[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#775673: marked as done (texlive-bin: CVE-2015-0973: overflow in the embedded libpng)

Your message dated Sun, 18 Jan 2015 16:18:48 +0000
with message-id <E1YCsYq-00053U-BF@franck.debian.org>
and subject line Bug#775673: fixed in texlive-bin 2014.20140926.35254-6
has caused the Debian Bug report #775673,
regarding texlive-bin: CVE-2015-0973: overflow in the embedded libpng
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
775673: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775673
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: texlive-bin
Version: 2014.20140926.35254-5
Severity: grave
Tags: security

Hi,

The embedded copy of libpng is vulnerable to CVE-2015-0973[1], a different 
bug than the one you fixed for #773824.

When fixing this bug please mention the CVE id so that it is easier to do 
some cross-referencing.

Thanks in advance.

[1]http://article.gmane.org/gmane.comp.security.oss.general/15382


Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

--- End Message ---
--- Begin Message --- 
Source: texlive-bin
Source-Version: 2014.20140926.35254-6

We believe that the bug you reported is fixed in the latest version of
texlive-bin, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 775673@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Norbert Preining <preining@debian.org> (supplier of updated texlive-bin package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 18 Jan 2015 23:45:42 +0900
Source: texlive-bin
Binary: texlive-binaries libkpathsea6 libkpathsea-dev libptexenc1 libptexenc-dev libsynctex1 libsynctex-dev luatex
Architecture: source amd64 all
Version: 2014.20140926.35254-6
Distribution: unstable
Urgency: high
Maintainer: Debian TeX Maintainers <debian-tex-maint@lists.debian.org>
Changed-By: Norbert Preining <preining@debian.org>
Description:
 libkpathsea-dev - TeX Live: path search library for TeX (development part)
 libkpathsea6 - TeX Live: path search library for TeX (runtime part)
 libptexenc-dev - TeX Live: ptex encoding library (development part)
 libptexenc1 - TeX Live: pTeX encoding library
 libsynctex-dev - Tex Live: SyncTeX parser library (development part)
 libsynctex1 - TeX Live: SyncTeX parser library
 luatex     - TeX Live: transitional dummy package
 texlive-binaries - Binaries for TeX Live
Closes: 775673
Changes:
 texlive-bin (2014.20140926.35254-6) unstable; urgency=high
 .
   * cherrypick security fix for libpng CVE-2015-0973 (Closes: #775673)
     Restored a test on width that was removed from png.c at libpng-1.6.9
Checksums-Sha1:
 7602f079ad546e5d15c4d2c711b210740880db6f 2941 texlive-bin_2014.20140926.35254-6.dsc
 30c0ea9d1019c7e7906d4c9aad21233e0787d8f8 62868 texlive-bin_2014.20140926.35254-6.debian.tar.xz
 171d91490268de903383ed18cb51c22190f8d2c8 6782360 texlive-binaries_2014.20140926.35254-6_amd64.deb
 37b855721bdddc2680316bd81bdbee828e4ad77c 153602 libkpathsea6_2014.20140926.35254-6_amd64.deb
 c60814123a07b3196a92201672ac2aec230f50ed 180166 libkpathsea-dev_2014.20140926.35254-6_amd64.deb
 ff1c4c916021e57cfec978d058db16a87f3e2aec 54106 libptexenc1_2014.20140926.35254-6_amd64.deb
 478aa99b199912c6f67d9aba948800273e0b461b 53410 libptexenc-dev_2014.20140926.35254-6_amd64.deb
