Bug#700308: marked as done (src:pixman: CVE-2013-1591)
Your message dated Mon, 18 Feb 2013 19:32:31 +0000
with message-id <E1U7WRz-0005NY-5n@franck.debian.org>
and subject line Bug#700308: fixed in pixman 0.26.0-4
has caused the Debian Bug report #700308,
regarding src:pixman: CVE-2013-1591
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
700308: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700308
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: src:pixman
Severity: grave
Tags: security
The pixman library may be affected by CVE-2013-1591.
| Stack-based buffer overflow in libpixman, as used in Pale Moon before
| 15.4, has unspecified impact and attack vectors.
The only references I could find so far were:
http://www.palemoon.org/releasenotes-ng.shtml
http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1591.html
Please investigate which pixman versions (if any) are affected by this
issue and update version information for this bug report.
Helmut
--- End Message ---
--- Begin Message ---
Source: pixman
Source-Version: 0.26.0-4
We believe that the bug you reported is fixed in the latest version of
pixman, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 700308@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Julien Cristau <jcristau@debian.org> (supplier of updated pixman package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 18 Feb 2013 19:58:33 +0100
Source: pixman
Binary: libpixman-1-0 libpixman-1-0-udeb libpixman-1-0-dbg libpixman-1-dev
Architecture: source amd64
Version: 0.26.0-4
Distribution: sid
Urgency: high
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Julien Cristau <jcristau@debian.org>
Description:
libpixman-1-0 - pixel-manipulation library for X and cairo
libpixman-1-0-dbg - pixel-manipulation library for X and cairo (debugging symbols)
libpixman-1-0-udeb - pixel-manipulation library for X and cairo (udeb)
libpixman-1-dev - pixel-manipulation library for X and cairo (development files)
Closes: 700308
Changes:
pixman (0.26.0-4) sid; urgency=high
.
* Fix for CVE-2013-1591 (stack-based buffer overflow), cherry-picked from
0.27.4 (closes: #700308).
Checksums-Sha1:
f180cfe7037cb599165430d988637d12107ae0b4 2038 pixman_0.26.0-4.dsc
be59d149c05e2ef8bc3a8e49f07d60d505baee01 211324 pixman_0.26.0-4.diff.gz
9672f1d8746e37a0b204a3bc4870f5524c39b5d2 426830 libpixman-1-0_0.26.0-4_amd64.deb
5cc02cc94c0d9601dae746a9449671d6b96bc56e 186372 libpixman-1-0-udeb_0.26.0-4_amd64.udeb
84dc81aa613dcb9aa29727648703097ad7c61d89 1222520 libpixman-1-0-dbg_0.26.0-4_amd64.deb
5e2a80c30d6688596e79f2b612373d4c345e49b6 457078 libpixman-1-dev_0.26.0-4_amd64.deb
Checksums-Sha256:
a83de48daac679777823eb57c34d9fe097e31de33bdd8c14cfed02b243542bfe 2038 pixman_0.26.0-4.dsc
0efe3c1184fbe7b4abafb55d62da8b8c63379365909e2feb89191d3ebc1f701c 211324 pixman_0.26.0-4.diff.gz
8b6be9c706a5f3a58731f7ba2f1379119e90be543a9f5de3589fc21d1f5054a0 426830 libpixman-1-0_0.26.0-4_amd64.deb
dcb58fc322208c0894f2c5ef4754b0f09f9d2cadc0c3849929a0d362a7bc4bc5 186372 libpixman-1-0-udeb_0.26.0-4_amd64.udeb
527a3440e41a22cf7df3c95f4ef410e93917b10215d70a295dfe9f6e57a9e40f 1222520 libpixman-1-0-dbg_0.26.0-4_amd64.deb
ca89a713c9a17924dfaba051d48d2cc3dfebd9c453a104840a34349c9e95f7c0 457078 libpixman-1-dev_0.26.0-4_amd64.deb
Files:
9e89462f59efa06f9c89d1de4db99fca 2038 devel optional pixman_0.26.0-4.dsc
6d846b73a259768acd1261629383f37b 211324 devel optional pixman_0.26.0-4.diff.gz
2c4f7e27abb5e632a8054271fd6eeb41 426830 libs optional libpixman-1-0_0.26.0-4_amd64.deb
102d298791ec8ab4d4ccdaec9f547161 186372 debian-installer optional libpixman-1-0-udeb_0.26.0-4_amd64.udeb
da348fffd4e1bc7649af1f3df3595ded 1222520 debug extra libpixman-1-0-dbg_0.26.0-4_amd64.deb
bbab7015c961664c34ed9673dcbe2727 457078 libdevel optional libpixman-1-dev_0.26.0-4_amd64.deb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJRIn4xAAoJEDEBgAUJBeQMYaMQAJ17qstHB+pBIHDlG2/sxRrA
lvDKCYVeCSw4meHYu9wo5zkR6rV+I/gEEiTn+pOwE4wGApyFrdnrNipu3zdp3Syc
Qj/7MqVKPzlUY/VE5WcGt2h7/fEU0qyDcVHuivhonLo5qSXcWaX8qORhyR+C9QQa
VqtptOIhvUS3nkYqxKgvOoBTTofvsZVNJqUGLAhSrR399BF76LLKYOa25CJtAh1G
vaOrWxZf9q3l/wsw99FxffcBVaXXf/QE8B7cBOdxd9UyH3CnCKW9GuXz5cEH3pKi
xvSH1PNmCLAAVLDmfmKyON9Rz3044ufskcidyU/iJzalX7jmhYEY71WOaeq/POlQ
i2TDNbxkDxsUL5hZKQYGsznPHgU+pNE1063fO9MFroEdVadu9vrybhPqKbOird3m
U/G5UdoHANpGzP/Sr8xpFLtoppCFZ/ptyKbJvpzsDTV1aI51DXB+GpMhyqK8HXD/
BJP/1FrGh5Q1qnjcXRyfUfy3adt4iZuGhqEMI5X2dbP6jkJsTR/lN6Aqzh2/AU4X
p7zNz9DEYKoIURIw6g4oh5vHW+YL1VKX40YrytKfcX508v4uJWVNdgcZWx9aRqxT
CzEAgxtytyZtvibe56TPwRN3rbqczG5AQl7XX7ZU1dCyTt0lWV1lprnR7D9VC24g
tLLvYwWbUy/gUJo5S3/9
=ZcZ4
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: