Bug#773824: marked as done ([texlive-bin] Embeded libpng 1.6.13 Heap Overflow)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Wed, 24 Dec 2014 01:36:29 +0000
with message-id <E1Y3asH-0004Bn-8A@franck.debian.org>
and subject line Bug#773824: fixed in texlive-bin 2014.20140926.35254-4
has caused the Debian Bug report #773824,
regarding [texlive-bin] Embeded libpng 1.6.13 Heap Overflow
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
773824: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773824
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: [texlive-bin] Embeded libpng 1.6.13 Heap Overflow
• From: bastien ROUCARIÈS <roucaries.bastien+debian@gmail.com>
• Date: Tue, 23 Dec 2014 18:25:12 +0000
• Message-id: <[🔎] 2165446.jbVS9vWViY@bastien-debian>
• Reply-to: Bastien ROUCARIÈS <roucaries.bastien+debian@gmail.com>

Package: texlive-bin
Severity: grave
Tags: security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org

According to http://seclists.org/oss-sec/2014/q4/1133
libpng (embeded in your package) has an heap overlow.

Thanks

Bastien

Attachment: signature.asc
Description: This is a digitally signed message part.

--- End Message ---

--- Begin Message ---

• To: 773824-close@bugs.debian.org
• Subject: Bug#773824: fixed in texlive-bin 2014.20140926.35254-4
• From: Norbert Preining <preining@debian.org>
• Date: Wed, 24 Dec 2014 01:36:29 +0000
• Message-id: <E1Y3asH-0004Bn-8A@franck.debian.org>

Source: texlive-bin
Source-Version: 2014.20140926.35254-4

We believe that the bug you reported is fixed in the latest version of
texlive-bin, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 773824@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Norbert Preining <preining@debian.org> (supplier of updated texlive-bin package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 24 Dec 2014 09:18:29 +0900
Source: texlive-bin
Binary: texlive-binaries libkpathsea6 libkpathsea-dev libptexenc1 libptexenc-dev libsynctex1 libsynctex-dev luatex
Architecture: source amd64 all
Version: 2014.20140926.35254-4
Distribution: unstable
Urgency: high
Maintainer: Debian TeX Maintainers <debian-tex-maint@lists.debian.org>
Changed-By: Norbert Preining <preining@debian.org>
Description:
 libkpathsea-dev - TeX Live: path search library for TeX (development part)
 libkpathsea6 - TeX Live: path search library for TeX (runtime part)
 libptexenc-dev - TeX Live: ptex encoding library (development part)
 libptexenc1 - TeX Live: pTeX encoding library
 libsynctex-dev - Tex Live: SyncTeX parser library (development part)
 libsynctex1 - TeX Live: SyncTeX parser library
 luatex     - TeX Live: transitional dummy package
 texlive-binaries - Binaries for TeX Live
Closes: 773824
Changes:
 texlive-bin (2014.20140926.35254-4) unstable; urgency=high
 .
   * cherrypick security fix for libpng buffer overflow (Closes: #773824)
Checksums-Sha1:
 533160869e2017f230eb1944b5fbd4c3a4c07158 2941 texlive-bin_2014.20140926.35254-4.dsc
 375573ce6cc2bd76838e83e0de8925b2b7a9b7d7 61924 texlive-bin_2014.20140926.35254-4.debian.tar.xz
 10d7d7253e3d2ecab5971ce25ba3d62ad5ac60cb 6799822 texlive-binaries_2014.20140926.35254-4_amd64.deb
 203e192ff3ce68eaed626131f4af67db6c9315dc 153496 libkpathsea6_2014.20140926.35254-4_amd64.deb
 b61a379ece1d3d34e7ff41dc6586f84d58f4938b 180012 libkpathsea-dev_2014.20140926.35254-4_amd64.deb
 c09c400212779eed5802973d0c60342723acde96 53960 libptexenc1_2014.20140926.35254-4_amd64.deb
 8b21a250cf923c1e713c801459dee07c9795dc2b 53256 libptexenc-dev_2014.20140926.35254-4_amd64.deb
 cec83b2d379b21e838da6af7d4574159d61bae9c 60908 libsynctex1_2014.20140926.35254-4_amd64.deb
 2d2901abc7b256e07e10eb0690cb4047876e6b43 58950 libsynctex-dev_2014.20140926.35254-4_amd64.deb
 74d5032b4a62f7034b92c4668d88d23be600ab43 27684 luatex_2014.20140926.35254-4_all.deb
Checksums-Sha256:
 1e3c5c6f7dffcb01163ec247b143ce33aa1006bdaf9afacd022dd0b64cf9ec02 2941 texlive-bin_2014.20140926.35254-4.dsc
 326a5cc483cb5511492c3795c407a28dc00c375d5baa90dbe3d5cd0ae87eb3bb 61924 texlive-bin_2014.20140926.35254-4.debian.tar.xz
 8bd43a93fba3aaded2af32aec90c002a6643560938c7c4999e7920a66bb1f18a 6799822 texlive-binaries_2014.20140926.35254-4_amd64.deb
 ba8b942cc192633403b6d9757b8a51859cfcbb80d53988a8799c33516e03613b 153496 libkpathsea6_2014.20140926.35254-4_amd64.deb
 94271e390066f773ab696ec0a6e466c0d97fc946e2dfee15fc085a4f2c430c90 180012 libkpathsea-dev_2014.20140926.35254-4_amd64.deb
 ab89257b8e329aa61cd64907b5aa174c2dac95ca55b54495b479c65fe6137c85 53960 libptexenc1_2014.20140926.35254-4_amd64.deb
 0a6ce8228b9e0294b909c9d5e4551654f15e2e417ff916fbb098cb1c6109e92f 53256 libptexenc-dev_2014.20140926.35254-4_amd64.deb
 38c400a7ec6731e1f34a589d0aa2ca6ecbb03411c6834be915b4c019f6d429fb 60908 libsynctex1_2014.20140926.35254-4_amd64.deb
 1124b482659ac31a81f0fd7663a461bd323ca0f21c3a7f8085c34de63efbd067 58950 libsynctex-dev_2014.20140926.35254-4_amd64.deb
 1619583a03beffcb6e98c2283664c1fd50782c3c5231122a1b1e2b08819201bf 27684 luatex_2014.20140926.35254-4_all.deb
Files:
 9ec3e86bf4188cea9c6ba0e5777c3fdd 2941 tex optional texlive-bin_2014.20140926.35254-4.dsc
 326faefce824ef417dc7c4105f698fdc 61924 tex optional texlive-bin_2014.20140926.35254-4.debian.tar.xz
 1efa748e9711d7d76d55283e0c3ca6e4 6799822 tex optional texlive-binaries_2014.20140926.35254-4_amd64.deb
 3c402eca1210be5a5acd040776ff5357 153496 libs optional libkpathsea6_2014.20140926.35254-4_amd64.deb
 4105cf0b51b7993ee19be47a6cd02834 180012 libdevel optional libkpathsea-dev_2014.20140926.35254-4_amd64.deb
 6c9ad4d2086989b8e624ae6997d8ce79 53960 libs optional libptexenc1_2014.20140926.35254-4_amd64.deb
 1dae490e43484bdcac019a686537de1e 53256 libdevel optional libptexenc-dev_2014.20140926.35254-4_amd64.deb
 c3f791e988dbcbaa58fc975b56b293a8 60908 libs optional libsynctex1_2014.20140926.35254-4_amd64.deb
 3eae074286206ab4bc49dfb0bf0ae3a1 58950 libdevel optional libsynctex-dev_2014.20140926.35254-4_amd64.deb
 c2565f802214c0443394aa92689371ef 27684 oldlibs extra luatex_2014.20140926.35254-4_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBVJoM32yspEiGDNwTAQigDw/7B7tv3b48ufOAiCBxbyGsYRC8Y0OC4io7
+VTCKxPSOfxpwFW6CuK1DYfB7g/5gO2pE9u7wJY8W6KBSK5H6tSa8tevvgyJLY83
CgEEuAZ5tYcHrDF2vdhHjKv+rsYO9pdXKXZYk1L+6qNQadnsP58Bh1Ac7IeSQLFK
l7wFghao/5LmurTSgZVPIMkY4uGGkyEPM5mAPwppDXXjnyhnkfkHPSsS3EKKrKg3
OebgyuW3HfZjV1bsEMQq5y7Th7IptxB8MvORSLv4IYcRQJy9EHRgKuj7QuAia75p
x1JvsNdjS89A663uwyiQ/eKeHD84jIxyo8528KgGrFFSlFJxzBP0QB3wKNslFHP9
L6ojcGToReDJjbrfKKIGaH0NVkn+JxNZ7YQs1bxeiw6oatQ/nwhZ4oeayPwuGjNs
W0Unk8qc6RWFlfLvokCKhitGGuW2fYA5GjyeU+Wkp3sV9Qwb7ojUOZup89/TmO/x
5Uz7jSWxQs4mo6noiF4Yw8bUpwcMlu7jykKvl59htsFSkzEtTEsj39AkCFTveIKi
aogYSCvREgAY4J06AaQEAXEfTOzL/RYO1c73GEQoLK2f2UEtkUn6IqXuwCIac5Ku
XyAz3Bn4yx8KygHny/qw5490K31/hbXQL1Y8JEJTEbBpagxFTDDrMJzCtaWqSMUs
GdxXDfq6I+k=
=uYnB
-----END PGP SIGNATURE-----

--- End Message ---