 f0f5957fb0717a2da33fcde89778ce8e465ac31b 61056 libsynctex1_2014.20140926.35254-6_amd64.deb
 caa50d94bcc2497b1562794a68f4468f01d982f3 59098 libsynctex-dev_2014.20140926.35254-6_amd64.deb
 548300131f5a41032ecdeae492fde83552954343 27816 luatex_2014.20140926.35254-6_all.deb
Checksums-Sha256:
 b4b79a6ff7fe26005cd3fac5c83ccbca098ab35dbd1662903d78e167d76f9f1a 2941 texlive-bin_2014.20140926.35254-6.dsc
 e018d0879c82b7bb66278c71a042a07d1ca61cfeb48ba68de27657833fe64e53 62868 texlive-bin_2014.20140926.35254-6.debian.tar.xz
 2f8ec9d6798f20a2a6522e04f3bb457cb4b94d7e542d9a45fc16a9cd194b5828 6782360 texlive-binaries_2014.20140926.35254-6_amd64.deb
 dde8c8f3d0e00cce98dc64568d26e9c1e121bc43498d8a3626ff99861da25ee5 153602 libkpathsea6_2014.20140926.35254-6_amd64.deb
 b7c960f8a11426f7e9ccb1df6161b316c96e37aa919a772452d282ff32352369 180166 libkpathsea-dev_2014.20140926.35254-6_amd64.deb
 16c43fb779535d33b7f699fc7b2c274788602213488788daa74406ff8438a889 54106 libptexenc1_2014.20140926.35254-6_amd64.deb
 403eb49d7f5ccb0bf23a766e36ad8dfc47bdba5dd84a686f5652dd29d25b5a23 53410 libptexenc-dev_2014.20140926.35254-6_amd64.deb
 1356474e81052f182aa1c452ebf3861e588f1d19b3f19f9af76dca2ee8235b56 61056 libsynctex1_2014.20140926.35254-6_amd64.deb
 c6c855c5478e0e53d82fe91a13485637c2a3693041825eb7aeb62a627532ca20 59098 libsynctex-dev_2014.20140926.35254-6_amd64.deb
 62800b02c33c7a68f92f03029caf1dfafa60106ec7fcfc459a2272b6e363a240 27816 luatex_2014.20140926.35254-6_all.deb
Files:
 3e051802fa0091ea03551eaa5115ea46 2941 tex optional texlive-bin_2014.20140926.35254-6.dsc
 21acd2b57dec0229e55e01aadaf3d859 62868 tex optional texlive-bin_2014.20140926.35254-6.debian.tar.xz
 42e96590b3b0ebbb066d2186fd4975ee 6782360 tex optional texlive-binaries_2014.20140926.35254-6_amd64.deb
 e4ba4d7ff6500c6471ac34a74f111bde 153602 libs optional libkpathsea6_2014.20140926.35254-6_amd64.deb
 026369ac07672b795af048337effe44d 180166 libdevel optional libkpathsea-dev_2014.20140926.35254-6_amd64.deb
 5cb2e18e15a4bc722810564b912001dc 54106 libs optional libptexenc1_2014.20140926.35254-6_amd64.deb
 5a8f00f3a4753c64e8ce919a094b2043 53410 libdevel optional libptexenc-dev_2014.20140926.35254-6_amd64.deb
 6b6943d80105e868b2c7c1d078204e67 61056 libs optional libsynctex1_2014.20140926.35254-6_amd64.deb
 63b3c8f2c2d4f8aea99259a3a0ff9f03 59098 libdevel optional libsynctex-dev_2014.20140926.35254-6_amd64.deb
 6dbdea4fa4f5613377bd92158dfb2b12 27816 oldlibs extra luatex_2014.20140926.35254-6_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBVLvYWWyspEiGDNwTAQivZQ/+OXXOEOvP30RdLB79zTncSVdlQRpY9Zsg
I8AR5bwBBvpERsxy8A87K5irrNQp/heQs+Uv94ARvUDJFh6m69xCeRz1P2wiqnsY
QYbJ+IfD4QmqBK0zGL4yK1V6YYt0fH/SoU4cG/BiGKJ1BxklmyLlnwPOqtOIH5rI
yrkQ8Ft4V9CwgGIVicrlvQEzMa0haVsdwIqMIW+sS5z9wC1uu1AbcfwM+kowqhtI
iylMgjMXqJW0jNyQ+9s5pkE2pexY2c/y07qrxLNfLFnk3kbz9foiFN+nsccIAVmj
3SH5DQ4QRTETFq3zjTc4QU/ox6yA7Zi9ab3RSq5dvWjEgN3SVCxbksrumrlHppCS
1qzzvVeXBrUkc72AHn5Up0DONU7Nqb/ewsQSTXuwzqY2J9p5cMk0pz720kENal3G
GCC4C5zKKRlFt44O201e9jiJNHUCg1ozznsnp+Dh30BYsVB8o+ySnPkz8zdh4AdJ
ImSNR4LKK6HfrBIGNsH25VrEl/C3sdu99fCUPnvSiZvIeHL+zBECZ+EKE019Qrp2
D3oeIVfiCmutE7pM5q6YecUkEXv6YFwNJFVIi3XYPI7Gk6+QzYu4oweDpKHmvYHQ
ZxPzZUTBTK8vvfgR16Du1DH74cojPCDzXlTgFdB6ZPPm5YvHrOQcgUX9/yI/i03J
OHjOIy5WszQ=
=9Df0
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: