Your message dated Thu, 01 Jun 2017 09:04:47 +0000 with message-id <e1dgm2b-0006dp...@fasolo.debian.org> and subject line Bug#863469: fixed in pngquant 2.5.0-2 has caused the Debian Bug report #863469, regarding pngquant: CVE-2016-5735 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 863469: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863469 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: pngquant X-Debbugs-CC: t...@security.debian.org secure-testing-t...@lists.alioth.debian.org Severity: important Tags: security Hi, the following vulnerability was published for pngquant. CVE-2016-5735[0]: | Integer overflow in the rwpng_read_image24_libpng function in rwpng.c | in pngquant 2.7.0 allows remote attackers to have unspecified impact | via a crafted PNG file, which triggers a buffer overflow. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-5735 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5735 The upstream fix is: https://github.com/pornel/pngquant/commit/b7c217680cda02dddced245d237ebe8c383be285 Please adjust the affected versions in the BTS as needed. Cheers, Emilio
--- End Message ---
--- Begin Message ---Source: pngquant Source-Version: 2.5.0-2 We believe that the bug you reported is fixed in the latest version of pngquant, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 863...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Tille <ti...@debian.org> (supplier of updated pngquant package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 01 Jun 2017 10:05:51 +0200 Source: pngquant Binary: pngquant Architecture: source amd64 Version: 2.5.0-2 Distribution: unstable Urgency: medium Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org> Changed-By: Andreas Tille <ti...@debian.org> Description: pngquant - PNG (Portable Network Graphics) image optimising utility Closes: 863469 Changes: pngquant (2.5.0-2) unstable; urgency=medium . * Fix CVE-2016-5735 (Thanks for the patch to Emilio Pozuelo Monfort <po...@debian.org>) Closes: 863469 Checksums-Sha1: 1cb9355d44d77ab4375058d38aa8c73f39e1fda5 2010 pngquant_2.5.0-2.dsc 63f4770ec9b0e00c0a6def83e18a3e9147bbc082 3936 pngquant_2.5.0-2.debian.tar.xz 1c72c50746bac2fea15728991c1c627c44e9cd27 70260 pngquant-dbgsym_2.5.0-2_amd64.deb 918d4c3e2bca93509f6483141d0d6c1b5e2e0d0b 5687 pngquant_2.5.0-2_amd64.buildinfo 90229d6a0f6e696f0337228e71ef42625592404c 38170 pngquant_2.5.0-2_amd64.deb Checksums-Sha256: 4ae83a2379a2267d8c6381fb1fb45995d20ffd37368e6cb95aae4bf59d0b4495 2010 pngquant_2.5.0-2.dsc 4f3b531664f775aab6a3a7d7b461859142ecb3a54104b7d8a40a257e50ab9491 3936 pngquant_2.5.0-2.debian.tar.xz ec12ad3cfc2b0e136f3bed489d2c955ed3f478102927dd07f67fd8619538dd69 70260 pngquant-dbgsym_2.5.0-2_amd64.deb d0bfe6aa1ba814a267023fcab499232d90974f57dddb1e351ad6ba0fb2749cc4 5687 pngquant_2.5.0-2_amd64.buildinfo d9c85f951db1bfc09b01df83d69b7f2002478d750c2491d92cf0951ce7cce7a5 38170 pngquant_2.5.0-2_amd64.deb Files: 39edf5f9eecd3d1d068efcfc06c3d5f9 2010 graphics optional pngquant_2.5.0-2.dsc b2f18f673bb51d4339f2094d307f2951 3936 graphics optional pngquant_2.5.0-2.debian.tar.xz 8935c4ebfc3ede194a2cb1838f70e430 70260 debug extra pngquant-dbgsym_2.5.0-2_amd64.deb 1da9f48d723d1153632219185494477f 5687 graphics optional pngquant_2.5.0-2_amd64.buildinfo baefcf57113f9b91808c4249da74a34b 38170 graphics optional pngquant_2.5.0-2_amd64.deb -----BEGIN PGP SIGNATURE----- iQJFBAEBCAAvFiEE8fAHMgoDVUHwpmPKV4oElNHGRtEFAlkvz5YRHHRpbGxlQGRl Ymlhbi5vcmcACgkQV4oElNHGRtFbVw//U4KxsTqVqLfIY6at/QeCbO2eauGge09B cTezVBvaNkryYYbFmb4qcM9oNWOgVll3FKqRVPqtLqg3LJD+0f1VrXo8+NbCE3b6 bGWpBRAadphnGf8MHhDfEGJeI3i5et2CX/rTMtvlToSiKK3e2FojQAp+KMSNUCDE TrWkwkMNoB79yJPyYPQm9a15T9NRBPp/NzsbNO9dL29DCTB1G+yim+ha2m7m+raN aqeb0h2KLm7Zaq+EZIh60jTj5xrAOx1Cie76UrSScvJS07zMRcZIThUteIGt1Ppb 14SdKdW49zOY+MQ2nr6+qDUQ83fKwiuEXIhVe/wCXGvstmK+JnB3NgFnt2eseaAa 5f71Iq09Opbl+xJ7PkCNU+2gjURmVT5VTOEUWhzDFX18ukNzZvFKu7EAkLw2vVPn htVBpA18u/fO7RY6qkQerxURcRYmDF42dJxpYgjkBAHV7Nt2/2oR9oAVRQaCSf6v YjtoYnuPbxSBC5i0WAA3cuIHiQsqb5fMzpxZaOTaz0J65IrBDRvMsiatC8kSCEXu T8Im2k1WUxO7CfoO5gtLSZUkUcoXmycNJZLDlvxs/kDaYvxgfdgUl+cZEvhy9dg1 DH/XORW/Y2jURmj8TQqJz0VFQoNnUWzpI+fs9P8CkQfTEIEYmUWdHdDtGkQe91yT h3bByAhADIM= =TofH -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
