Your message dated Wed, 24 Dec 2014 01:36:29 +0000 with message-id <E1Y3asH-0004Bn-8A@franck.debian.org> and subject line Bug#773824: fixed in texlive-bin 2014.20140926.35254-4 has caused the Debian Bug report #773824, regarding [texlive-bin] Embeded libpng 1.6.13 Heap Overflow to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 773824: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773824 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: [texlive-bin] Embeded libpng 1.6.13 Heap Overflow
- From: bastien ROUCARIÈS <roucaries.bastien+debian@gmail.com>
- Date: Tue, 23 Dec 2014 18:25:12 +0000
- Message-id: <[🔎] 2165446.jbVS9vWViY@bastien-debian>
- Reply-to: Bastien ROUCARIÈS <roucaries.bastien+debian@gmail.com>
Package: texlive-bin Severity: grave Tags: security X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org According to http://seclists.org/oss-sec/2014/q4/1133 libpng (embeded in your package) has an heap overlow. Thanks BastienAttachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---
- To: 773824-close@bugs.debian.org
- Subject: Bug#773824: fixed in texlive-bin 2014.20140926.35254-4
- From: Norbert Preining <preining@debian.org>
- Date: Wed, 24 Dec 2014 01:36:29 +0000
- Message-id: <E1Y3asH-0004Bn-8A@franck.debian.org>
Source: texlive-bin Source-Version: 2014.20140926.35254-4 We believe that the bug you reported is fixed in the latest version of texlive-bin, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 773824@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Norbert Preining <preining@debian.org> (supplier of updated texlive-bin package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 24 Dec 2014 09:18:29 +0900 Source: texlive-bin Binary: texlive-binaries libkpathsea6 libkpathsea-dev libptexenc1 libptexenc-dev libsynctex1 libsynctex-dev luatex Architecture: source amd64 all Version: 2014.20140926.35254-4 Distribution: unstable Urgency: high Maintainer: Debian TeX Maintainers <debian-tex-maint@lists.debian.org> Changed-By: Norbert Preining <preining@debian.org> Description: libkpathsea-dev - TeX Live: path search library for TeX (development part) libkpathsea6 - TeX Live: path search library for TeX (runtime part) libptexenc-dev - TeX Live: ptex encoding library (development part) libptexenc1 - TeX Live: pTeX encoding library libsynctex-dev - Tex Live: SyncTeX parser library (development part) libsynctex1 - TeX Live: SyncTeX parser library luatex - TeX Live: transitional dummy package texlive-binaries - Binaries for TeX Live Closes: 773824 Changes: texlive-bin (2014.20140926.35254-4) unstable; urgency=high . * cherrypick security fix for libpng buffer overflow (Closes: #773824) Checksums-Sha1: 533160869e2017f230eb1944b5fbd4c3a4c07158 2941 texlive-bin_2014.20140926.35254-4.dsc 375573ce6cc2bd76838e83e0de8925b2b7a9b7d7 61924 texlive-bin_2014.20140926.35254-4.debian.tar.xz 10d7d7253e3d2ecab5971ce25ba3d62ad5ac60cb 6799822 texlive-binaries_2014.20140926.35254-4_amd64.deb 203e192ff3ce68eaed626131f4af67db6c9315dc 153496 libkpathsea6_2014.20140926.35254-4_amd64.deb b61a379ece1d3d34e7ff41dc6586f84d58f4938b 180012 libkpathsea-dev_2014.20140926.35254-4_amd64.deb c09c400212779eed5802973d0c60342723acde96 53960 libptexenc1_2014.20140926.35254-4_amd64.deb 8b21a250cf923c1e713c801459dee07c9795dc2b 53256 libptexenc-dev_2014.20140926.35254-4_amd64.deb cec83b2d379b21e838da6af7d4574159d61bae9c 60908 libsynctex1_2014.20140926.35254-4_amd64.deb 2d2901abc7b256e07e10eb0690cb4047876e6b43 58950 libsynctex-dev_2014.20140926.35254-4_amd64.deb 74d5032b4a62f7034b92c4668d88d23be600ab43 27684 luatex_2014.20140926.35254-4_all.deb Checksums-Sha256: 1e3c5c6f7dffcb01163ec247b143ce33aa1006bdaf9afacd022dd0b64cf9ec02 2941 texlive-bin_2014.20140926.35254-4.dsc 326a5cc483cb5511492c3795c407a28dc00c375d5baa90dbe3d5cd0ae87eb3bb 61924 texlive-bin_2014.20140926.35254-4.debian.tar.xz 8bd43a93fba3aaded2af32aec90c002a6643560938c7c4999e7920a66bb1f18a 6799822 texlive-binaries_2014.20140926.35254-4_amd64.deb ba8b942cc192633403b6d9757b8a51859cfcbb80d53988a8799c33516e03613b 153496 libkpathsea6_2014.20140926.35254-4_amd64.deb 94271e390066f773ab696ec0a6e466c0d97fc946e2dfee15fc085a4f2c430c90 180012 libkpathsea-dev_2014.20140926.35254-4_amd64.deb ab89257b8e329aa61cd64907b5aa174c2dac95ca55b54495b479c65fe6137c85 53960 libptexenc1_2014.20140926.35254-4_amd64.deb 0a6ce8228b9e0294b909c9d5e4551654f15e2e417ff916fbb098cb1c6109e92f 53256 libptexenc-dev_2014.20140926.35254-4_amd64.deb 38c400a7ec6731e1f34a589d0aa2ca6ecbb03411c6834be915b4c019f6d429fb 60908 libsynctex1_2014.20140926.35254-4_amd64.deb 1124b482659ac31a81f0fd7663a461bd323ca0f21c3a7f8085c34de63efbd067 58950 libsynctex-dev_2014.20140926.35254-4_amd64.deb 1619583a03beffcb6e98c2283664c1fd50782c3c5231122a1b1e2b08819201bf 27684 luatex_2014.20140926.35254-4_all.deb Files: 9ec3e86bf4188cea9c6ba0e5777c3fdd 2941 tex optional texlive-bin_2014.20140926.35254-4.dsc 326faefce824ef417dc7c4105f698fdc 61924 tex optional texlive-bin_2014.20140926.35254-4.debian.tar.xz 1efa748e9711d7d76d55283e0c3ca6e4 6799822 tex optional texlive-binaries_2014.20140926.35254-4_amd64.deb 3c402eca1210be5a5acd040776ff5357 153496 libs optional libkpathsea6_2014.20140926.35254-4_amd64.deb 4105cf0b51b7993ee19be47a6cd02834 180012 libdevel optional libkpathsea-dev_2014.20140926.35254-4_amd64.deb 6c9ad4d2086989b8e624ae6997d8ce79 53960 libs optional libptexenc1_2014.20140926.35254-4_amd64.deb 1dae490e43484bdcac019a686537de1e 53256 libdevel optional libptexenc-dev_2014.20140926.35254-4_amd64.deb c3f791e988dbcbaa58fc975b56b293a8 60908 libs optional libsynctex1_2014.20140926.35254-4_amd64.deb 3eae074286206ab4bc49dfb0bf0ae3a1 58950 libdevel optional libsynctex-dev_2014.20140926.35254-4_amd64.deb c2565f802214c0443394aa92689371ef 27684 oldlibs extra luatex_2014.20140926.35254-4_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBVJoM32yspEiGDNwTAQigDw/7B7tv3b48ufOAiCBxbyGsYRC8Y0OC4io7 +VTCKxPSOfxpwFW6CuK1DYfB7g/5gO2pE9u7wJY8W6KBSK5H6tSa8tevvgyJLY83 CgEEuAZ5tYcHrDF2vdhHjKv+rsYO9pdXKXZYk1L+6qNQadnsP58Bh1Ac7IeSQLFK l7wFghao/5LmurTSgZVPIMkY4uGGkyEPM5mAPwppDXXjnyhnkfkHPSsS3EKKrKg3 OebgyuW3HfZjV1bsEMQq5y7Th7IptxB8MvORSLv4IYcRQJy9EHRgKuj7QuAia75p x1JvsNdjS89A663uwyiQ/eKeHD84jIxyo8528KgGrFFSlFJxzBP0QB3wKNslFHP9 L6ojcGToReDJjbrfKKIGaH0NVkn+JxNZ7YQs1bxeiw6oatQ/nwhZ4oeayPwuGjNs W0Unk8qc6RWFlfLvokCKhitGGuW2fYA5GjyeU+Wkp3sV9Qwb7ojUOZup89/TmO/x 5Uz7jSWxQs4mo6noiF4Yw8bUpwcMlu7jykKvl59htsFSkzEtTEsj39AkCFTveIKi aogYSCvREgAY4J06AaQEAXEfTOzL/RYO1c73GEQoLK2f2UEtkUn6IqXuwCIac5Ku XyAz3Bn4yx8KygHny/qw5490K31/hbXQL1Y8JEJTEbBpagxFTDDrMJzCtaWqSMUs GdxXDfq6I+k= =uYnB -----END PGP SIGNATURE-----
--- End Message ---