
+   int b;
+   byte *oldimage;
+ 
+-  bperlin = hdr[PCX_BPRL] + ((int) hdr[PCX_BPRH]<<8);
+-  if (depth == 1) pad = (bperlin * 8) - w;
+-             else pad = bperlin - w;
++  bperlin = hdr[PCX_BPRL] + ((dimen) hdr[PCX_BPRH]<<8);
++  pad = (depth == 1) ? bperlin * 8 : bperlin;
++  if (pad < w) FatalError("pad too small");
++  pad -= w;
+ 
+   row = bcnt = 0;
+ 
diff -Nru sam2p-0.49.2/debian/patches/CVE-2017-14636.patch sam2p-0.49.2/debian/patches/CVE-2017-14636.patch
--- sam2p-0.49.2/debian/patches/CVE-2017-14636.patch	1970-01-01 01:00:00.000000000 +0100
+++ sam2p-0.49.2/debian/patches/CVE-2017-14636.patch	2017-11-22 21:39:20.000000000 +0100
@@ -0,0 +1,16 @@
+---
+ image.cpp | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/image.cpp b/image.cpp
+index e921fde..5238fd7 100644
+--- a/image.cpp
++++ b/image.cpp
+@@ -715,6 +715,7 @@ void Image::Indexed::sortPal() {
+   unsigned ncols = getNcols(), i;
+   assert(transp == -1 || transp + 0U == ncols - 1);
+   assert(ncols <= 256);
++  if (ncols == 0) return;  /* Safe if ncols == 0 and transp == -1. */
+   if (transp + 0U == ncols - 1) --ncols;
+   if (ncols <= 1) return;
+   #if SIZEOF_SHORT>=4
diff -Nru sam2p-0.49.2/debian/patches/CVE-2017-14637.patch sam2p-0.49.2/debian/patches/CVE-2017-14637.patch
--- sam2p-0.49.2/debian/patches/CVE-2017-14637.patch	1970-01-01 01:00:00.000000000 +0100
+++ sam2p-0.49.2/debian/patches/CVE-2017-14637.patch	2017-11-22 21:39:20.000000000 +0100
@@ -0,0 +1,28 @@
+---
+ cols2.pl | 2 +-
+ xpmc.h   | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/cols2.pl b/cols2.pl
+index b1a343a..b6f09cc 100644
+--- a/cols2.pl
++++ b/cols2.pl
+@@ -272,7 +272,7 @@ sub hash0($) {
+   push @{$P[$N]}, $_[0];
+ }
+ 
+-@P=();
++@P=(undef)x1109;
+ for (@L) { hash0($_); }
+ # my $S="";
+ # die @P;
+diff --git a/xpmc.h b/xpmc.h
+index 1960e48..1b965fb 100644
+--- a/xpmc.h
++++ b/xpmc.h
+@@ -1,4 +1,4 @@
+ #define xpmColors_mul 95
+ #define xpmColors_mod 1109
+-unsigned short xpmColors_ofs[]={0,0,0,1,0,0,0,0,0,0,0,0,15,0,43,0,0,0,0,0,0,0,65,0,0,0,84,0,0,0,0,0,96,0,0,0,0,0,0,0,113,0,0,0,0,0,0,0,0,0,0,129,140,151,162,173,199,210,221,232,243,0,254,0,0,0,0,268,0,0,0,0,282,0,0,0,0,0,0,0,0,0,0,0,0,0,0,296,0,310,0,0,0,0,0,0,0,0,0,0,0,0,0,329,0,0,0,0,0,0,0,0,343,352,0,0,0,0,0,0,368,0,0,0,0,0,0,0,0,0,0,0,0,0,382,0,0,0,0,0,0,0,0,0,0,0,391,402,413,424,435,446,457,468,479,490,0,0,0,0,0,0,0,0,0,501,0,516,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,525,0,0,0,0,0,0,540,0,557,0,0,0,568,0,0,576,0,0,0,0,0,0,0,0,0,0,594,0,0,0,0,0,607,0,0,0,0,0,0,0,0,0,0,0,0,0,0,623,634,645,656,667,678,689,700,711,722,0,0,733,0,0,0,743,0,0,0,0,0,0,0,0,0,0,0,0,763,0,0,0,0,771,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,785,0,0,0,794,0,0,0,0,0,0,0,0,806,816,0,0,0,0,833,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,842,853,864,875,886,897,908,919,930,941,0,952,0,0,0,0,0,966,0,0,0,0,0,0,0,0,0,980,0,0,0,0,0,0,989,0,0,1011,0,1026,0,0,0,0,0,0,0,0,0,1041,1056,0,0,1066,0,0,0,0,0,1075,109
 0,0,1106,0,1120,0,0,0,1134,0,0,0,0,0,1148,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1167,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1180,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1199,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1214,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1228,0,0,0,0,0,0,1241,1255,0,0,0,0,1265,1279,0,0,0,0,0,0,0,0,0,1293,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1312,0,0,0,0,0,0,0,0,0,0,0,0,0,1324,0,1333,0,1345,0,0,0,0,0,0,0,0,0,0,1359,0,0,0,1370,0,0,0,0,1387,1405,0,0,1418,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1436,0,0,0,1450,0,0,0,1461,0,0,0,0,1482,0,1497,0,0,0,0,0,0,0,1511,0,0,0,0,0,0,0,0,0,1527,0,0,0,0,0,0,0,0,0,1541,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1560,1571,1582,1593,1604,1615,1626,1637,1648,1659,0,0,0,0,0,0,0,0,0,0,0,1670,0,0,1685,0,0,0,0,0,1699,0,0,0,0,0,0,0,1710,0,0,0,0,0,0,1721,0,0,0,0,0,0,0,0,0,0,0,1739,1748,0,0,0,0,0,0,1758,0,1776,0,1788,0,0,0,0,0,0,0,0,0,1806,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1831,1857,1868,1879,1890,1901,1912,1923,1934,1945,0,0,0,0,0,0,0,1956,0,0,
 0,0,0,0,0,0,0,0,0,0,0,1969,0,0,0,0,0,0,0,1979,0,0,0,0,0,0,1994,0,2004,0,0,0,0,0,2015,0,0,0,0,0,0,0,0,0,0,0,0,2033,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2049,0,0,0,0,2067,2078,2089,2100,2111,2122,2133,2144,2155,2166,0,0,0,0,2177,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2190,2209,2225,0,0,0,0,0,0,0,2241,0,2256,0,0,0,0,2267,0,2286,0,2297,0,0,0,0,0,0,0,0,0,0,0,2312,0,0,0,0,0,0,0,0,0,0,0,0,2328,0,0,0,0,0,0,0,0,0,0,2340,0,0,0,2358,0,0,0,2372,2383,2394,2405,2432,2443,2464,2488,2499,2510,2521,2538,0,0,0,0,0,0,0,2558,2568,0,0,0,0,0,0,0,0,0,0,2583,0,0,0,2603,0,0,0,0,0,0,2623,0,0,0,2635,0,2649,0,0,0,2663,2673,2683,2693,2703,2713,2723,2733,2743,2753,0,0,0,0,0,0,2763,2777,0,0,0,0,2790,2809,0,0,0,0,2826,0,2841,2851,0,0,0,0,0,0,0,0,0,0,0,2862,2873,2884,2895,2906,2917,2928,2939,2950,2961,0,2972,0,0,2981,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2994,};
++unsigned short xpmColors_ofs[]={0,0,0,1,0,0,0,0,0,0,0,0,15,0,43,0,0,0,0,0,0,0,65,0,0,0,84,0,0,0,0,0,96,0,0,0,0,0,0,0,113,0,0,0,0,0,0,0,0,0,0,129,140,151,162,173,199,210,221,232,243,0,254,0,0,0,0,268,0,0,0,0,282,0,0,0,0,0,0,0,0,0,0,0,0,0,0,296,0,310,0,0,0,0,0,0,0,0,0,0,0,0,0,329,0,0,0,0,0,0,0,0,343,352,0,0,0,0,0,0,368,0,0,0,0,0,0,0,0,0,0,0,0,0,382,0,0,0,0,0,0,0,0,0,0,0,391,402,413,424,435,446,457,468,479,490,0,0,0,0,0,0,0,0,0,501,0,516,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,525,0,0,0,0,0,0,540,0,557,0,0,0,568,0,0,576,0,0,0,0,0,0,0,0,0,0,594,0,0,0,0,0,607,0,0,0,0,0,0,0,0,0,0,0,0,0,0,623,634,645,656,667,678,689,700,711,722,0,0,733,0,0,0,743,0,0,0,0,0,0,0,0,0,0,0,0,763,0,0,0,0,771,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,785,0,0,0,794,0,0,0,0,0,0,0,0,806,816,0,0,0,0,833,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,842,853,864,875,886,897,908,919,930,941,0,952,0,0,0,0,0,966,0,0,0,0,0,0,0,0,0,980,0,0,0,0,0,0,989,0,0,1011,0,1026,0,0,0,0,0,0,0,0,0,1041,1056,0,0,1066,0,0,0,0,0,1075,109
 0,0,1106,0,1120,0,0,0,1134,0,0,0,0,0,1148,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1167,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1180,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1199,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1214,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1228,0,0,0,0,0,0,1241,1255,0,0,0,0,1265,1279,0,0,0,0,0,0,0,0,0,1293,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1312,0,0,0,0,0,0,0,0,0,0,0,0,0,1324,0,1333,0,1345,0,0,0,0,0,0,0,0,0,0,1359,0,0,0,1370,0,0,0,0,1387,1405,0,0,1418,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1436,0,0,0,1450,0,0,0,1461,0,0,0,0,1482,0,1497,0,0,0,0,0,0,0,1511,0,0,0,0,0,0,0,0,0,1527,0,0,0,0,0,0,0,0,0,1541,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1560,1571,1582,1593,1604,1615,1626,1637,1648,1659,0,0,0,0,0,0,0,0,0,0,0,1670,0,0,1685,0,0,0,0,0,1699,0,0,0,0,0,0,0,1710,0,0,0,0,0,0,1721,0,0,0,0,0,0,0,0,0,0,0,1739,1748,0,0,0,0,0,0,1758,0,1776,0,1788,0,0,0,0,0,0,0,0,0,1806,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1831,1857,1868,1879,1890,1901,1912,1923,1934,1945,0,0,0,0,0,0,0,1956,0,0,
 0,0,0,0,0,0,0,0,0,0,0,1969,0,0,0,0,0,0,0,1979,0,0,0,0,0,0,1994,0,2004,0,0,0,0,0,2015,0,0,0,0,0,0,0,0,0,0,0,0,2033,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2049,0,0,0,0,2067,2078,2089,2100,2111,2122,2133,2144,2155,2166,0,0,0,0,2177,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2190,2209,2225,0,0,0,0,0,0,0,2241,0,2256,0,0,0,0,2267,0,2286,0,2297,0,0,0,0,0,0,0,0,0,0,0,2312,0,0,0,0,0,0,0,0,0,0,0,0,2328,0,0,0,0,0,0,0,0,0,0,2340,0,0,0,2358,0,0,0,2372,2383,2394,2405,2432,2443,2464,2488,2499,2510,2521,2538,0,0,0,0,0,0,0,2558,2568,0,0,0,0,0,0,0,0,0,0,2583,0,0,0,2603,0,0,0,0,0,0,2623,0,0,0,2635,0,2649,0,0,0,2663,2673,2683,2693,2703,2713,2723,2733,2743,2753,0,0,0,0,0,0,2763,2777,0,0,0,0,2790,2809,0,0,0,0,2826,0,2841,2851,0,0,0,0,0,0,0,0,0,0,0,2862,2873,2884,2895,2906,2917,2928,2939,2950,2961,0,2972,0,0,2981,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2994,0,0,0,0,0,0,0,0,0,0,0,};
+ char xpmColors_dat[]="\000LawnGreen\000|\374\000\000SlateGray\000p\200\220WhiteSmoke\000\365\365\365\000MediumForestGreen\000""2\201K\000LightSlateGray\000w\210\231\000Magenta\000\377\000\377\000DarkSeaGreen\000\217\274\217\000ForestGreen\000P\237i\000Gray60\000\231\231\231\000Gray61\000\234\234\234\000Gray62\000\236\236\236\000Gray63\000\241\241\241\000GreenYellow\000\255\377/Gray64\000\243\243\243\000Gray65\000\246\246\246\000Gray66\000\250\250\250\000Gray67\000\253\253\253\000Gray68\000\255\255\255\000Gray69\000\260\260\260\000PaleGreen\000s\336x\000chocolate\000\322i\036\000DarkKhaki\000\275\267k\000PeachPuff\000\377\332\271\000DarkOliveGreen\000UV/\000LightCyan\000\340\377\377\000Blue\000\000\000\377\000NavajoWhite\000\377\336\255\000AliceBlue\000\360\370\377\000Gold\000\332\252\000\000Gray70\000\263\263\263\000Gray71\000\265\265\265\000Gray72\000\270\270\270\000Gray73\000\272\272\272\000Gray74\000\275\275\275\000Gray75\000\277\277\277\000Gray76\000\302\302\302\000Gray77\000\3
 04\304\304\000Gray78\000\307\307\307\000Gray79\000\311\311\311\000GhostWhite\000\370\370\377\000peru\000\315\205?\000DarkSalmon\000\351\226z\000MidnightBlue\000//d\000Salmon\000\351\226z\000Tan\000\336\270\207\000DarkSlateGray\000/OO\000moccasin\000\377\344\265\000LightYellow\000\377\377\340\000Gray80\000\314\314\314\000Gray81\000\317\317\317\000Gray82\000\321\321\321\000Gray83\000\324\324\324\000Gray84\000\326\326\326\000Gray85\000\331\331\331\000Gray86\000\333\333\333\000Gray87\000\336\336\336\000Gray88\000\340\340\340\000Gray89\000\343\343\343\000Azure\000\360\377\377\000MediumSlateBlue\000jj\215\000Red\000\377\000\000\000VioletRed\000\363>\226\000Plum\000\305H\233\000SkyBlue\000r\237\377\000linen\000\372\360\346\000AntiqueWhite\000\372\353\327\000Navy\000##u\000Gray90\000\345\345\345\000Gray91\000\350\350\350\000Gray92\000\353\353\353\000Gray93\000\355\355\355\000Gray94\000\360\360\360\000Gray95\000\362\362\362\000Gray96\000\365\365\365\000Gray97\000\367\367\367\000Gray98\000\37
 2\372\372\000Gray99\000\374\374\374\000OliveDrab\000k\216#\000LightBlue\000\260\342\377\000None\000\003\002\001\000MediumSpringGreen\000#\216#\000BlueViolet\000\212+\342\000MediumBlue\000""22\314\000PapayaWhip\000\377\357\325\000Brown\000\245**\000Pink\000\377\265\305\000chartreuse\000\177\377\000\000SpringGreen\000A\254A\000RoyalBlue\000Ai\341\000Goldenrod\000\357\337\204\000Turquoise\000\031\314\337\000LightGoldenrod\000\356\335\202\000NavyBlue\000##u\000MediumSeaGreen\000""4wf\000PowderBlue\000\260\340\346\000LimeGreen\000\000\257\024\000honeydew\000\360\377\360\000LightPink\000\377\266\301\000ivory\000\377\377\360\000OrangeRed\000\377E\000\000SteelBlue\000Tp\252\000LightSteelBlue\000|\230\323\000Gray100\000\377\377\377\000Gray\000~~~\000DimGray\000TTT\000gainsboro\000\334\334\334\000tomato\000\377cG\000LemonChiffon\000\377\372\315\000DarkGoldenrod\000\270\206\013\000SeaGreen\000R\225\204\000DarkTurquoise\000\000\246\246\000Firebrick\000\216##\000Yellow\000\377\377\000\000MediumA
 quamarine\000\000\223\217\000DodgerBlue\000\036\220\377\000CadetBlue\000_\222\236\000YellowGreen\000""2\330""8\000SlateBlue\000~\210\253\000LightSlateBlue\000\204p\377\000Gray10\000\032\032\032\000Gray11\000\034\034\034\000Gray12\000\037\037\037\000Gray13\000!!!\000Gray14\000$$$\000Gray15\000&&&\000Gray16\000)))\000Gray17\000+++\000Gray18\000...\000Gray19\000""000\000DarkOrange\000\377\214\000\000LightGray\000\250\250\250\000Orange\000\377\207\000\000Sienna\000\226R-\000PaleVioletRed\000\333p\223\000snow\000\377\372\372\000Coral\000\377rV\000PaleGoldenrod\000\356\350\252\000OldLace\000\375\365\346\000PaleTurquoise\000\257\356\356\000LightGoldenrodYellow\000\372\372\322\000DeepSkyBlue\000\000\277\377Gray20\000""333\000Gray21\000""666\000Gray22\000""888\000Gray23\000;;;\000Gray24\000===\000Gray25\000@@@\000Gray26\000BBB\000Gray27\000EEE\000Gray28\000GGG\000Gray29\000JJJ\000seashell\000\377\365\356\000Black\000\000\000\000\000DarkViolet\000\224\000\323\000Wheat\000\365\336\263\000Viole
 t\000\234>\316\000LightSeaGreen\000\040\262\252\000FloralWhite\000\377\372\360\000LavenderBlush\000\377\360\365\000Gray30\000MMM\000Gray31\000OOO\000Gray32\000RRR\000Gray33\000TTT\000Gray34\000WWW\000Gray35\000YYY\000Gray36\000\\\\\\\000Gray37\000^^^\000Gray38\000aaa\000Gray39\000ccc\000DeepPink\000\377\024\223\000Green\000\000\377\000White\000\377\377\377\000LightSalmon\000\377\240z\000Transparent\000\000\000\001\000DarkOrchid\000\213\040\213\000purple\000\240\040\360\000BlanchedAlmond\000\377\353\315\000Orchid\000\357\204\357\000LightCoral\000\360\200\200\000SaddleBrown\000\213E\023\000Thistle\000\330\277\330\000DarkSlateBlue\000""8Kf\000burlywood\000\336\270\207\000Gray40\000fff\000Gray41\000iii\000Gray42\000kkk\000MediumPurple\000\223p\333Gray43\000nnn\000Gray44\000ppp\000Maroon\000\217\000RGray45\000sss\000IndianRed\000k99Gray46\000uuu\000Gray47\000xxx\000Gray48\000zzz\000Gray49\000}}}\000MediumOrchid\000\275R\275\000MediumVioletRed\000\325\040y\000Khaki\000\263\263~\000SandyBr
 own\000\364\244`\000MediumGoldenrod\000\321\301f\000MediumTurquoise\000\000\322\322\000HotPink\000\377i\264\000MistyRose\000\377\344\341\000MintCream\000\365\377\372\000Gray0\000\000\000\000\000Gray1\000\003\003\003\000Gray2\000\005\005\005\000Gray3\000\010\010\010\000Gray4\000\012\012\012\000Gray5\000\015\015\015\000Gray6\000\017\017\017\000Gray7\000\022\022\022\000Gray8\000\024\024\024\000Gray9\000\027\027\027\000RosyBrown\000\274\217\217\000cornsilk\000\377\370\334\000CornflowerBlue\000\"\"\230\000LightSkyBlue\000\207\316\372\000Aquamarine\000""2\277\301\000Beige\000\365\365\334\000Bisque\000\377\344\304\000Gray50\000\177\177\177\000Gray51\000\202\202\202\000Gray52\000\205\205\205\000Gray53\000\207\207\207\000Gray54\000\212\212\212\000Gray55\000\214\214\214\000Gray56\000\217\217\217\000Gray57\000\221\221\221\000Gray58\000\224\224\224\000Gray59\000\226\226\226\000Cyan\000\000\377\377\000lavender\000\346\346\372\000DarkGreen\000\000V-";
diff -Nru sam2p-0.49.2/debian/patches/CVE-2017-16663.patch sam2p-0.49.2/debian/patches/CVE-2017-16663.patch
--- sam2p-0.49.2/debian/patches/CVE-2017-16663.patch	1970-01-01 01:00:00.000000000 +0100
+++ sam2p-0.49.2/debian/patches/CVE-2017-16663.patch	2017-11-22 21:39:20.000000000 +0100
@@ -0,0 +1,141 @@
+From: Markus Koschany <apo@debian.org>
+Date: Wed, 22 Nov 2017 22:04:59 +0100
+Subject: CVE-2017-16663
+
+Bug-Upstream: https://github.com/pts/sam2p/issues/16
+Origin: https://github.com/pts/sam2p/commit/b3dd8209cc98673d682e82971bf822568f8efa27
+---
+ input-bmp.ci | 45 +++++++++++++++++++++++++++------------------
+ 1 file changed, 27 insertions(+), 18 deletions(-)
+
+diff --git a/input-bmp.ci b/input-bmp.ci
+index 9834f05..8aadcfc 100644
+--- a/input-bmp.ci
++++ b/input-bmp.ci
+@@ -48,6 +48,14 @@ struct Bitmap_Head_Struct
+                         /* 36 */
+ } Bitmap_Head;
+ 
++static at_dimen_t multiply_check(at_dimen_t a, at_dimen_t b) {
++  const at_dimen_t result = a * b;
++  /* Check for overflow. Works only if everything is unsigned. */
++  if (result / a != b) FATALP("BMP: Image too large.");
++  return result;
++}
++
++
+ static long        ToL           (unsigned char *);
+ static short       ToS           (unsigned char *);
+ static int         ReadColorMap  (FILE *,
+@@ -56,12 +64,12 @@ static int         ReadColorMap  (FILE *,
+ 				   int,
+ 				   int *);
+ static unsigned char        *ReadImage     (FILE *,
+-				   int,
+-				   int,
++				   at_dimen_t,
++				   at_dimen_t,
+ 				   unsigned char[256][3],
+ 				   int,
+ 				   int,
+-				   int,
++				   at_dimen_t,
+ 				   int);
+ 
+ #if PTS_SAM2P
+@@ -72,7 +80,8 @@ bitmap_type bmp_load_image (at_string filename)
+ {
+   FILE *fd;
+   unsigned char buffer[64];
+-  int ColormapSize, rowbytes, Maps=0, Grey;
++  int ColormapSize, Maps=0, Grey;
++  at_dimen_t rowbytes;
+   unsigned char ColorMap[256][3];
+   bitmap_type image;
+ 
+@@ -183,7 +192,7 @@ bitmap_type bmp_load_image (at_string filename)
+    * word length (32 bits == 4 bytes)
+    */
+ 
+-  rowbytes= ( (Bitmap_Head.biWidth * Bitmap_Head.biBitCnt - 1) / 32) * 4 + 4;  
++  rowbytes = ((multiply_check(Bitmap_Head.biWidth, Bitmap_Head.biBitCnt) >> 3) + 3) & ~3;
+ 
+ #ifdef DEBUG
+   printf("\nSize: %u, Colors: %u, Bits: %u, Width: %u, Height: %u, Comp: %u, Zeile: %u\n",
+@@ -244,40 +253,40 @@ ReadColorMap (FILE   *fd,
+ 
+ static unsigned char*
+ ReadImage (FILE   *fd,
+-	   int    width,
+-	   int    height,
++	   at_dimen_t width,
++	   at_dimen_t height,
+ 	   unsigned char  cmap[256][3],
+ 	   int    bpp,
+ 	   int    compression,
+-	   int    rowbytes,
++	   at_dimen_t rowbytes,
+ 	   int    grey)
+ {
+   unsigned char v,howmuch;
+-  int xpos = 0, ypos = 0;
++  unsigned xpos = 0, ypos = 0;
+   unsigned char *image;
+   unsigned char *temp, *buffer;
+-  long rowstride, channels;
++  unsigned char channels;
+   unsigned short rgb;
++  const at_dimen_t wdht = multiply_check(width, height);
++  at_dimen_t rowstride;
+   int i, j;
+ 
+   if (bpp >= 16) /* color image */
+     {
+-      XMALLOCT (image, unsigned char*, width * height * 3 * sizeof (unsigned char));
+       channels = 3;
+     }
+   else if (grey) /* grey image */
+     {
+-      XMALLOCT (image, unsigned char*, width * height * 1 * sizeof (unsigned char));
+ 	  channels = 1;
+ 	}
+   else /* indexed image */
+ 	{
+-      XMALLOCT (image, unsigned char*, width * height * 1 * sizeof (unsigned char));
+ 	  channels = 1;
+ 	}
+ 
+-  XMALLOCT (buffer, unsigned char*, rowbytes); 
+-  rowstride = width * channels;
++  XMALLOCT (image, unsigned char*, multiply_check(wdht, channels));
++  XMALLOCT (buffer, unsigned char*, rowbytes);
++  rowstride = multiply_check(width, channels);
+ 
+   ypos = height - 1;  /* Bitmaps begin in the lower left corner */
+ 
+@@ -353,14 +362,14 @@ ReadImage (FILE   *fd,
+ 		    xpos = 0;
+ 
+ 		  }
+-		if (ypos < 0)
++		if ((int)ypos < 0)
+ 		  break;
+ 	      }
+ 	    break;
+ 	  }
+ 	else
+ 	  {
+-	    while (ypos >= 0 && xpos <= width)
++	    while ((int)ypos >= 0 && xpos <= width)
+ 	      {
+ 		(void) ReadOK (fd, buffer, 2);
+ 		if ((unsigned char) buffer[0] != 0) 
+@@ -440,7 +449,7 @@ ReadImage (FILE   *fd,
+       unsigned char *temp2, *temp3;
+       unsigned char index;
+       temp2 = temp = image;
+-      XMALLOCT (image, unsigned char*, width * height * 3 * sizeof (unsigned char));
++      XMALLOCT (image, unsigned char*, multiply_check(wdht, 3));
+       temp3 = image;
+       for (ypos = 0; ypos < height; ypos++)
+         {
diff -Nru sam2p-0.49.2/debian/patches/series sam2p-0.49.2/debian/patches/series
--- sam2p-0.49.2/debian/patches/series	2013-09-08 18:52:45.000000000 +0200
+++ sam2p-0.49.2/debian/patches/series	2017-11-22 21:39:20.000000000 +0100
@@ -1,3 +1,10 @@
 03_avoid_errormessage.patch
 05_fix_nostrip.patch
 08_respect-cxxflags.patch
+CVE-2017-14636.patch
+CVE-2017-14637.patch
+CVE-2017-14628.patch
+CVE-2017-14630.patch
+CVE-2017-14631.patch
+CVE-2017-14629.patch
+CVE-2017-16663.patch

--- End Message ---
--- Begin Message --- 
Version: 8.10

Hi,

Each of the updates referenced in these bugs was included in this
morning's jessie point release. Thanks!

Regards,

Adam

--- End Message ---
Reply to: