[Pkg-phototools-devel] Bug#894183: marked as done (libexif: outdated Homepage, moved to github)
Your message dated Thu, 05 Apr 2018 17:54:24 + with message-id <e1f495c-0008fg...@fasolo.debian.org> and subject line Bug#894183: fixed in libexif 0.6.21-5 has caused the Debian Bug report #894183, regarding libexif: outdated Homepage, moved to github to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 894183: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894183 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: libexif Severity: minor libexif has an outdated Homepage field, it moved to github: https://libexif.github.io/ -- bye, pabs https://wiki.debian.org/PaulWise signature.asc Description: This is a digitally signed message part --- End Message --- --- Begin Message --- Source: libexif Source-Version: 0.6.21-5 We believe that the bug you reported is fixed in the latest version of libexif, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 894...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hugh McMaster <hugh.mcmas...@outlook.com> (supplier of updated libexif package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 03 Apr 2018 22:53:18 +1000 Source: libexif Binary: libexif12 libexif-dev libexif-doc Architecture: source Version: 0.6.21-5 Distribution: unstable Urgency: medium Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org> Changed-By: Hugh McMaster <hugh.mcmas...@outlook.com> Closes: 894183 Description: libexif12 - library to parse EXIF files libexif-dev - library to parse EXIF files (development files) libexif-doc - library to parse EXIF files (documentation) Changes: libexif (0.6.21-5) unstable; urgency=medium . * Team upload. * debhelper update: - Update package compatibility to level 11. * debian/changelog: - Remove trailing whitespace. * debian/control: - Build-Depend on debhelper version 11. - Raise Standards-Version from 4.1.1 to 4.1.3 (no changes needed). - Update the Homepage field to point to https://libexif.github.io (Closes: #894183). - Update the Vcs fields to point to https://salsa.debian.org. * debian/copyright: - Update the Source URL field to point to https://libexif.github.io. * debian/patches: - Add .patch file extensions to existing patches. - add-am_prog_ar.patch: Add the AM_PROG_AR macro to configure.ac to avoid an automake warning. - ac_lang_source-macro.patch: Use AC_LANG_SOURCE macros to avoid several automake warnings in configure.ac. - fix-size_t-warnings.patch: Cast %u format specifiers to unsigned long to prevent compiler warnings on 32-bit and 64-bit platforms. * debian/rules: - Update dh_installdocs overrides. - Remove '--parallel' (now handled by debhelper >= level 11). * debian/source/options: - Remove from package. Debhelper handles the specified options by default. * debian/watch: - Update to version 4 and switch to upstream's github repository. Checksums-Sha1: 0fb3938f343eee0cbc71e01d7d36032a8913eb64 2109 libexif_0.6.21-5.dsc 0b3e39c9a79fb61a3af9f3c59863196f4642eb0b 11268 libexif_0.6.21-5.debian.tar.xz Checksums-Sha256: 62b058c17bea79ac98be42760a6cbbbfc71fbf38b1ec54e30295be9b9f073208 2109 libexif_0.6.21-5.dsc 9965a4dc30db0e1643ff5c3b221637901cdf6a0809463489d3680ecfc2614ba5 11268 libexif_0.6.21-5.debian.tar.xz Files: 4ebef6e6b180f8795658116111773b2b 2109 libs optional libexif_0.6.21-5.dsc 8d2870438fcb7e63cd55f8c07337606d 11268 libs optional libexif_0.6.21-5.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAlrGWwMACgkQpU8BhUOC FISqcg//cq97xm8UjhUAeQFYW97zSHjaH2dIIhXhoTC1iJm9GQa8p4lhTLSU92c2 PNnOoe4DGhCVPM2KgOS8oeSRW44XmPjoHrVBLgLdlblFa5htuSx7+GYNx2h5NMqa 2PN3HDpvmf5dsqTDs4xnvHQRFAGJzvVc4Ryf8sS/tREAE8G1lhw72iPqpemWHn3z N432grrji4kxfkURVeMTeL6P8z/Cw9D78N9D6ZPnr5EihZrSEKcXRQsDm+kUcbde HxG0XspMM/KRdxPKxub2TnJYnwQp0ETUXaU7RWRpU42fEyrFLCo6vRNs5Fw/aa3p TTt1DCl3ogK0aAnembVBq+VEULdQVv1vcI9OEi4r5WmbO/KEsoMUfQwQ4k8cfe// F2me4gEoiTh6LePT68CNUoMcUPi7APCpc53RiknYIWxEKZLe7d+IOEMp8Esa7
[Pkg-phototools-devel] Processed: libexif: outdated Homepage, moved to github
Processing control commands: > tag -1 pending Bug #894183 [src:libexif] libexif: outdated Homepage, moved to github Added tag(s) pending. -- 894183: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894183 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#501237: marked as done (libpano13-0: libpano does not recognize JPEG files)
Your message dated Sun, 25 Mar 2018 18:05:02 + with message-id <e1f0a0s-000hxm...@fasolo.debian.org> and subject line Bug#501237: fixed in libpano13 2.9.20~rc1+dfsg-1 has caused the Debian Bug report #501237, regarding libpano13-0: libpano does not recognize JPEG files to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 501237: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501237 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: libpano13-0 Version: 2.9.12.dfsg-3 Severity: normal Tags: patch libpano does not recognize an image type if the filename is not of the correct form (i.e. with a 3 letter extension corresponding to the type). My images are (unfortunately) named *.jpeg and so libpano does not recognize them. Fortunately for all the types of images that libpano knows of, the first byte is different. I've done a patch (attached) that reads the first byte of the file and calls the only possible reader. The changes are minor. There are two possible drawbacks (in addition to the bugs): it is possible that the messages get strange if the file is not of the "guessed" type and I may have broken Mac support (I don't think so but it is possible). Thank you, Loïc -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (990, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26.5 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages libpano13-0 depends on: ii libc6 2.7-13 GNU C Library: Shared libraries ii libjpeg62 6b-14 The Independent JPEG Group's JPEG ii libpng12-01.2.27-1 PNG library - runtime ii libtiff4 3.8.2-11 Tag Image File Format (TIFF) libra libpano13-0 recommends no packages. Versions of packages libpano13-0 suggests: ii libpano13-bin 2.9.12.dfsg-3 panorama tools utilities -- no debconf information diff -ur libpano13-2.9.12.dfsg/bmp.c libpano13-2.9.12.dfsg.loic/bmp.c --- libpano13-2.9.12.dfsg/bmp.c 2006-09-21 17:19:34.0 +0200 +++ libpano13-2.9.12.dfsg.loic/bmp.c 2008-09-26 22:06:34.0 +0200 @@ -3,7 +3,7 @@ #include "metadata.h" #include "file.h" -static int readBMPFileHeader(Image *im, file_spec input); +static int readBMPFileHeader(Image *im, FILE *input); #pragma pack(push, 1) @@ -155,23 +155,14 @@ // Read bitmap file -static int readBMP( Image *im, fullPath *sfile ) +static int readBMP( Image *im, FILE *input ) { - file_spec input; unsigned char *data, *buf; int y; int scanLength; long count; int reverse = 0; - // Bitmap file open - if( myopen( sfile, read_bin, input ) ) - { - PrintError("readBMP, could not open file"); - return -1; - } - - // Read bitmap file header if( readBMPFileHeader(im, input) ) @@ -212,7 +203,7 @@ for(y=0; yheight; y++) { count = scanLength; - myread( input, count, buf ); + count = fread( buf, 1, count, input ); if( count != scanLength ) { PrintError("Error reading image data"); @@ -237,21 +228,21 @@ data += im->bytesPerLine; } - myclose(input); + fclose(input); free( buf ); return 0; } // Read bitmap file header -static int readBMPFileHeader(Image *im, file_spec input) +static int readBMPFileHeader(Image *im, FILE *input) { win3xHead header; // First part of bitmap header win3xBitmapInfoHeader iheader; // Second part of bitmap header long count; count = sizeof(header); - myread( input, count, ); + count = fread( , 1, count, input ); if( count != sizeof(header) ) { PrintError("Error reading first BMP header segment"); @@ -266,7 +257,7 @@ count = sizeof(iheader); - myread( input, count, ); + count = read( , 1, count, input ); if( count != sizeof(iheader) ) { PrintError("Error reading second BMP header segment"); @@ -313,11 +304,10 @@ } -int panoBMPRead( Image *im, fullPath *sfile ) +int panoBMPRead( Image *im, FILE *input ) { - if (readBMP(im, sfile) == 0) { + if (readBMP(im, input) == 0) return panoMetadataUpdateFromImage(im); - } else return FALSE; } diff -ur libpano13-2.9.12.dfsg/file.c libpano13-2.9.12.dfsg.loic/file.c --- libpano13-2.9.12.dfsg/file.c 2007-01-28 00:21:42.0 +0100 +++ libpano13-2.9.12.dfsg.loic/file.c 2008-09-26 22:06:34.0 +0200 @@ -2408,51 +2408,108 @@ // Read an image int panoImageRead(Image * im, fullPath *
[Pkg-phototools-devel] Processed: hugin
Processing commands for cont...@bugs.debian.org: > forwarded 893846 https://bugs.launchpad.net/hugin/+bug/1758503 Bug #893846 [hugin] hugin: fails to find control-points, defective Ignoring request to change the forwarded-to-address of bug#893846 to the same value > End of message, stopping processing here. Please contact me if you need assistance. -- 893846: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893846 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processed: hugin
Processing commands for cont...@bugs.debian.org: > forwarded 893846 https://bugs.launchpad.net/hugin/+bug/1758503 Bug #893846 [hugin] hugin: fails to find control-points, defective Set Bug forwarded-to-address to 'https://bugs.launchpad.net/hugin/+bug/1758503'. > End of message, stopping processing here. Please contact me if you need assistance. -- 893846: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893846 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processed: More found version fixes
Processing commands for cont...@bugs.debian.org: > notfound 873993 2.0.33 Bug #873993 [src:munin] FTBFS with Java 9 due to -source/-target only The source 'munin' and version '2.0.33' do not appear to match any binary packages No longer marked as found in versions munin/2.0.33. > found 873993 2.0.33-1 Bug #873993 [src:munin] FTBFS with Java 9 due to -source/-target only Marked as found in versions munin/2.0.33-1. > notfound 875579 2.22 Bug #875579 [src:jcc] FTBFS with Java 9: library path guessed wrong The source 'jcc' and version '2.22' do not appear to match any binary packages No longer marked as found in versions jcc/2.22. > found 875579 2.22-1 Bug #875579 [src:jcc] FTBFS with Java 9: library path guessed wrong Marked as found in versions jcc/2.22-1. > notfound 873997 2.1.2 Bug #873997 [src:openjpeg2] FTBFS with Java 9 due to -source/-target only The source 'openjpeg2' and version '2.1.2' do not appear to match any binary packages No longer marked as found in versions openjpeg2/2.1.2. > found 873997 2.1.2-1.3 Bug #873997 [src:openjpeg2] FTBFS with Java 9 due to -source/-target only Marked as found in versions openjpeg2/2.1.2-1.3. > thanks Stopping processing here. Please contact me if you need assistance. -- 873993: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873993 873997: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873997 875579: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875579 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processed: tagging 873997
Processing commands for cont...@bugs.debian.org: > tags 873997 + buster sid Bug #873997 [src:openjpeg2] FTBFS with Java 9 due to -source/-target only Added tag(s) sid and buster. > thanks Stopping processing here. Please contact me if you need assistance. -- 873997: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873997 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processed: your mail
message, stopping processing here. Please contact me if you need assistance. -- 872946: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872946 873210: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873210 873213: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873213 873227: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873227 873705: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873705 873972: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873972 873973: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873973 873975: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873975 873976: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873976 873992: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873992 873993: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873993 873995: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873995 873997: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873997 874001: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874001 874004: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874004 874005: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874005 874006: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874006 874132: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874132 874146: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874146 874151: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874151 874159: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874159 874655: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874655 874660: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874660 875333: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875333 875336: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875336 875346: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875346 875358: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875358 875398: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875398 875582: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875582 875584: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875584 875585: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875585 875594: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875594 875790: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875790 892733: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892733 892760: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892760 892937: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892937 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#891272: marked as done (libraw: FTBFS with glibc 2.27: error: call of overloaded 'powf64(int, int)' is ambiguous)
Your message dated Tue, 6 Mar 2018 16:21:53 +0100 with message-id
[Pkg-phototools-devel] Processed: glibc 2.27 is now in unstable
declared (first use in this function) Added tag(s) buster and sid. > severity 891372 serious Bug #891372 [kbuild] kbuild: FTBFS with glibc 2.27: undefined reference to `__alloca' Severity set to 'serious' from 'important' > severity 891373 serious Bug #891373 [src:gridengine] gridengine: FTBFS with glibc 2.27: undefined reference to `__alloca' Severity set to 'serious' from 'important' > severity 891335 serious Bug #891335 [clonalframe] clonalframe: FTBFS with glibc 2.27: error: 'UNDERFLOW' was not declared in this scope Severity set to 'serious' from 'important' > severity 891336 serious Bug #891336 [lynkeos.app] lynkeos.app: FTBFS with glibc 2.27: error: 'HUGE' undeclared (first use in this function) Severity set to 'serious' from 'important' > tags 891336 buster sid Bug #891336 [lynkeos.app] lynkeos.app: FTBFS with glibc 2.27: error: 'HUGE' undeclared (first use in this function) Added tag(s) sid and buster. > severity 891368 serious Bug #891368 {Done: Dima Kogan <dko...@debian.org>} [remake] remake: FTBFS with glibc 2.27: undefined reference to `__alloca' Severity set to 'serious' from 'important' > found 891368 4.1+dbg1.1+dfsg-1 Bug #891368 {Done: Dima Kogan <dko...@debian.org>} [remake] remake: FTBFS with glibc 2.27: undefined reference to `__alloca' Marked as found in versions remake/4.1+dbg1.1+dfsg-1. > tags 891368 buster sid Bug #891368 {Done: Dima Kogan <dko...@debian.org>} [remake] remake: FTBFS with glibc 2.27: undefined reference to `__alloca' Added tag(s) buster and sid. > thanks Stopping processing here. Please contact me if you need assistance. -- 890271: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890271 890631: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890631 890633: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890633 890634: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890634 890669: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890669 890671: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890671 890672: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890672 890679: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890679 890716: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890716 891272: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891272 891275: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891275 891292: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891292 891293: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891293 891299: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891299 891335: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891335 891336: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891336 891337: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891337 891338: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891338 891365: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891365 891368: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891368 891372: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891372 891373: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891373 891375: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891375 891679: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891679 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#858102: marked as done (exif FTCBFS: uses the build architecture pkg-config)
Your message dated Fri, 23 Feb 2018 19:04:20 + with message-id <e1epido-0001hx...@fasolo.debian.org> and subject line Bug#858102: fixed in exif 0.6.21-2 has caused the Debian Bug report #858102, regarding exif FTCBFS: uses the build architecture pkg-config to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 858102: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858102 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: exif Version: 0.6.21-1 Tags: patch upstream User: helm...@debian.org Usertags: rebootstrap exif fails to cross build from source, because GP_PKG_CONFIG fails to consider $ac_tool_prefix when searching for pkg-config. Thus it fails finding required libraries as those are only requested for the host architecture. Replacing it with the upstream equivalent PKG_PROG_PKG_CONFIG fixes the cross build. Please consider applying the attached patch after stretch is released. Helmut diff --minimal -Nru exif-0.6.21/debian/changelog exif-0.6.21/debian/changelog --- exif-0.6.21/debian/changelog2013-01-28 19:28:37.0 +0100 +++ exif-0.6.21/debian/changelog2017-03-18 11:20:43.0 +0100 @@ -1,3 +1,10 @@ +exif (0.6.21-1.1) UNRELEASED; urgency=medium + + * Non-maintainer upload. + * Fix FTCBFS: cross.patch (Closes: #-1) + + -- Helmut Grohne <hel...@subdivi.de> Sat, 18 Mar 2017 11:20:43 +0100 + exif (0.6.21-1) unstable; urgency=low * New upstream release diff --minimal -Nru exif-0.6.21/debian/patches/cross.patch exif-0.6.21/debian/patches/cross.patch --- exif-0.6.21/debian/patches/cross.patch 1970-01-01 01:00:00.0 +0100 +++ exif-0.6.21/debian/patches/cross.patch 2017-03-18 11:20:43.0 +0100 @@ -0,0 +1,79 @@ +From: Helmut Grohne <hel...@subdivi.de> +Subject: Fix cross compilation + +Replace GP_PKG_CONFIG with upstream macro PKG_PROG_PKG_CONFIG as the former +fails to consider $ac_tool_prefix. + +Index: exif-0.6.21/configure.ac +=== +--- exif-0.6.21.orig/configure.ac exif-0.6.21/configure.ac +@@ -37,8 +37,6 @@ + + AC_CHECK_FUNCS([isatty fileno]) + +-GP_PKG_CONFIG +- + # --- + # i18n support + # --- +Index: exif-0.6.21/m4m/gp-check-library.m4 +=== +--- exif-0.6.21.orig/m4m/gp-check-library.m4 exif-0.6.21/m4m/gp-check-library.m4 +@@ -103,7 +103,7 @@ + # -- + dnl + AC_REQUIRE([GP_CONFIG_MSG])dnl +-AC_REQUIRE([GP_PKG_CONFIG])dnl ++AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl + AC_REQUIRE([_GP_CHECK_LIBRARY_SOEXT])dnl + dnl Use _CFLAGS and _LIBS given to configure. + dnl This makes it possible to set these vars in a configure script +Index: exif-0.6.21/m4m/gp-pkg-config.m4 +=== +--- exif-0.6.21.orig/m4m/gp-pkg-config.m4 /dev/null +@@ -1,42 +0,0 @@ +-dnl @synopsis GP_PKG_CONFIG +-dnl +-dnl If you want to set the PKG_CONFIG_PATH, best do so before +-dnl calling GP_PKG_CONFIG +-AC_DEFUN([GP_PKG_CONFIG],[ +-# +-# [GP_PKG_CONFIG] +-# +-AC_ARG_VAR([PKG_CONFIG],[pkg-config package config utility]) +-export PKG_CONFIG +-AC_ARG_VAR([PKG_CONFIG_PATH],[directory where pkg-config looks for *.pc files]) +-export PKG_CONFIG_PATH +- +-AC_MSG_CHECKING([PKG_CONFIG_PATH]) +-if test "x${PKG_CONFIG_PATH}" = "x"; then +- AC_MSG_RESULT([empty]) +-else +- AC_MSG_RESULT([${PKG_CONFIG_PATH}]) +-fi +- +-dnl AC_REQUIRE([PKG_CHECK_MODULES]) +-AC_PATH_PROG([PKG_CONFIG],[pkg-config],[false]) +-if test "$PKG_CONFIG" = "false"; then +-AC_MSG_ERROR([ +-*** Build requires pkg-config +-*** +-*** Possible solutions: +-*** - set PKG_CONFIG to where your pkg-config is located +-*** - set PATH to include the directory where pkg-config is installed +-*** - get it from http://freedesktop.org/software/pkgconfig/ and install it +-]) +-fi +-])dnl +- +-dnl Please do not remove this: +-dnl filetype: d87b877b-80ec-447c-b042-21ec4a27c6f0 +-dnl I use this to find all the different instances of this file which +-dnl are supposed to be synchronized. +- +-dnl Local Variables: +-dnl mode: autoconf +-dnl End: diff --minimal -Nru exif-0.6.21/debian/patches/series exif-0.6.21/debian/patches/series --- exif-0.6.21/debian/patches/series 2013-01-27 15:47:53.0 +0100 +++ exif-0.6.21/debian/
[Pkg-phototools-devel] Bug#854769: marked as done (checkit-tiff: Incomplete debian/copyright?)
Your message dated Tue, 20 Feb 2018 21:06:17 + with message-id <e1eof7b-000ffj...@fasolo.debian.org> and subject line Bug#854769: fixed in checkit-tiff 0.2.3-2 has caused the Debian Bug report #854769, regarding checkit-tiff: Incomplete debian/copyright? to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 854769: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854769 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: checkit-tiff Version: 0.2.3-1 Severity: serious Justication: Policy 12.5 X-Debbugs-CC: Andreas Romeyke <a...@andreas-romeyke.de> Hi, I just ACCEPTed checkit-tiff from NEW but noticed it was missing attribution in debian/copyright for at least: src/headers/tiff.h:4: * Copyright (c) 1988-1997 Sam Leffler src/headers/tiff.h:5: * Copyright (c) 1991-1997 Silicon Graphics, Inc. (This is not exhaustive so please check over the entire package carefully and address these on your next upload.) Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- --- End Message --- --- Begin Message --- Source: checkit-tiff Source-Version: 0.2.3-2 We believe that the bug you reported is fixed in the latest version of checkit-tiff, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 854...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Tille <ti...@debian.org> (supplier of updated checkit-tiff package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 20 Feb 2018 21:00:43 +0100 Source: checkit-tiff Binary: checkit-tiff Architecture: source Version: 0.2.3-2 Distribution: unstable Urgency: medium Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org> Changed-By: Andreas Tille <ti...@debian.org> Description: checkit-tiff - conformance checker for baseline TIFFs Closes: 854769 Changes: checkit-tiff (0.2.3-2) unstable; urgency=medium . * Team upload. * Add missing copyright Closes: #854769 * Standards-Version: 4.1.3 * debhelper 11 Checksums-Sha1: 2d15dafbcc6d28a4e494bc8d3dfd62bcceec597e 2060 checkit-tiff_0.2.3-2.dsc 75e715429b1905f00aa9a27327f9c9ec318b93bc 2768 checkit-tiff_0.2.3-2.debian.tar.xz e42e5714710eb780f410e6a5cc339fca95d55d9d 6670 checkit-tiff_0.2.3-2_amd64.buildinfo Checksums-Sha256: acea6657c46125b14c9e0c105b2030bcb4b76e922f2181f10d8d01c88e79c9f0 2060 checkit-tiff_0.2.3-2.dsc 34e79cdcce612713789ff88a01e887904b306b2522bfd3afca9fc2d6c38640e8 2768 checkit-tiff_0.2.3-2.debian.tar.xz d3ddd7fbf3631980b681fcf5a27bc76e786c3d5aeda724dc2cb3f6de159edcd4 6670 checkit-tiff_0.2.3-2_amd64.buildinfo Files: 5f7bc2bd4f1a4bc99e7550ba7113534a 2060 science optional checkit-tiff_0.2.3-2.dsc b36da03aa9d0447988aecfe757d302ab 2768 science optional checkit-tiff_0.2.3-2.debian.tar.xz 9a4290948265d700ad9bfa58278ea538 6670 science optional checkit-tiff_0.2.3-2_amd64.buildinfo -BEGIN PGP SIGNATURE- iQJFBAEBCgAvFiEE8fAHMgoDVUHwpmPKV4oElNHGRtEFAlqMfrERHHRpbGxlQGRl Ymlhbi5vcmcACgkQV4oElNHGRtGfVg/+MHq6/Z3QlOJCQUAS1AARxwg8HeHUZzQm aBKep+DXtRw43BMADrVob1bMNdbwT/Od3KrDURdWy+uIMLUsaDwgUisYW6L3LqqD jqTo/XgEc/LigbYiJrwUJUVeh/JK0uG8QiMMxebXVFn7/AHJAp0ZmpsImDOfaSTQ zbDpvcIJW6ZrdaknMQ8XvyA1g3CV60ahJisqqCp9KzVbZVtC6cqZsfcK2j4QelUU b4qmNDenMmqpKJmzELQvBiUjjIkXbhJJzEtW8L1Umrhzu9i9FYuL+sx1fkt713x5 tIKpV0KBFhK6P8Gdx6Dd0Y076oIhgBk/nPS7pe/zpyinx0W/+hShOkRw+ejK56vr AUVgmTdxKYOL+MIWS69BdFBNjAHFCva5mwu+8B3jHHiYA2SnceyBXMfeMohuGyAQ SzCuFEEk1W4CGXlW1CS684DEr7bGy8Dv0txBNazUJtkzcn+MJuHm66FikNzXaSWn Pgbq0m/XyR+8Hj0GgVHbOmxS0PZlEAdrrqySFHPYLIM9TV7QaeVNNievhdbbo6L8 8dXAtqwHT8YZUQzy3KHA1k/3/2izlQl9dvSBqnaqzaQ8MwugsLjR6VC8FJmut8R6 iKgkLzS89Z6hhtjCEAt33P2a/IS1WUFI03iUU+99EAAryZx/3NNUFn/kst53Ndev Z359P063Fys= =v/PC -END PGP SIGNATURE End Message --- ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processed: retitle 888532 to openjpeg2: CVE-2018-5727: integer overflow in opj_t1_encode_cblks in src/lib/openjp2/t1.c
Processing commands for cont...@bugs.debian.org: > retitle 888532 openjpeg2: CVE-2018-5727: integer overflow in > opj_t1_encode_cblks in src/lib/openjp2/t1.c Bug #888532 [src:openjpeg2] openjpeg2: CVE-2018-5727: nteger overflow in opj_t1_encode_cblks in src/lib/openjp2/t1.c Changed Bug title to 'openjpeg2: CVE-2018-5727: integer overflow in opj_t1_encode_cblks in src/lib/openjp2/t1.c' from 'openjpeg2: CVE-2018-5727: nteger overflow in opj_t1_encode_cblks in src/lib/openjp2/t1.c'. > thanks Stopping processing here. Please contact me if you need assistance. -- 888532: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888532 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#888061: marked as done (libraw: FTBFS on ia64: symbols discrepancy)
Your message dated Wed, 24 Jan 2018 15:29:15 + with message-id <e1eemzd-000fgv...@fasolo.debian.org> and subject line Bug#888061: fixed in libraw 0.18.7-2 has caused the Debian Bug report #888061, regarding libraw: FTBFS on ia64: symbols discrepancy to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 888061: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888061 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: libraw Version: 0.18.7-1 Severity: important Hello, libraw FTBFS on ia64, the symbols files need to be fixed for it: https://buildd.debian.org/status/fetch.php?pkg=libraw=ia64=0.18.7-1=1516664039=0 Samuel -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'stable-debug'), (500, 'oldoldstable'), (500, 'buildd-unstable'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental-debug'), (1, 'buildd-experimental'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled -- Samuel t: bah c'est tendre le pattern pour se faire matcher, hein --- End Message --- --- Begin Message --- Source: libraw Source-Version: 0.18.7-2 We believe that the bug you reported is fixed in the latest version of libraw, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 888...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Matteo F. Vescovi <m...@debian.org> (supplier of updated libraw package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 24 Jan 2018 14:44:01 +0100 Source: libraw Binary: libraw16 libraw-bin libraw-dev libraw-doc Architecture: source Version: 0.18.7-2 Distribution: unstable Urgency: medium Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org> Changed-By: Matteo F. Vescovi <m...@debian.org> Description: libraw-bin - raw image decoder library (tools) libraw-dev - raw image decoder library (development files) libraw-doc - raw image decoder library (documentation) libraw16 - raw image decoder library Closes: 888061 Changes: libraw (0.18.7-2) unstable; urgency=medium . [ Jason Duerstock ] * debian/libraw16.symbols: symbols refreshed to add ia64 architecture (Closes: #888061) Checksums-Sha1: 2e45f43d22989de7a9e1df4c88a0f7c6502eb822 2179 libraw_0.18.7-2.dsc 95db4fe7096b52d9ea700e29b1d9e9a4f3c40173 21060 libraw_0.18.7-2.debian.tar.xz Checksums-Sha256: 0ee39b743c8bf5ad6ae4393662e1cd4eab9e2f500bce93a9da175f71d598c331 2179 libraw_0.18.7-2.dsc 70f31f379b8c5b80cac74385b4a2ca4f64b803c21673e384d426500b9c8ce0cb 21060 libraw_0.18.7-2.debian.tar.xz Files: 3cce7141bf780fe1631d1a4a2f2a9c9c 2179 libs optional libraw_0.18.7-2.dsc 966f95f2aa94a0acab61e69b97e46aeb 21060 libs optional libraw_0.18.7-2.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEi3hoeGwz5cZMTQpICBa54Yx2K60FAlpolQ8ACgkQCBa54Yx2 K62PZQ//Z3t+RywlfMhPnNOOFttrHC2SBW7QinkLW6PIeAoIFvhynar4E/nYKtiu eLtQCzLLmsNgHDAefRcqHH51VVG5CgHtLYB0eUhSWJVC42b1gec3pB2Ib0iWtmxz IkW3eTJNAgHdFv6UdOv9Dk1ddn1v7mLKLvWmJXYjLnJ6QoQjjaAklC5BFI1DOZyp 9P+5IHHrjL/iA6/cxf/P5+63a1Wb1l5ccCaY7VvJKzvMoLti0hdU9ModTuOD5JuC zEIZfJYGOZmpl3Exv9e4vESly6ms6W8+qQ95pC61K50leQ/epiiXmr4RaevBjWWF RCFwv/kZE6Tg8H3i/Ti92WyRPdgh7Ju5M4rp4XzikxA3Pq0zzjQKmBgeEZcnMxK+ 5twCjV4NaCA/71xCYpxoHduYlW4whTLT+NzgrwevG9M0MYFH+36PJQpTRm93Rk8z RyAlegzxaj0C3Ez81IraTlSKaYr4h2z+w//zqJuOrK0pF9cMI9bujfW893nmvTaR k6sl9FIPiQ+xDOlKhJ5u0tGtB3Z6rxrSggYKrN9HpTFSb6Pe2ZwThUYqpayOVWbE BR8eVcOnyqxLrUyFicyFjYCyeuEyExkW95RO/Z/Q62hfJlYTR55EuPrrcnOocTqB nxdO7+DIXhwr9SCDgPdg5QNPH4f5rgpqiLEZ2KpFKLVkBgmvrBk= =JlMw -END PGP SIGNATURE End Message --- ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processed: Re: Bug#888061: libraw: FTBFS on ia64: symbols discrepancy
Processing control commands: > tag -1 + pending Bug #888061 [src:libraw] libraw: FTBFS on ia64: symbols discrepancy Added tag(s) pending. -- 888061: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888061 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processed: Re: FTBFS with Java 9 due to -source/-target only
Processing control commands: > tags -1 patch Bug #873997 [src:openjpeg2] FTBFS with Java 9 due to -source/-target only Added tag(s) patch. -- 873997: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873997 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processed: found 877352 in 1.6.1-6
Processing commands for cont...@bugs.debian.org: > found 877352 1.6.1-6 Bug #877352 {Done: "Matteo F. Vescovi" <m...@debian.org>} [src:openexr] openexr: CVE-2017-12596 Marked as found in versions openexr/1.6.1-6. > thanks Stopping processing here. Please contact me if you need assistance. -- 877352: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877352 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processed: notfound 877352 in 2.2.0-11.1, found 877352 in 2.2.0-11, fixed 877352 in 2.2.0-11.1
Processing commands for cont...@bugs.debian.org: > notfound 877352 2.2.0-11.1 Bug #877352 {Done: "Matteo F. Vescovi" <m...@debian.org>} [src:openexr] openexr: CVE-2017-12596 No longer marked as found in versions openexr/2.2.0-11.1. > found 877352 2.2.0-11 Bug #877352 {Done: "Matteo F. Vescovi" <m...@debian.org>} [src:openexr] openexr: CVE-2017-12596 Marked as found in versions openexr/2.2.0-11. > fixed 877352 2.2.0-11.1 Bug #877352 {Done: "Matteo F. Vescovi" <m...@debian.org>} [src:openexr] openexr: CVE-2017-12596 Marked as fixed in versions openexr/2.2.0-11.1. > thanks Stopping processing here. Please contact me if you need assistance. -- 877352: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877352 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#877352: marked as done (openexr: CVE-2017-12596)
Your message dated Wed, 10 Jan 2018 17:37:29 +0100 with message-id <871six8yba@gmail.com> and subject line Re: Bug#877352: openexr:CVE-2017-12596 has caused the Debian Bug report #877352, regarding openexr: CVE-2017-12596 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 877352: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877352 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: openexr Version: 2.2.0-11.1 Severity: important Tags: upstream security Forwarded: https://github.com/openexr/openexr/issues/238 Hi, the following vulnerability was published for openexr, filling this bug to track the upstream issue at [1]. CVE-2017-12596[0]: | In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read | in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled | execution; it may result in denial of service or possibly unspecified | other impact. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-12596 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12596 [1] https://github.com/openexr/openexr/issues/238 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Version: 2.2.1-1 On 2017-09-30 at 22:48 (+0200), Salvatore Bonaccorso wrote: > Source: openexr > Version: 2.2.0-11.1 > Severity: important > Tags: upstream security > Forwarded: https://github.com/openexr/openexr/issues/238 > > Hi, > > the following vulnerability was published for openexr, filling this > bug to track the upstream issue at [1]. > > CVE-2017-12596[0]: > | In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read > | in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled > | execution; it may result in denial of service or possibly unspecified > | other impact. > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. CVE id has been added, but forgot to close this bug report. Doing it now. Cheers. -- Matteo F. Vescovi signature.asc Description: PGP signature --- End Message --- ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#873885: marked as done (openexr: CVE-2017-9111 CVE-2017-9113 CVE-2017-9114 CVE-2017-9115)
Your message dated Wed, 10 Jan 2018 17:35:55 +0100 with message-id <8760898ydw@gmail.com> and subject line Re: Bug#873885: CVE-2017-9111 CVE-2017-9113 CVE-2017-9114 CVE-2017-9115 has caused the Debian Bug report #873885, regarding openexr: CVE-2017-9111 CVE-2017-9113 CVE-2017-9114 CVE-2017-9115 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 873885: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873885 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: openexr Severity: grave Tags: security Please see http://www.openwall.com/lists/oss-security/2017/05/12/5 These were reported upstream at https://github.com/openexr/openexr/issues/232 Upstream fixes are linked in the github bug. Cheers, Moritz --- End Message --- --- Begin Message --- Version: 2.2.1-1 On 2017-06-04 at 09:44 (+0200), Moritz Muehlenhoff wrote: > Source: openexr > Severity: grave > Tags: security > > Please see http://www.openwall.com/lists/oss-security/2017/05/12/5 > > These were reported upstream at https://github.com/openexr/openexr/issues/232 > > Upstream fixes are linked in the github bug. OpenEXR 2.2.1-1 has been just uploaded to experimental with testing purpose. Once reverse dependencies have been re-built against it, it will be moved to unstable/sid. Thus, this issue is now fixed. And closing. Cheers. -- Matteo F. Vescovi signature.asc Description: PGP signature --- End Message --- ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#884230: marked as done (needs updated build-deps (add texlive-fonts-extra))
Your message dated Thu, 21 Dec 2017 18:49:41 + with message-id <e1es5ux-yi...@fasolo.debian.org> and subject line Bug#884230: fixed in enblend-enfuse 4.2-3 has caused the Debian Bug report #884230, regarding needs updated build-deps (add texlive-fonts-extra) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 884230: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884230 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: texlive-base Version: 2017.20171128-1 Severity: serious Control: affects -1 src:enblend-enfuse enblend-enfuse started to FTBFS with 2017.20171128-1: https://tests.reproducible-builds.org/debian/history/enblend-enfuse.html https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/enblend-enfuse.html ... LaTeX Font Info:Font shape `OT1/cmr/bx/sc' in size <24.88> not available (Font) Font shape `OT1/cmr/b/sc' tried instead on input line 10. ../../doc/common-fdl.tex:10: Font OT1/cmr/bx/sc/24.88=cmbcsc10 at 24.88pt not loadable: Metric (TFM) file not found. relax l.10 ...NU} Free Documentation License\commonpart} Here is how much of TeX's memory you used: 7075 strings out of 494927 113250 string characters out of 6180827 214894 words of memory out of 500 10070 multiletter control sequences out of 15000+60 29352 words of font info for 109 fonts, out of 800 for 9000 35 hyphenation exceptions out of 8191 47i,18n,38p,353b,603s stack positions out of 5000i,500n,1p,20b,8s Output written on enblend.dvi (79 pages, 192624 bytes). Makefile:911: recipe for target 'enblend.dvi' failed make[5]: *** [enblend.dvi] Error 1 The root problem is that in 2017.20171128-1 cmbcsc10 moved from texlive-base to texlive-fonts-extra, that should be moved back to texlive-base. --- End Message --- --- Begin Message --- Source: enblend-enfuse Source-Version: 4.2-3 We believe that the bug you reported is fixed in the latest version of enblend-enfuse, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 884...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Metzler <ametz...@debian.org> (supplier of updated enblend-enfuse package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 21 Dec 2017 18:55:44 +0100 Source: enblend-enfuse Binary: enblend enfuse Architecture: source Version: 4.2-3 Distribution: unstable Urgency: medium Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org> Changed-By: Andreas Metzler <ametz...@debian.org> Closes: 884230 Description: enblend- image blending tool enfuse - image exposure blending tool Changes: enblend-enfuse (4.2-3) unstable; urgency=medium . * Hotfix FTBFS by adding a b-d on texlive-fonts-extra. Closes: #884230 Checksums-Sha1: 1e5fb100147af22ff62ca7c8e3b58003e19585b0 2482 enblend-enfuse_4.2-3.dsc 459581af6986124cf933ec99b18176179a1d6368 10308 enblend-enfuse_4.2-3.debian.tar.xz Checksums-Sha256: 9d54505c711d949791ad1f9f411e9eb16ba668ceb12175333da04899739ecdc1 2482 enblend-enfuse_4.2-3.dsc 22f303cce1a665d72337225cc8ea8b4392f0d25d34a6876493f785b9d855ece7 10308 enblend-enfuse_4.2-3.debian.tar.xz Files: e79a12ed0643af65fdefc034686bcebd 2482 graphics optional enblend-enfuse_4.2-3.dsc 5813037186b5db2dc3152ef5f8de7fb3 10308 graphics optional enblend-enfuse_4.2-3.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAlo7/W8ACgkQpU8BhUOC FITdcQ//aPOA5oeDfqK+C2DYmd0GbWS3GO/IVfpgLTh2BxKuVA/hyHPszAmT/kKs DbeN2ssK8TQjFzV9JLLYyx4oo+qDWqlBbAQxcCeQCCK//zBwJ9m36Scr+pbcUZOb 3+g1cxglntamXkHSmhgKffa8LLc6vZ9Yht7CNTJg0dcwkwlT6E7NSVSG2bJ0i2iV eMuuEz7PQ9ADocpN0as2c/kcVRHTbE2Isc34M6WLkpsEvh92eB+GvBHq0kuD2qqt hq7uSOjP86FBsJOEU37cylxTfmE7kPfsVFMNd905XIOublFkCMMwfaLQo4GN4GKo ZP2l/KnNbQF7DABE83BCt0tO4whLBUAf4H9DQax09/EK2/6zLs8ZOXvn6R6AF8r2 eoG+OjSQW8Md6xTYLbgJfVxC/l8Y1br8YfBxg1BgcH5g9PdugsPqeJ2hYvxiasem uKnoXcU5XXYRTNYeOJNUohsdlbtwx0CTUVWjJosak6E2DMFNZiVWooaInRYGyBoP 1QqICzhAbT+RTB3A9/21iWrEQ5yhNMS9FcspZXl3H3H1R
[Pkg-phototools-devel] Processed: fixed 874115 in 2.1.0-2+deb8u3, fixed 874115 in 2.1.2-1.1+deb9u2
Processing commands for cont...@bugs.debian.org: > fixed 874115 2.1.0-2+deb8u3 Bug #874115 {Done: Mathieu Malaterre <ma...@debian.org>} [src:openjpeg2] openjpeg2: CVE-2017-14041: Stack-based buffer over-write in pgxtoimage function in bin/jp2/convert.c Marked as fixed in versions openjpeg2/2.1.0-2+deb8u3. > fixed 874115 2.1.2-1.1+deb9u2 Bug #874115 {Done: Mathieu Malaterre <ma...@debian.org>} [src:openjpeg2] openjpeg2: CVE-2017-14041: Stack-based buffer over-write in pgxtoimage function in bin/jp2/convert.c Marked as fixed in versions openjpeg2/2.1.2-1.1+deb9u2. > thanks Stopping processing here. Please contact me if you need assistance. -- 874115: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874115 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processed: Not a problem in stretch
Processing commands for cont...@bugs.debian.org: > tags 884230 buster sid Bug #884230 [enblend-enfuse] needs updated build-deps (add texlive-fonts-extra) Added tag(s) buster and sid. > thanks Stopping processing here. Please contact me if you need assistance. -- 884230: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884230 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processed: Re: Bug#884230: texlive-base: cmbcsc10 moved to texlive-fonts-extra
Processing commands for cont...@bugs.debian.org: > reassign 884230 enblend-enfuse Bug #884230 [texlive-base] texlive-base: cmbcsc10 moved to texlive-fonts-extra Bug reassigned from package 'texlive-base' to 'enblend-enfuse'. No longer marked as found in versions texlive-base/2017.20171128-1. Ignoring request to alter fixed versions of bug #884230 to the same values previously set > retitle 884230 needs updated build-deps (add texlive-fonts-extra) Bug #884230 [enblend-enfuse] texlive-base: cmbcsc10 moved to texlive-fonts-extra Changed Bug title to 'needs updated build-deps (add texlive-fonts-extra)' from 'texlive-base: cmbcsc10 moved to texlive-fonts-extra'. > thanks Stopping processing here. Please contact me if you need assistance. -- 884230: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884230 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#882032: marked as done (optipng: CVE-2017-1000229: Integer Overflow Bug while parsing TIFF input file)
Your message dated Sat, 09 Dec 2017 14:38:32 + with message-id <e1enggu-0001eq...@fasolo.debian.org> and subject line Bug#882032: fixed in optipng 0.7.5-1+deb8u2 has caused the Debian Bug report #882032, regarding optipng: CVE-2017-1000229: Integer Overflow Bug while parsing TIFF input file to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 882032: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882032 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: optipng Version: 0.7.6-1 Severity: important Tags: security upstream Forwarded: https://sourceforge.net/p/optipng/bugs/65/ Hi, the following vulnerability was published for optipng. CVE-2017-1000229[0]: | Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 | allows an attacker to remotely execute code or cause denial of | service. With the poc.tiff on upstream bug: ==9473== Memcheck, a memory error detector ==9473== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==9473== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info ==9473== Command: optipng poc.tiff ==9473== ** Processing: poc.tiff ==9473== Invalid write of size 4 ==9473==at 0x109C53: read_ulong_values (tiffread.c:131) ==9473==by 0x117504: minitiff_read_info (tiffread.c:358) ==9473==by 0x114B07: pngx_read_tiff (pngxrtif.c:85) ==9473==by 0x11272C: pngx_read_image (pngxread.c:130) ==9473==by 0x10CABF: opng_read_file (optim.c:939) ==9473==by 0x10DE99: opng_optimize_impl (optim.c:1503) ==9473==by 0x10EC28: opng_optimize (optim.c:1853) ==9473==by 0x10A30E: process_files (optipng.c:941) ==9473==by 0x10A30E: main (optipng.c:975) ==9473== Address 0x4aa56cc is 0 bytes after a block of size 4 alloc'd ==9473==at 0x482E2BC: malloc (vg_replace_malloc.c:299) ==9473==by 0x1174CA: minitiff_read_info (tiffread.c:353) ==9473==by 0x114B07: pngx_read_tiff (pngxrtif.c:85) ==9473==by 0x11272C: pngx_read_image (pngxread.c:130) ==9473==by 0x10CABF: opng_read_file (optim.c:939) ==9473==by 0x10DE99: opng_optimize_impl (optim.c:1503) ==9473==by 0x10EC28: opng_optimize (optim.c:1853) ==9473==by 0x10A30E: process_files (optipng.c:941) ==9473==by 0x10A30E: main (optipng.c:975) ==9473== Error: Error reading TIFF file ** Status report 1 file(s) have been processed. 1 error(s) have been encountered. ==9473== ==9473== HEAP SUMMARY: ==9473== in use at exit: 4 bytes in 1 blocks ==9473== total heap usage: 5 allocs, 4 frees, 5,600 bytes allocated ==9473== ==9473== LEAK SUMMARY: ==9473==definitely lost: 4 bytes in 1 blocks ==9473==indirectly lost: 0 bytes in 0 blocks ==9473== possibly lost: 0 bytes in 0 blocks ==9473==still reachable: 0 bytes in 0 blocks ==9473== suppressed: 0 bytes in 0 blocks ==9473== Rerun with --leak-check=full to see details of leaked memory ==9473== ==9473== For counts of detected and suppressed errors, rerun with: -v ==9473== ERROR SUMMARY: 262143 errors from 1 contexts (suppressed: 0 from 0) If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-1000229 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000229 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: optipng Source-Version: 0.7.5-1+deb8u2 We believe that the bug you reported is fixed in the latest version of optipng, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 882...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated optipng package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 07 Dec 2017 21:47:21 +0100 Source: optipng Binary: optipng Architecture: source Version: 0.7.5-1+deb8u2 Distribution: jessie-security Urgency: high Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org> Changed-By: Sal
[Pkg-phototools-devel] Bug#878839: marked as done (optipng: CVE-2017-16938: global-buffer-overflow bug while parsing GIF file)
Your message dated Sat, 09 Dec 2017 14:38:32 + with message-id <e1enggu-0001ek...@fasolo.debian.org> and subject line Bug#878839: fixed in optipng 0.7.5-1+deb8u2 has caused the Debian Bug report #878839, regarding optipng: CVE-2017-16938: global-buffer-overflow bug while parsing GIF file to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 878839: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878839 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: optipng Version: 0.7.6-1 Severity: normal Dear Maintainer, global-buffer-overflow bug while parsing GIF file Running 'optipng' with the attached file raises global-buffer-overflow bug, which may allow a remote attacker to cause a denial-of-service attack or other unspecified impact with a crafted file. I expected the program to terminate without segfault, but the program crashes as follow * Please consider that this bug isn't found in default debian optipng * * which is installed by apt-get. * * This bug is only triggered when optipng was compiled by clang or by * * gcc without any optimizations. * - june@june:~/project/analyze/poc/optipng$ optipng poc ** Processing: poc Warning: Bogus data in GIF = ==11381==ERROR: AddressSanitizer: global-buffer-overflow on address 0x55c9084bf040 at pc 0x55c908286630 bp 0x7fffd3831e40 sp 0x7fffd3831e38 WRITE of size 4 at 0x55c9084bf040 thread T0 = ==11381==ERROR: AddressSanitizer: global-buffer-overflow on address 0x55c9084bf040 at pc 0x55c908286630 bp 0x7fffd3831e40 sp 0x7fffd3831e38 WRITE of size 4 at 0x55c9084bf040 thread T0 #0 0x55c90828662f (/home/june/project/analyze/bins/optipng-0.7.6/src/optipng/optipng+0x7362f) #1 0x55c908285912 (/home/june/project/analyze/bins/optipng-0.7.6/src/optipng/optipng+0x72912) #2 0x55c90828549f (/home/june/project/analyze/bins/optipng-0.7.6/src/optipng/optipng+0x7249f) #3 0x55c908284e00 (/home/june/project/analyze/bins/optipng-0.7.6/src/optipng/optipng+0x71e00) #4 0x55c908239928 (/home/june/project/analyze/bins/optipng-0.7.6/src/optipng/optipng+0x26928) #5 0x55c9082367a7 (/home/june/project/analyze/bins/optipng-0.7.6/src/optipng/optipng+0x237a7) #6 0x55c908229674 (/home/june/project/analyze/bins/optipng-0.7.6/src/optipng/optipng+0x16674) #7 0x55c90822b778 (/home/june/project/analyze/bins/optipng-0.7.6/src/optipng/optipng+0x18778) #8 0x55c90822c9fe (/home/june/project/analyze/bins/optipng-0.7.6/src/optipng/optipng+0x199fe) #9 0x55c90822731e (/home/june/project/analyze/bins/optipng-0.7.6/src/optipng/optipng+0x1431e) #10 0x55c908227436 (/home/june/project/analyze/bins/optipng-0.7.6/src/optipng/optipng+0x14436) #11 0x7fb1b02de2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) #12 0x55c908224389 (/home/june/project/analyze/bins/optipng-0.7.6/src/optipng/optipng+0x11389) 0x55c9084bf040 is located 0 bytes to the right of global variable 'stack' defined in 'gifread.c:401:16' (0x55c9084b7040) of size 32768 0x55c9084bf040 is located 32 bytes to the left of global variable 'oldcode' defined in 'gifread.c:398:27' (0x55c9084bf060) of size 4 SUMMARY: AddressSanitizer: global-buffer-overflow (/home/june/project/analyze/bins/optipng-0.7.6/src/optipng/optipng+0x7362f) Shadow bytes around the buggy address: 0x0ab9a108fdb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ab9a108fdc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ab9a108fdd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ab9a108fde0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ab9a108fdf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0ab9a108fe00: 00 00 00 00 00 00 00 00[f9]f9 f9 f9 04 f9 f9 f9 0x0ab9a108fe10: f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 0x0ab9a108fe20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ab9a108fe30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ab9a108fe40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ab9a108fe50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1
[Pkg-phototools-devel] Bug#882032: marked as done (optipng: CVE-2017-1000229: Integer Overflow Bug while parsing TIFF input file)
Your message dated Sat, 09 Dec 2017 12:03:01 + with message-id <e1endqp-0004lx...@fasolo.debian.org> and subject line Bug#882032: fixed in optipng 0.7.6-1+deb9u1 has caused the Debian Bug report #882032, regarding optipng: CVE-2017-1000229: Integer Overflow Bug while parsing TIFF input file to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 882032: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882032 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: optipng Version: 0.7.6-1 Severity: important Tags: security upstream Forwarded: https://sourceforge.net/p/optipng/bugs/65/ Hi, the following vulnerability was published for optipng. CVE-2017-1000229[0]: | Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 | allows an attacker to remotely execute code or cause denial of | service. With the poc.tiff on upstream bug: ==9473== Memcheck, a memory error detector ==9473== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==9473== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info ==9473== Command: optipng poc.tiff ==9473== ** Processing: poc.tiff ==9473== Invalid write of size 4 ==9473==at 0x109C53: read_ulong_values (tiffread.c:131) ==9473==by 0x117504: minitiff_read_info (tiffread.c:358) ==9473==by 0x114B07: pngx_read_tiff (pngxrtif.c:85) ==9473==by 0x11272C: pngx_read_image (pngxread.c:130) ==9473==by 0x10CABF: opng_read_file (optim.c:939) ==9473==by 0x10DE99: opng_optimize_impl (optim.c:1503) ==9473==by 0x10EC28: opng_optimize (optim.c:1853) ==9473==by 0x10A30E: process_files (optipng.c:941) ==9473==by 0x10A30E: main (optipng.c:975) ==9473== Address 0x4aa56cc is 0 bytes after a block of size 4 alloc'd ==9473==at 0x482E2BC: malloc (vg_replace_malloc.c:299) ==9473==by 0x1174CA: minitiff_read_info (tiffread.c:353) ==9473==by 0x114B07: pngx_read_tiff (pngxrtif.c:85) ==9473==by 0x11272C: pngx_read_image (pngxread.c:130) ==9473==by 0x10CABF: opng_read_file (optim.c:939) ==9473==by 0x10DE99: opng_optimize_impl (optim.c:1503) ==9473==by 0x10EC28: opng_optimize (optim.c:1853) ==9473==by 0x10A30E: process_files (optipng.c:941) ==9473==by 0x10A30E: main (optipng.c:975) ==9473== Error: Error reading TIFF file ** Status report 1 file(s) have been processed. 1 error(s) have been encountered. ==9473== ==9473== HEAP SUMMARY: ==9473== in use at exit: 4 bytes in 1 blocks ==9473== total heap usage: 5 allocs, 4 frees, 5,600 bytes allocated ==9473== ==9473== LEAK SUMMARY: ==9473==definitely lost: 4 bytes in 1 blocks ==9473==indirectly lost: 0 bytes in 0 blocks ==9473== possibly lost: 0 bytes in 0 blocks ==9473==still reachable: 0 bytes in 0 blocks ==9473== suppressed: 0 bytes in 0 blocks ==9473== Rerun with --leak-check=full to see details of leaked memory ==9473== ==9473== For counts of detected and suppressed errors, rerun with: -v ==9473== ERROR SUMMARY: 262143 errors from 1 contexts (suppressed: 0 from 0) If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-1000229 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000229 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: optipng Source-Version: 0.7.6-1+deb9u1 We believe that the bug you reported is fixed in the latest version of optipng, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 882...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated optipng package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 07 Dec 2017 21:42:04 +0100 Source: optipng Binary: optipng Architecture: source Version: 0.7.6-1+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org> Changed-By: Sal
[Pkg-phototools-devel] Bug#878839: marked as done (optipng: CVE-2017-16938: global-buffer-overflow bug while parsing GIF file)
Your message dated Sat, 09 Dec 2017 12:03:01 + with message-id <e1endqp-0004lr...@fasolo.debian.org> and subject line Bug#878839: fixed in optipng 0.7.6-1+deb9u1 has caused the Debian Bug report #878839, regarding optipng: CVE-2017-16938: global-buffer-overflow bug while parsing GIF file to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 878839: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878839 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: optipng Version: 0.7.6-1 Severity: normal Dear Maintainer, global-buffer-overflow bug while parsing GIF file Running 'optipng' with the attached file raises global-buffer-overflow bug, which may allow a remote attacker to cause a denial-of-service attack or other unspecified impact with a crafted file. I expected the program to terminate without segfault, but the program crashes as follow * Please consider that this bug isn't found in default debian optipng * * which is installed by apt-get. * * This bug is only triggered when optipng was compiled by clang or by * * gcc without any optimizations. * - june@june:~/project/analyze/poc/optipng$ optipng poc ** Processing: poc Warning: Bogus data in GIF = ==11381==ERROR: AddressSanitizer: global-buffer-overflow on address 0x55c9084bf040 at pc 0x55c908286630 bp 0x7fffd3831e40 sp 0x7fffd3831e38 WRITE of size 4 at 0x55c9084bf040 thread T0 = ==11381==ERROR: AddressSanitizer: global-buffer-overflow on address 0x55c9084bf040 at pc 0x55c908286630 bp 0x7fffd3831e40 sp 0x7fffd3831e38 WRITE of size 4 at 0x55c9084bf040 thread T0 #0 0x55c90828662f (/home/june/project/analyze/bins/optipng-0.7.6/src/optipng/optipng+0x7362f) #1 0x55c908285912 (/home/june/project/analyze/bins/optipng-0.7.6/src/optipng/optipng+0x72912) #2 0x55c90828549f (/home/june/project/analyze/bins/optipng-0.7.6/src/optipng/optipng+0x7249f) #3 0x55c908284e00 (/home/june/project/analyze/bins/optipng-0.7.6/src/optipng/optipng+0x71e00) #4 0x55c908239928 (/home/june/project/analyze/bins/optipng-0.7.6/src/optipng/optipng+0x26928) #5 0x55c9082367a7 (/home/june/project/analyze/bins/optipng-0.7.6/src/optipng/optipng+0x237a7) #6 0x55c908229674 (/home/june/project/analyze/bins/optipng-0.7.6/src/optipng/optipng+0x16674) #7 0x55c90822b778 (/home/june/project/analyze/bins/optipng-0.7.6/src/optipng/optipng+0x18778) #8 0x55c90822c9fe (/home/june/project/analyze/bins/optipng-0.7.6/src/optipng/optipng+0x199fe) #9 0x55c90822731e (/home/june/project/analyze/bins/optipng-0.7.6/src/optipng/optipng+0x1431e) #10 0x55c908227436 (/home/june/project/analyze/bins/optipng-0.7.6/src/optipng/optipng+0x14436) #11 0x7fb1b02de2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) #12 0x55c908224389 (/home/june/project/analyze/bins/optipng-0.7.6/src/optipng/optipng+0x11389) 0x55c9084bf040 is located 0 bytes to the right of global variable 'stack' defined in 'gifread.c:401:16' (0x55c9084b7040) of size 32768 0x55c9084bf040 is located 32 bytes to the left of global variable 'oldcode' defined in 'gifread.c:398:27' (0x55c9084bf060) of size 4 SUMMARY: AddressSanitizer: global-buffer-overflow (/home/june/project/analyze/bins/optipng-0.7.6/src/optipng/optipng+0x7362f) Shadow bytes around the buggy address: 0x0ab9a108fdb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ab9a108fdc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ab9a108fdd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ab9a108fde0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ab9a108fdf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0ab9a108fe00: 00 00 00 00 00 00 00 00[f9]f9 f9 f9 04 f9 f9 f9 0x0ab9a108fe10: f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 0x0ab9a108fe20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ab9a108fe30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ab9a108fe40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ab9a108fe50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1
[Pkg-phototools-devel] Processed: retitle 878839 to optipng: CVE-2017-16938: global-buffer-overflow bug while parsing GIF file
Processing commands for cont...@bugs.debian.org: > retitle 878839 optipng: CVE-2017-16938: global-buffer-overflow bug while > parsing GIF file Bug #878839 {Done: Salvatore Bonaccorso <car...@debian.org>} [optipng] optipng: global-buffer-overflow bug while parsing GIF file Changed Bug title to 'optipng: CVE-2017-16938: global-buffer-overflow bug while parsing GIF file' from 'optipng: global-buffer-overflow bug while parsing GIF file'. > thanks Stopping processing here. Please contact me if you need assistance. -- 878839: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878839 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#882032: marked as done (optipng: CVE-2017-1000229: Integer Overflow Bug while parsing TIFF input file)
Your message dated Fri, 08 Dec 2017 16:49:16 + with message-id <e1enlps-0006vy...@fasolo.debian.org> and subject line Bug#882032: fixed in optipng 0.7.6-1.1 has caused the Debian Bug report #882032, regarding optipng: CVE-2017-1000229: Integer Overflow Bug while parsing TIFF input file to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 882032: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882032 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: optipng Version: 0.7.6-1 Severity: important Tags: security upstream Forwarded: https://sourceforge.net/p/optipng/bugs/65/ Hi, the following vulnerability was published for optipng. CVE-2017-1000229[0]: | Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 | allows an attacker to remotely execute code or cause denial of | service. With the poc.tiff on upstream bug: ==9473== Memcheck, a memory error detector ==9473== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==9473== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info ==9473== Command: optipng poc.tiff ==9473== ** Processing: poc.tiff ==9473== Invalid write of size 4 ==9473==at 0x109C53: read_ulong_values (tiffread.c:131) ==9473==by 0x117504: minitiff_read_info (tiffread.c:358) ==9473==by 0x114B07: pngx_read_tiff (pngxrtif.c:85) ==9473==by 0x11272C: pngx_read_image (pngxread.c:130) ==9473==by 0x10CABF: opng_read_file (optim.c:939) ==9473==by 0x10DE99: opng_optimize_impl (optim.c:1503) ==9473==by 0x10EC28: opng_optimize (optim.c:1853) ==9473==by 0x10A30E: process_files (optipng.c:941) ==9473==by 0x10A30E: main (optipng.c:975) ==9473== Address 0x4aa56cc is 0 bytes after a block of size 4 alloc'd ==9473==at 0x482E2BC: malloc (vg_replace_malloc.c:299) ==9473==by 0x1174CA: minitiff_read_info (tiffread.c:353) ==9473==by 0x114B07: pngx_read_tiff (pngxrtif.c:85) ==9473==by 0x11272C: pngx_read_image (pngxread.c:130) ==9473==by 0x10CABF: opng_read_file (optim.c:939) ==9473==by 0x10DE99: opng_optimize_impl (optim.c:1503) ==9473==by 0x10EC28: opng_optimize (optim.c:1853) ==9473==by 0x10A30E: process_files (optipng.c:941) ==9473==by 0x10A30E: main (optipng.c:975) ==9473== Error: Error reading TIFF file ** Status report 1 file(s) have been processed. 1 error(s) have been encountered. ==9473== ==9473== HEAP SUMMARY: ==9473== in use at exit: 4 bytes in 1 blocks ==9473== total heap usage: 5 allocs, 4 frees, 5,600 bytes allocated ==9473== ==9473== LEAK SUMMARY: ==9473==definitely lost: 4 bytes in 1 blocks ==9473==indirectly lost: 0 bytes in 0 blocks ==9473== possibly lost: 0 bytes in 0 blocks ==9473==still reachable: 0 bytes in 0 blocks ==9473== suppressed: 0 bytes in 0 blocks ==9473== Rerun with --leak-check=full to see details of leaked memory ==9473== ==9473== For counts of detected and suppressed errors, rerun with: -v ==9473== ERROR SUMMARY: 262143 errors from 1 contexts (suppressed: 0 from 0) If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-1000229 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000229 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: optipng Source-Version: 0.7.6-1.1 We believe that the bug you reported is fixed in the latest version of optipng, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 882...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated optipng package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 07 Dec 2017 20:43:29 +0100 Source: optipng Binary: optipng Architecture: source Version: 0.7.6-1.1 Distribution: unstable Urgency: medium Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <
[Pkg-phototools-devel] Bug#878839: marked as done (optipng: global-buffer-overflow bug while parsing GIF file)
Your message dated Fri, 08 Dec 2017 16:49:16 + with message-id <e1enlps-0006vs...@fasolo.debian.org> and subject line Bug#878839: fixed in optipng 0.7.6-1.1 has caused the Debian Bug report #878839, regarding optipng: global-buffer-overflow bug while parsing GIF file to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 878839: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878839 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: optipng Version: 0.7.6-1 Severity: normal Dear Maintainer, global-buffer-overflow bug while parsing GIF file Running 'optipng' with the attached file raises global-buffer-overflow bug, which may allow a remote attacker to cause a denial-of-service attack or other unspecified impact with a crafted file. I expected the program to terminate without segfault, but the program crashes as follow * Please consider that this bug isn't found in default debian optipng * * which is installed by apt-get. * * This bug is only triggered when optipng was compiled by clang or by * * gcc without any optimizations. * - june@june:~/project/analyze/poc/optipng$ optipng poc ** Processing: poc Warning: Bogus data in GIF = ==11381==ERROR: AddressSanitizer: global-buffer-overflow on address 0x55c9084bf040 at pc 0x55c908286630 bp 0x7fffd3831e40 sp 0x7fffd3831e38 WRITE of size 4 at 0x55c9084bf040 thread T0 = ==11381==ERROR: AddressSanitizer: global-buffer-overflow on address 0x55c9084bf040 at pc 0x55c908286630 bp 0x7fffd3831e40 sp 0x7fffd3831e38 WRITE of size 4 at 0x55c9084bf040 thread T0 #0 0x55c90828662f (/home/june/project/analyze/bins/optipng-0.7.6/src/optipng/optipng+0x7362f) #1 0x55c908285912 (/home/june/project/analyze/bins/optipng-0.7.6/src/optipng/optipng+0x72912) #2 0x55c90828549f (/home/june/project/analyze/bins/optipng-0.7.6/src/optipng/optipng+0x7249f) #3 0x55c908284e00 (/home/june/project/analyze/bins/optipng-0.7.6/src/optipng/optipng+0x71e00) #4 0x55c908239928 (/home/june/project/analyze/bins/optipng-0.7.6/src/optipng/optipng+0x26928) #5 0x55c9082367a7 (/home/june/project/analyze/bins/optipng-0.7.6/src/optipng/optipng+0x237a7) #6 0x55c908229674 (/home/june/project/analyze/bins/optipng-0.7.6/src/optipng/optipng+0x16674) #7 0x55c90822b778 (/home/june/project/analyze/bins/optipng-0.7.6/src/optipng/optipng+0x18778) #8 0x55c90822c9fe (/home/june/project/analyze/bins/optipng-0.7.6/src/optipng/optipng+0x199fe) #9 0x55c90822731e (/home/june/project/analyze/bins/optipng-0.7.6/src/optipng/optipng+0x1431e) #10 0x55c908227436 (/home/june/project/analyze/bins/optipng-0.7.6/src/optipng/optipng+0x14436) #11 0x7fb1b02de2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) #12 0x55c908224389 (/home/june/project/analyze/bins/optipng-0.7.6/src/optipng/optipng+0x11389) 0x55c9084bf040 is located 0 bytes to the right of global variable 'stack' defined in 'gifread.c:401:16' (0x55c9084b7040) of size 32768 0x55c9084bf040 is located 32 bytes to the left of global variable 'oldcode' defined in 'gifread.c:398:27' (0x55c9084bf060) of size 4 SUMMARY: AddressSanitizer: global-buffer-overflow (/home/june/project/analyze/bins/optipng-0.7.6/src/optipng/optipng+0x7362f) Shadow bytes around the buggy address: 0x0ab9a108fdb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ab9a108fdc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ab9a108fdd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ab9a108fde0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ab9a108fdf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0ab9a108fe00: 00 00 00 00 00 00 00 00[f9]f9 f9 f9 04 f9 f9 f9 0x0ab9a108fe10: f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 0x0ab9a108fe20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ab9a108fe30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ab9a108fe40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ab9a108fe50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone:
[Pkg-phototools-devel] Processed: optipng: diff for NMU version 0.7.6-1.1
Processing control commands: > tags 878839 + patch Bug #878839 [optipng] optipng: global-buffer-overflow bug while parsing GIF file Added tag(s) patch. > tags 878839 + pending Bug #878839 [optipng] optipng: global-buffer-overflow bug while parsing GIF file Added tag(s) pending. > tags 882032 + pending Bug #882032 [src:optipng] optipng: CVE-2017-1000229: Integer Overflow Bug while parsing TIFF input file Added tag(s) pending. -- 878839: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878839 882032: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882032 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processed: optipng: diff for NMU version 0.7.6-1.1
Processing control commands: > tags 878839 + patch Bug #878839 [optipng] optipng: global-buffer-overflow bug while parsing GIF file Ignoring request to alter tags of bug #878839 to the same tags previously set > tags 878839 + pending Bug #878839 [optipng] optipng: global-buffer-overflow bug while parsing GIF file Ignoring request to alter tags of bug #878839 to the same tags previously set > tags 882032 + pending Bug #882032 [src:optipng] optipng: CVE-2017-1000229: Integer Overflow Bug while parsing TIFF input file Ignoring request to alter tags of bug #882032 to the same tags previously set -- 878839: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878839 882032: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882032 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#875069: marked as done ([opencolorio] Future Qt4 removal from Buster)
Your message dated Thu, 30 Nov 2017 21:17:40 + with message-id <e1ekwde-000emj...@fasolo.debian.org> and subject line Bug#875069: fixed in opencolorio 1.0.9~dfsg0-12 has caused the Debian Bug report #875069, regarding [opencolorio] Future Qt4 removal from Buster to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 875069: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875069 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: opencolorio Version: 1.0.9~dfsg0-11 Severity: wishlist User: debian-qt-...@lists.debian.org Usertags: qt4-removal Hi! As you might know we the Qt/KDE team are preparing to remove Qt4 as [announced] in: [announced] <https://lists.debian.org/debian-devel-announce/2017/08/msg6.html> Currently Qt4 has been dead upstream and we are starting to have problems maintaining it, like for example in the [OpenSSL 1.1 support] case. [OpenSSL 1.1 support] <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828522> In order to make this move, all packages directly or indirectly depending on the Qt4 libraries have to either get ported to Qt5 or eventually get removed from the Debian repositories. Therefore, please take the time and: - contact your upstream (if existing) and ask about the state of a Qt5 port of your application - if there are no activities regarding porting, investigate whether there are suitable alternatives for your users - if there is a Qt5 port that is not yet packaged, consider packaging it - if both the Qt4 and the Qt5 versions already coexist in the Debian archives, consider removing the Qt4 version = Porting = Some of us where involved in various Qt4 to Qt5 migrations [migration] and we know for sure that porting stuff from Qt4 to Qt5 is much much easier and less painful than it was from Qt3 to Qt4. We also understand that there is still a lot of software still using Qt4. Don't forget to take a look at the C++ API changes page [apichanges] whenever you start porting your application. [migration] http://pkg-kde.alioth.debian.org/packagingqtbasedstuff.html [apichanges] http://doc.qt.io/qt-5/sourcebreaks.html For any questions and issues, do not hesitate to contact the Debian Qt/KDE team at debian-qt-...@lists.debian.org The removal is being tracked in <https://wiki.debian.org/Qt4Removal> Lisandro, on behalf of the Qt4 maintainers --- End Message --- --- Begin Message --- Source: opencolorio Source-Version: 1.0.9~dfsg0-12 We believe that the bug you reported is fixed in the latest version of opencolorio, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 875...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Matteo F. Vescovi <m...@debian.org> (supplier of updated opencolorio package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 30 Nov 2017 21:07:32 +0100 Source: opencolorio Binary: libopencolorio-dev libopencolorio1v5 opencolorio-tools opencolorio-doc python-pyopencolorio Architecture: source Version: 1.0.9~dfsg0-12 Distribution: unstable Urgency: medium Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org> Changed-By: Matteo F. Vescovi <m...@debian.org> Description: libopencolorio-dev - complete color management solution - development libopencolorio1v5 - complete color management solution - runtime opencolorio-doc - complete color management solution - documentation opencolorio-tools - complete color management solution - utilities python-pyopencolorio - complete color management solution - python bindings Closes: 875069 Changes: opencolorio (1.0.9~dfsg0-12) unstable; urgency=medium . * debian/: dh bump 9 -> 10 * debian/control: - S-V bump 4.0.0 -> 4.1.1 (no changes needed) - Qt4 -> Qt5 migration (Closes: #875069) * debian/opencolorio-doc.doc-base: fix documentation path * debian/watch: enable repacking at uscan time Checksums-Sha1: e364d4f3b2f4b80314fe572dc5c2ea1bbbe17576 2837 opencolorio_1.0.9~dfsg0-12.dsc 8804e7df1689225db557a2d17b5c1b2452eebf05 10724 opencolorio_1.0.9~dfsg0-12.debian.tar.xz cf517385a944277be9c
[Pkg-phototools-devel] Processed: tagging 878839
Processing commands for cont...@bugs.debian.org: > tags 878839 + security Bug #878839 [optipng] optipng: global-buffer-overflow bug while parsing GIF file Added tag(s) security. > thanks Stopping processing here. Please contact me if you need assistance. -- 878839: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878839 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processed: tagging 882032
Processing commands for cont...@bugs.debian.org: > # not yet fixed upstream but proposed patch available > tags 882032 - fixed-upstream Bug #882032 [src:optipng] optipng: CVE-2017-1000229: Integer Overflow Bug while parsing TIFF input file Removed tag(s) fixed-upstream. > thanks Stopping processing here. Please contact me if you need assistance. -- 882032: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882032 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processed: Re: optipng: CVE-2017-1000229: Integer Overflow Bug while parsing TIFF input file
Processing control commands: > tags -1 fixed-upstream patch Bug #882032 [src:optipng] optipng: CVE-2017-1000229: Integer Overflow Bug while parsing TIFF input file Added tag(s) patch and fixed-upstream. -- 882032: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882032 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processed: tagging 882032
Processing commands for cont...@bugs.debian.org: > tags 882032 - fixed-upstream Bug #882032 [src:optipng] optipng: CVE-2017-1000229: Integer Overflow Bug while parsing TIFF input file Removed tag(s) fixed-upstream. > thanks Stopping processing here. Please contact me if you need assistance. -- 882032: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882032 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processed: tagging 882032
Processing commands for cont...@bugs.debian.org: > tags 882032 + fixed-upstream Bug #882032 [src:optipng] optipng: CVE-2017-1000229: Integer Overflow Bug while parsing TIFF input file Added tag(s) fixed-upstream. > thanks Stopping processing here. Please contact me if you need assistance. -- 882032: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882032 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#881679: marked as done (openimageio: FTBFS on arm{el, hf}: mixes GLES and classic OpenGL)
Your message dated Thu, 16 Nov 2017 15:21:51 + with message-id <e1eflzd-0008mk...@fasolo.debian.org> and subject line Bug#881679: fixed in openimageio 1.8.6~dfsg0-4 has caused the Debian Bug report #881679, regarding openimageio: FTBFS on arm{el,hf}: mixes GLES and classic OpenGL to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 881679: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881679 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: openimageio Version: 1.7.17~dfsg0-1+b1 Severity: serious Tags: upstream Justification: fails to build from source (but built successfully in the past) User: debian-...@lists.debian.org Usertags: armel armhf Builds of openimageio on armel and armhf have been failing since the switch to Qt 5 with a cascade of errors starting with In file included from /usr/include/arm-linux-gnueabihf/qt5/QtGui/qopengl.h:107:0, from /usr/include/arm-linux-gnueabihf/qt5/QtOpenGL/qgl.h:45, from /usr/include/arm-linux-gnueabihf/qt5/QtOpenGL/QGLWidget:1, from /<>/src/iv/imageviewer.h:50, from /<>/src/iv/imageviewer.cpp:38: /usr/include/GLES3/gl3.h:75:25: error: conflicting declaration 'typedef khronos_ssize_t GLsizeiptr' typedef khronos_ssize_t GLsizeiptr; ^~ In file included from /<>/src/iv/imageviewer.h:49:0, from /<>/src/iv/imageviewer.cpp:38: /usr/include/GL/glew.h:1680:19: note: previous declaration as 'typedef ptrdiff_t GLsizeiptr' typedef ptrdiff_t GLsizeiptr; as detailed in https://buildd.debian.org/status/fetch.php?pkg=openimageio=armel=1.8.6%7Edfsg0-3=1510356066=0 https://buildd.debian.org/status/fetch.php?pkg=openimageio=armhf=1.8.6%7Edfsg0-3=1510366058=0 Could you please take a look? I suspect you'll need to use GLES here for consistency with Qt 5. Thanks! -- Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org) http://www.mit.edu/~amu/ | http://stuff.mit.edu/cgi/finger/?a...@monk.mit.edu --- End Message --- --- Begin Message --- Source: openimageio Source-Version: 1.8.6~dfsg0-4 We believe that the bug you reported is fixed in the latest version of openimageio, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 881...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Matteo F. Vescovi <m...@debian.org> (supplier of updated openimageio package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 16 Nov 2017 15:08:58 +0100 Source: openimageio Binary: libopenimageio1.8 libopenimageio-dev openimageio-tools python-openimageio libopenimageio-doc Architecture: source Version: 1.8.6~dfsg0-4 Distribution: unstable Urgency: medium Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org> Changed-By: Matteo F. Vescovi <m...@debian.org> Description: libopenimageio-dev - Library for reading and writing images - development libopenimageio-doc - Library for reading and writing images - documentation libopenimageio1.8 - Library for reading and writing images - runtime openimageio-tools - Library for reading and writing images - command line tools python-openimageio - Library for reading and writing images - Python bindings Closes: 881679 Changes: openimageio (1.8.6~dfsg0-4) unstable; urgency=medium . * debian/rules: OpenGL support disabled (Closes: #881679) Checksums-Sha1: c15346c2297290109f455caac26ed80d4d08d599 2873 openimageio_1.8.6~dfsg0-4.dsc 5416176f0d2299488601d66e9a561ac8378f6f0f 24772 openimageio_1.8.6~dfsg0-4.debian.tar.xz 6a989da2e5f22984b9bfc70e64c4897b168ac8dc 7280 openimageio_1.8.6~dfsg0-4_source.buildinfo Checksums-Sha256: e3eb1b7da3815d3689592bd4f96003aece25ea51cd5b3710d83d60e1c20b9b1d 2873 openimageio_1.8.6~dfsg0-4.dsc 8aa2f954cc457986a4ecf3c6b7337ec6980de18ee5b8f191e52d13273d5b3601 24772 openimageio_1.8.6~dfsg0-4.debian.tar.xz ba7e72cc113acf880560ab37bb07a216bd7f9409fa898b34f855e0ef1b6504ab 7280 openimageio_1.8.6~dfsg0-4_source.buildinfo Files: 4039adda286948030da146b96116daa3 2
[Pkg-phototools-devel] Processed: found 881679 in openimageio/1.8.6~dfsg0-3
Processing commands for cont...@bugs.debian.org: > found 881679 openimageio/1.8.6~dfsg0-3 Bug #881679 [src:openimageio] openimageio: FTBFS on arm{el,hf}: mixes GLES and classic OpenGL Marked as found in versions openimageio/1.8.6~dfsg0-3. > thanks Stopping processing here. Please contact me if you need assistance. -- 881679: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881679 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processed: bug 881679 is forwarded to https://github.com/OpenImageIO/oiio/issues/1804
Processing commands for cont...@bugs.debian.org: > forwarded 881679 https://github.com/OpenImageIO/oiio/issues/1804 Bug #881679 [src:openimageio] openimageio: FTBFS on arm{el,hf}: mixes GLES and classic OpenGL Set Bug forwarded-to-address to 'https://github.com/OpenImageIO/oiio/issues/1804'. > thanks Stopping processing here. Please contact me if you need assistance. -- 881679: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881679 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processed: notfound 881679 in 1.7.17~dfsg0-1+b1
Processing commands for cont...@bugs.debian.org: > notfound 881679 1.7.17~dfsg0-1+b1 Bug #881679 [src:openimageio] openimageio: FTBFS on arm{el,hf}: mixes GLES and classic OpenGL The source 'openimageio' and version '1.7.17~dfsg0-1+b1' do not appear to match any binary packages No longer marked as found in versions openimageio/1.7.17~dfsg0-1+b1. > thanks Stopping processing here. Please contact me if you need assistance. -- 881679: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881679 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#880774: marked as done (libpuzzle build depends on removed libgd2*-dev provides)
Your message dated Sun, 12 Nov 2017 16:50:04 + with message-id <e1edvso-0007rs...@fasolo.debian.org> and subject line Bug#880774: fixed in libpuzzle 0.11-2 has caused the Debian Bug report #880774, regarding libpuzzle build depends on removed libgd2*-dev provides to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 880774: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880774 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: libpuzzle Version: 0.11-1 Severity: serious Tags: buster sid The following packages have unmet dependencies: builddeps:libpuzzle : Depends: libgd2-noxpm-dev but it is not installable Please change the build dependency to libgd-dev. --- End Message --- --- Begin Message --- Source: libpuzzle Source-Version: 0.11-2 We believe that the bug you reported is fixed in the latest version of libpuzzle, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 880...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Herbert Parentes Fortes Neto <h...@debian.org> (supplier of updated libpuzzle package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 12 Nov 2017 14:18:03 -0200 Source: libpuzzle Binary: libpuzzle1 libpuzzle-bin libpuzzle-dev Architecture: source amd64 Version: 0.11-2 Distribution: unstable Urgency: medium Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org> Changed-By: Herbert Parentes Fortes Neto <h...@debian.org> Description: libpuzzle-bin - quick similar image finder - runtime tool libpuzzle-dev - quick similar image finder - development files libpuzzle1 - quick similar image finder - shared library Closes: 880774 Changes: libpuzzle (0.11-2) unstable; urgency=medium . * Team upload. * debian/control: - Build-Depends: libgd-dev instead of libgd2-noxpm-dev. (Closes: #880774) - Thanks Adrian Bunk * debian/rules: - Add DEB_CFLAGS_MAINT_APPEND = -fPIE - Add DEB_LDFLAGS_MAINT_APPEND = -fPIE -pie Checksums-Sha1: 5e39f7d2a2ce0daf1bbae75f6357331908698a4a 2114 libpuzzle_0.11-2.dsc 1e9d6f364501ce0a08babb17d187275d02743e2e 522132 libpuzzle_0.11.orig.tar.gz 1046fe0ed840b956bc68653646465499a18cc2ef 8364 libpuzzle_0.11-2.debian.tar.xz 1c6dac53208bea856d7e7e771c79f7cef1ff8b8b 5992 libpuzzle-bin-dbgsym_0.11-2_amd64.deb 0f2536a58328a34f3bd27f349d6013bbf4eab856 12328 libpuzzle-bin_0.11-2_amd64.deb d8c711535c8991d7db7c52c9bb9c1c6c1195635d 22372 libpuzzle-dev_0.11-2_amd64.deb 647b24e516c38ba022b31a1380562c83dc2cb215 20064 libpuzzle1-dbgsym_0.11-2_amd64.deb 6f21c19d9544daac1fa40af46971f6a81e450dba 15576 libpuzzle1_0.11-2_amd64.deb 2e41793e1b2402770d98fd3775397b1a14e58490 7946 libpuzzle_0.11-2_amd64.buildinfo Checksums-Sha256: d6ac200a02b19fbf8c245f459d91354969e28ce36871de5f8f201a1578fac4f4 2114 libpuzzle_0.11-2.dsc 381e774d0434ac897f3a301a62d3e6647f4cfdd5fdd1bda0c9f10ca1f95c0369 522132 libpuzzle_0.11.orig.tar.gz 34ca890c635fd4402d39a20a189e07ce64f671b63127973b29e3bfb7f87167f6 8364 libpuzzle_0.11-2.debian.tar.xz 54bcd984b0a3eae5d4fd510fd5378e599a7368707a79d8bda8f007837eeb8a5c 5992 libpuzzle-bin-dbgsym_0.11-2_amd64.deb a9360e573ae84370023acd9f07411459a101e26c88d8bc7eeac9228a402fe436 12328 libpuzzle-bin_0.11-2_amd64.deb 84485261dedc8667ddda4ed4818b2840cad58a184e2d636934611108c2c8363d 22372 libpuzzle-dev_0.11-2_amd64.deb 35fd2c043e13844a8eb609fc7646e9fabfc3a2443fb238a26ab5491c5c407762 20064 libpuzzle1-dbgsym_0.11-2_amd64.deb f7bb7dbb38ec64029a938c393be4010f4584c9936f6feab36d883665abc28707 15576 libpuzzle1_0.11-2_amd64.deb 22c28ebde531359a02535ae6e60f776b1721a45e7d5654a20ee61b1fc54bb668 7946 libpuzzle_0.11-2_amd64.buildinfo Files: 8119a417460dbeaf1edf700a9e4a95df 2114 graphics extra libpuzzle_0.11-2.dsc 505879bf25d2e09d62b76660a6fa0eaa 522132 graphics extra libpuzzle_0.11.orig.tar.gz 5c9205a1f7c05204b546f66db23a9b0e 8364 graphics extra libpuzzle_0.11-2.debian.tar.xz 36a343446e30456d0cccd30c2300b70c 5992 debug optional libpuzzle-bin-dbgsym_0.11-2_amd64.deb 501d1f9388ed11209b7d8bb4e1768842 12328 graphics extra libpuzzle-bin_0.11-2_amd64.deb c7bc7b4e
[Pkg-phototools-devel] Processed: CVE-2016-10504 / CVE-2017-14151
Processing control commands: > notfound -1 2.1.0-2+deb8u2 Bug #874430 {Done: Mathieu Malaterre <ma...@debian.org>} [src:openjpeg2] openjpeg2: CVE-2017-14151: heap-based buffer overflow in opj_mqc_flush Ignoring request to alter found versions of bug #874430 to the same values previously set -- 874430: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874430 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processed: CVE-2016-10504 / CVE-2017-14151
Processing control commands: > notfound -1 2.1.0-2+deb8u2 Bug #874113 {Done: Salvatore Bonaccorso <car...@debian.org>} [src:openjpeg2] openjpeg2: CVE-2016-10504: Heap-based buffer over-write in in opj_mqc_byteout function of mqc.c Ignoring request to alter found versions of bug #874113 to the same values previously set -- 874113: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874113 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processed: CVE-2017-14039: Heap-based buffer overflow in opj_t2_encode_packet function in lib/openjp2/t2.c
Processing control commands: > severity -1 important Bug #874118 {Done: Salvatore Bonaccorso <car...@debian.org>} [src:openjpeg2] openjpeg2: CVE-2017-14039: Heap-based buffer overflow in opj_t2_encode_packet function in lib/openjp2/t2.c Ignoring request to change severity of Bug 874118 to the same value. -- 874118: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874118 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processed: closing 874117
Processing commands for cont...@bugs.debian.org: > close 874117 2.3.0-1 Bug #874117 [src:openjpeg2] openjpeg2: CVE-2017-14040: invalid memory write in tgatoimage Marked as fixed in versions openjpeg2/2.3.0-1. Bug #874117 [src:openjpeg2] openjpeg2: CVE-2017-14040: invalid memory write in tgatoimage Marked Bug as done > thanks Stopping processing here. Please contact me if you need assistance. -- 874117: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874117 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processed: closing 874118
Processing commands for cont...@bugs.debian.org: > close 874118 2.3.0-1 Bug #874118 [src:openjpeg2] openjpeg2: CVE-2017-14039: Heap-based buffer overflow in opj_t2_encode_packet function in lib/openjp2/t2.c Marked as fixed in versions openjpeg2/2.3.0-1. Bug #874118 [src:openjpeg2] openjpeg2: CVE-2017-14039: Heap-based buffer overflow in opj_t2_encode_packet function in lib/openjp2/t2.c Marked Bug as done > thanks Stopping processing here. Please contact me if you need assistance. -- 874118: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874118 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#877676: marked as done (Drop -dbg package)
Your message dated Mon, 16 Oct 2017 09:08:02 + with message-id <e1e41ns-0007o5...@fasolo.debian.org> and subject line Bug#877676: fixed in openjpeg2 2.3.0-1 has caused the Debian Bug report #877676, regarding Drop -dbg package to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 877676: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877676 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: src:openjpeg2 Version: 2.2.0-1 Severity: minor It may be time to drop -dbg package now that we have automated ones for free: https://wiki.debian.org/AutomaticDebugPackages --- End Message --- --- Begin Message --- Source: openjpeg2 Source-Version: 2.3.0-1 We believe that the bug you reported is fixed in the latest version of openjpeg2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 877...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Mathieu Malaterre <ma...@debian.org> (supplier of updated openjpeg2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 16 Oct 2017 07:43:41 +0200 Source: openjpeg2 Binary: libopenjp2-7-dev libopenjp2-7 libopenjpip7 libopenjp3d7 libopenjpip-dec-server libopenjpip-viewer libopenjpip-server libopenjp3d-tools libopenjp2-tools Architecture: source amd64 all Version: 2.3.0-1 Distribution: unstable Urgency: medium Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org> Changed-By: Mathieu Malaterre <ma...@debian.org> Description: libopenjp2-7 - JPEG 2000 image compression/decompression library libopenjp2-7-dev - development files for OpenJPEG, a JPEG 2000 image library libopenjp2-tools - command-line tools using the JPEG 2000 library libopenjp3d-tools - command-line tools using the JPEG 2000 - 3D library libopenjp3d7 - JP3D (JPEG 2000 / Part 10) image compression/decompression librar libopenjpip-dec-server - tool to allow caching of JPEG 2000 files using JPIP protocol libopenjpip-server - JPIP server for JPEG 2000 files libopenjpip-viewer - JPEG 2000 java based viewer for advanced remote JPIP access libopenjpip7 - JPEG 2000 Interactive Protocol Closes: 874115 874430 874431 877676 877758 Changes: openjpeg2 (2.3.0-1) unstable; urgency=medium . * New upstream release. Closes: #877758 * Drop explicit -dbg package. Closes: #877676 * Fix CVE-2017-14041. Closes: #874115 * Fix CVE-2017-14151. Closes: #874430 * Fix CVE-2017-14152. Closes: #874431 Checksums-Sha1: 90eb0d36e0fb465b7669b6c3b2f5ea57050e1078 2725 openjpeg2_2.3.0-1.dsc 3093a23f815e2a75d4fab2a68a572cb05c4ac75a 2074456 openjpeg2_2.3.0.orig.tar.gz 24d6b3d2ae4b31e48a253d7c4fadb2ca69c0224b 17744 openjpeg2_2.3.0-1.debian.tar.xz 161d550f5708881f1477de4ab461324a5782a26f 412488 libopenjp2-7-dbgsym_2.3.0-1_amd64.deb 5992e9ca12bd4ac1ecd83bbee9e0aed9a153f7cf 43642 libopenjp2-7-dev_2.3.0-1_amd64.deb 3429684594b2271933d40c6ed85825ca94accd54 162718 libopenjp2-7_2.3.0-1_amd64.deb 308e4dd2cb5880e6ad47dfb82134bdc0b8f417e1 344796 libopenjp2-tools-dbgsym_2.3.0-1_amd64.deb 15136a59ac8bddd3215e48515b5c470be64c8e36 100324 libopenjp2-tools_2.3.0-1_amd64.deb 9c48405da7736d579ff70ffe3e489a6b2cf3ace6 59470 libopenjp3d-tools-dbgsym_2.3.0-1_amd64.deb 17d6ae2de268b5ac64a28b1f71809f0bb5a5b864 45776 libopenjp3d-tools_2.3.0-1_amd64.deb 7d54fed1d60ba04e56281aec46d6c57ce32c2e6a 163618 libopenjp3d7-dbgsym_2.3.0-1_amd64.deb 83135e6a6a5d7164b4f1df95cd46fdbfd3029c9e 88948 libopenjp3d7_2.3.0-1_amd64.deb 68f75e6237e2a319c262d82b3b3137c24604 20924 libopenjpip-dec-server-dbgsym_2.3.0-1_amd64.deb 85c626a01882c6864f63055a83a9e48ff84cb13b 32824 libopenjpip-dec-server_2.3.0-1_amd64.deb 4837cf60fdf04138d883dd15d7c479d23e454f29 96850 libopenjpip-server-dbgsym_2.3.0-1_amd64.deb f3944189e63902cb50ac6ee5d9c07d9083d2f963 55206 libopenjpip-server_2.3.0-1_amd64.deb 4cc8e41bd7ac42091af2fe6eb3505637a3eeccd4 49344 libopenjpip-viewer_2.3.0-1_all.deb aa4d1154d31f3e9bb46bd61c159b068903d56128 132162 libopenjpip7-dbgsym_2.3.0-1_amd64.deb 8c31f3618b5484a6cfaa41b488bc8006b86b31e2 65052 libopenjpip7_2.3.0-1_amd64.deb cabde61b32cef60a5cca64cad0b5e26fc386ddd
[Pkg-phototools-devel] Bug#877758: marked as done (OpenJPEG 2.3.0 is out !)
Your message dated Mon, 16 Oct 2017 09:08:02 + with message-id <e1e41ns-0007ob...@fasolo.debian.org> and subject line Bug#877758: fixed in openjpeg2 2.3.0-1 has caused the Debian Bug report #877758, regarding OpenJPEG 2.3.0 is out ! to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 877758: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877758 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: src:openjpeg2 OpenJPEG 2.3.0 is out, please package it. It will fix some CVE(s) issues. http://www.openjpeg.org/2017/10/04/OpenJPEG-2.3.0-released --- End Message --- --- Begin Message --- Source: openjpeg2 Source-Version: 2.3.0-1 We believe that the bug you reported is fixed in the latest version of openjpeg2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 877...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Mathieu Malaterre <ma...@debian.org> (supplier of updated openjpeg2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 16 Oct 2017 07:43:41 +0200 Source: openjpeg2 Binary: libopenjp2-7-dev libopenjp2-7 libopenjpip7 libopenjp3d7 libopenjpip-dec-server libopenjpip-viewer libopenjpip-server libopenjp3d-tools libopenjp2-tools Architecture: source amd64 all Version: 2.3.0-1 Distribution: unstable Urgency: medium Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org> Changed-By: Mathieu Malaterre <ma...@debian.org> Description: libopenjp2-7 - JPEG 2000 image compression/decompression library libopenjp2-7-dev - development files for OpenJPEG, a JPEG 2000 image library libopenjp2-tools - command-line tools using the JPEG 2000 library libopenjp3d-tools - command-line tools using the JPEG 2000 - 3D library libopenjp3d7 - JP3D (JPEG 2000 / Part 10) image compression/decompression librar libopenjpip-dec-server - tool to allow caching of JPEG 2000 files using JPIP protocol libopenjpip-server - JPIP server for JPEG 2000 files libopenjpip-viewer - JPEG 2000 java based viewer for advanced remote JPIP access libopenjpip7 - JPEG 2000 Interactive Protocol Closes: 874115 874430 874431 877676 877758 Changes: openjpeg2 (2.3.0-1) unstable; urgency=medium . * New upstream release. Closes: #877758 * Drop explicit -dbg package. Closes: #877676 * Fix CVE-2017-14041. Closes: #874115 * Fix CVE-2017-14151. Closes: #874430 * Fix CVE-2017-14152. Closes: #874431 Checksums-Sha1: 90eb0d36e0fb465b7669b6c3b2f5ea57050e1078 2725 openjpeg2_2.3.0-1.dsc 3093a23f815e2a75d4fab2a68a572cb05c4ac75a 2074456 openjpeg2_2.3.0.orig.tar.gz 24d6b3d2ae4b31e48a253d7c4fadb2ca69c0224b 17744 openjpeg2_2.3.0-1.debian.tar.xz 161d550f5708881f1477de4ab461324a5782a26f 412488 libopenjp2-7-dbgsym_2.3.0-1_amd64.deb 5992e9ca12bd4ac1ecd83bbee9e0aed9a153f7cf 43642 libopenjp2-7-dev_2.3.0-1_amd64.deb 3429684594b2271933d40c6ed85825ca94accd54 162718 libopenjp2-7_2.3.0-1_amd64.deb 308e4dd2cb5880e6ad47dfb82134bdc0b8f417e1 344796 libopenjp2-tools-dbgsym_2.3.0-1_amd64.deb 15136a59ac8bddd3215e48515b5c470be64c8e36 100324 libopenjp2-tools_2.3.0-1_amd64.deb 9c48405da7736d579ff70ffe3e489a6b2cf3ace6 59470 libopenjp3d-tools-dbgsym_2.3.0-1_amd64.deb 17d6ae2de268b5ac64a28b1f71809f0bb5a5b864 45776 libopenjp3d-tools_2.3.0-1_amd64.deb 7d54fed1d60ba04e56281aec46d6c57ce32c2e6a 163618 libopenjp3d7-dbgsym_2.3.0-1_amd64.deb 83135e6a6a5d7164b4f1df95cd46fdbfd3029c9e 88948 libopenjp3d7_2.3.0-1_amd64.deb 68f75e6237e2a319c262d82b3b3137c24604 20924 libopenjpip-dec-server-dbgsym_2.3.0-1_amd64.deb 85c626a01882c6864f63055a83a9e48ff84cb13b 32824 libopenjpip-dec-server_2.3.0-1_amd64.deb 4837cf60fdf04138d883dd15d7c479d23e454f29 96850 libopenjpip-server-dbgsym_2.3.0-1_amd64.deb f3944189e63902cb50ac6ee5d9c07d9083d2f963 55206 libopenjpip-server_2.3.0-1_amd64.deb 4cc8e41bd7ac42091af2fe6eb3505637a3eeccd4 49344 libopenjpip-viewer_2.3.0-1_all.deb aa4d1154d31f3e9bb46bd61c159b068903d56128 132162 libopenjpip7-dbgsym_2.3.0-1_amd64.deb 8c31f3618b5484a6cfaa41b488bc8006b86b31e2 65052 libopenjpip7_2.3.0-1_amd64.deb cabde61b32cef60a5cca64cad0b5e26fc386ddd9 16305 openjpeg2
[Pkg-phototools-devel] Bug#874430: marked as done (openjpeg2: CVE-2017-14151: heap-based buffer overflow in opj_mqc_flush)
Your message dated Mon, 16 Oct 2017 09:08:02 + with message-id <e1e41ns-0007nt...@fasolo.debian.org> and subject line Bug#874430: fixed in openjpeg2 2.3.0-1 has caused the Debian Bug report #874430, regarding openjpeg2: CVE-2017-14151: heap-based buffer overflow in opj_mqc_flush to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 874430: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874430 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: openjpeg2 Version: 2.1.2-1.3 Severity: grave Tags: security upstream patch Forwarded: https://github.com/uclouvain/openjpeg/issues/982 Hi, the following vulnerability was published for openjpeg2. CVE-2017-14151[0]: | An off-by-one error was discovered in | opj_tcd_code_block_enc_allocate_data in lib/openjp2/tcd.c in OpenJPEG | 2.2.0. The vulnerability causes an out-of-bounds write, which may lead | to remote denial of service (heap-based buffer overflow affecting | opj_mqc_flush in lib/openjp2/mqc.c and opj_t1_encode_cblk in | lib/openjp2/t1.c) or possibly remote code execution. Verifiable with an ASAN build of openjpeg2. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-14151 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14151 [1] https://github.com/uclouvain/openjpeg/issues/982 [2] https://blogs.gentoo.org/ago/2017/08/16/openjpeg-heap-based-buffer-overflow-in-opj_mqc_flush-mqc-c/ Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: openjpeg2 Source-Version: 2.3.0-1 We believe that the bug you reported is fixed in the latest version of openjpeg2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 874...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Mathieu Malaterre <ma...@debian.org> (supplier of updated openjpeg2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 16 Oct 2017 07:43:41 +0200 Source: openjpeg2 Binary: libopenjp2-7-dev libopenjp2-7 libopenjpip7 libopenjp3d7 libopenjpip-dec-server libopenjpip-viewer libopenjpip-server libopenjp3d-tools libopenjp2-tools Architecture: source amd64 all Version: 2.3.0-1 Distribution: unstable Urgency: medium Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org> Changed-By: Mathieu Malaterre <ma...@debian.org> Description: libopenjp2-7 - JPEG 2000 image compression/decompression library libopenjp2-7-dev - development files for OpenJPEG, a JPEG 2000 image library libopenjp2-tools - command-line tools using the JPEG 2000 library libopenjp3d-tools - command-line tools using the JPEG 2000 - 3D library libopenjp3d7 - JP3D (JPEG 2000 / Part 10) image compression/decompression librar libopenjpip-dec-server - tool to allow caching of JPEG 2000 files using JPIP protocol libopenjpip-server - JPIP server for JPEG 2000 files libopenjpip-viewer - JPEG 2000 java based viewer for advanced remote JPIP access libopenjpip7 - JPEG 2000 Interactive Protocol Closes: 874115 874430 874431 877676 877758 Changes: openjpeg2 (2.3.0-1) unstable; urgency=medium . * New upstream release. Closes: #877758 * Drop explicit -dbg package. Closes: #877676 * Fix CVE-2017-14041. Closes: #874115 * Fix CVE-2017-14151. Closes: #874430 * Fix CVE-2017-14152. Closes: #874431 Checksums-Sha1: 90eb0d36e0fb465b7669b6c3b2f5ea57050e1078 2725 openjpeg2_2.3.0-1.dsc 3093a23f815e2a75d4fab2a68a572cb05c4ac75a 2074456 openjpeg2_2.3.0.orig.tar.gz 24d6b3d2ae4b31e48a253d7c4fadb2ca69c0224b 17744 openjpeg2_2.3.0-1.debian.tar.xz 161d550f5708881f1477de4ab461324a5782a26f 412488 libopenjp2-7-dbgsym_2.3.0-1_amd64.deb 5992e9ca12bd4ac1ecd83bbee9e0aed9a153f7cf 43642 libopenjp2-7-dev_2.3.0-1_amd64.deb 3429684594b2271933d40c6ed85825ca94accd54 162718 libopenjp2-7_2.3.0-1_amd64.deb 308e4dd2cb5880e6ad47dfb82134bdc0b8f417e1 344796 libopenjp2-tools-dbgsym_2.3.0-1_amd64.deb 15136a59ac8bddd3215e48515b5c470
[Pkg-phototools-devel] Bug#874431: marked as done (openjpeg2: CVE-2017-14152: heap-based buffer overflow in opj_write_bytes_LE)
Your message dated Mon, 16 Oct 2017 09:08:02 + with message-id <e1e41ns-0007nz...@fasolo.debian.org> and subject line Bug#874431: fixed in openjpeg2 2.3.0-1 has caused the Debian Bug report #874431, regarding openjpeg2: CVE-2017-14152: heap-based buffer overflow in opj_write_bytes_LE to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 874431: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874431 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: openjpeg2 Version: 2.1.2-1.3 Severity: grave Tags: upstream patch security Forwarded: https://github.com/uclouvain/openjpeg/issues/985 Hi, the following vulnerability was published for openjpeg2. CVE-2017-14152[0]: | A mishandled zero case was discovered in opj_j2k_set_cinema_parameters | in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an | out-of-bounds write, which may lead to remote denial of service | (heap-based buffer overflow affecting opj_write_bytes_LE in | lib/openjp2/cio.c and opj_j2k_write_sot in lib/openjp2/j2k.c) or | possibly remote code execution. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-14152 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14152 [1] https://github.com/uclouvain/openjpeg/issues/985 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: openjpeg2 Source-Version: 2.3.0-1 We believe that the bug you reported is fixed in the latest version of openjpeg2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 874...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Mathieu Malaterre <ma...@debian.org> (supplier of updated openjpeg2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 16 Oct 2017 07:43:41 +0200 Source: openjpeg2 Binary: libopenjp2-7-dev libopenjp2-7 libopenjpip7 libopenjp3d7 libopenjpip-dec-server libopenjpip-viewer libopenjpip-server libopenjp3d-tools libopenjp2-tools Architecture: source amd64 all Version: 2.3.0-1 Distribution: unstable Urgency: medium Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org> Changed-By: Mathieu Malaterre <ma...@debian.org> Description: libopenjp2-7 - JPEG 2000 image compression/decompression library libopenjp2-7-dev - development files for OpenJPEG, a JPEG 2000 image library libopenjp2-tools - command-line tools using the JPEG 2000 library libopenjp3d-tools - command-line tools using the JPEG 2000 - 3D library libopenjp3d7 - JP3D (JPEG 2000 / Part 10) image compression/decompression librar libopenjpip-dec-server - tool to allow caching of JPEG 2000 files using JPIP protocol libopenjpip-server - JPIP server for JPEG 2000 files libopenjpip-viewer - JPEG 2000 java based viewer for advanced remote JPIP access libopenjpip7 - JPEG 2000 Interactive Protocol Closes: 874115 874430 874431 877676 877758 Changes: openjpeg2 (2.3.0-1) unstable; urgency=medium . * New upstream release. Closes: #877758 * Drop explicit -dbg package. Closes: #877676 * Fix CVE-2017-14041. Closes: #874115 * Fix CVE-2017-14151. Closes: #874430 * Fix CVE-2017-14152. Closes: #874431 Checksums-Sha1: 90eb0d36e0fb465b7669b6c3b2f5ea57050e1078 2725 openjpeg2_2.3.0-1.dsc 3093a23f815e2a75d4fab2a68a572cb05c4ac75a 2074456 openjpeg2_2.3.0.orig.tar.gz 24d6b3d2ae4b31e48a253d7c4fadb2ca69c0224b 17744 openjpeg2_2.3.0-1.debian.tar.xz 161d550f5708881f1477de4ab461324a5782a26f 412488 libopenjp2-7-dbgsym_2.3.0-1_amd64.deb 5992e9ca12bd4ac1ecd83bbee9e0aed9a153f7cf 43642 libopenjp2-7-dev_2.3.0-1_amd64.deb 3429684594b2271933d40c6ed85825ca94accd54 162718 libopenjp2-7_2.3.0-1_amd64.deb 308e4dd2cb5880e6ad47dfb82134bdc0b8f417e1 344796 libopenjp2-tools-dbgsym_2.3.0-1_amd64.deb 15136a59ac8bddd3215e48515b5c470be64c8e36 100324 libopenjp2-tools_2.3.0-1_amd64.deb 9c48405da7736d579ff70ffe3e489a6b2cf3ace6 59470 libopenjp3d-to
[Pkg-phototools-devel] Bug#874115: marked as done (openjpeg2: CVE-2017-14041: Stack-based buffer over-write in pgxtoimage function in bin/jp2/convert.c)
Your message dated Mon, 16 Oct 2017 09:08:02 + with message-id <e1e41ns-0007nn...@fasolo.debian.org> and subject line Bug#874115: fixed in openjpeg2 2.3.0-1 has caused the Debian Bug report #874115, regarding openjpeg2: CVE-2017-14041: Stack-based buffer over-write in pgxtoimage function in bin/jp2/convert.c to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 874115: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874115 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: openjpeg2 Version: 2.1.0-2 Severity: grave Tags: upstream patch security Forwarded: https://github.com/uclouvain/openjpeg/issues/997 Hi, the following vulnerability was published for openjpeg2. CVE-2017-14041[0]: | A stack-based buffer overflow was discovered in the pgxtoimage function | in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an | out-of-bounds write, which may lead to remote denial of service or | possibly remote code execution. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-14041 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14041 [1] https://github.com/uclouvain/openjpeg/issues/997 [2] https://github.com/uclouvain/openjpeg/commit/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9 Regards, Salvatore --- End Message --- --- Begin Message --- Source: openjpeg2 Source-Version: 2.3.0-1 We believe that the bug you reported is fixed in the latest version of openjpeg2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 874...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Mathieu Malaterre <ma...@debian.org> (supplier of updated openjpeg2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 16 Oct 2017 07:43:41 +0200 Source: openjpeg2 Binary: libopenjp2-7-dev libopenjp2-7 libopenjpip7 libopenjp3d7 libopenjpip-dec-server libopenjpip-viewer libopenjpip-server libopenjp3d-tools libopenjp2-tools Architecture: source amd64 all Version: 2.3.0-1 Distribution: unstable Urgency: medium Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org> Changed-By: Mathieu Malaterre <ma...@debian.org> Description: libopenjp2-7 - JPEG 2000 image compression/decompression library libopenjp2-7-dev - development files for OpenJPEG, a JPEG 2000 image library libopenjp2-tools - command-line tools using the JPEG 2000 library libopenjp3d-tools - command-line tools using the JPEG 2000 - 3D library libopenjp3d7 - JP3D (JPEG 2000 / Part 10) image compression/decompression librar libopenjpip-dec-server - tool to allow caching of JPEG 2000 files using JPIP protocol libopenjpip-server - JPIP server for JPEG 2000 files libopenjpip-viewer - JPEG 2000 java based viewer for advanced remote JPIP access libopenjpip7 - JPEG 2000 Interactive Protocol Closes: 874115 874430 874431 877676 877758 Changes: openjpeg2 (2.3.0-1) unstable; urgency=medium . * New upstream release. Closes: #877758 * Drop explicit -dbg package. Closes: #877676 * Fix CVE-2017-14041. Closes: #874115 * Fix CVE-2017-14151. Closes: #874430 * Fix CVE-2017-14152. Closes: #874431 Checksums-Sha1: 90eb0d36e0fb465b7669b6c3b2f5ea57050e1078 2725 openjpeg2_2.3.0-1.dsc 3093a23f815e2a75d4fab2a68a572cb05c4ac75a 2074456 openjpeg2_2.3.0.orig.tar.gz 24d6b3d2ae4b31e48a253d7c4fadb2ca69c0224b 17744 openjpeg2_2.3.0-1.debian.tar.xz 161d550f5708881f1477de4ab461324a5782a26f 412488 libopenjp2-7-dbgsym_2.3.0-1_amd64.deb 5992e9ca12bd4ac1ecd83bbee9e0aed9a153f7cf 43642 libopenjp2-7-dev_2.3.0-1_amd64.deb 3429684594b2271933d40c6ed85825ca94accd54 162718 libopenjp2-7_2.3.0-1_amd64.deb 308e4dd2cb5880e6ad47dfb82134bdc0b8f417e1 344796 libopenjp2-tools-dbgsym_2.3.0-1_amd64.deb 15136a59ac8bddd3215e48515b5c470be64c8e36 100324 libopenjp2-tools_2.3.0-1_amd64.deb 9c48405da7736d579ff70ffe3e489a6b2cf3ace6 59470 libopenjp3d-tools-dbgsym_2.3.0-1_amd64.deb 17d6ae2de268b5ac64a28b1f71809f0bb5a5b864 45776 libopen
[Pkg-phototools-devel] Bug#875094: marked as done ([pfstools] Future Qt4 removal from Buster)
Your message dated Sat, 14 Oct 2017 13:49:09 + with message-id <e1e3mop-0001k6...@fasolo.debian.org> and subject line Bug#875094: fixed in pfstools 2.0.6-3 has caused the Debian Bug report #875094, regarding [pfstools] Future Qt4 removal from Buster to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 875094: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875094 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: pfstools Version: 2.0.6-2 Severity: wishlist User: debian-qt-...@lists.debian.org Usertags: qt4-removal Hi! As you might know we the Qt/KDE team are preparing to remove Qt4 as [announced] in: [announced] <https://lists.debian.org/debian-devel-announce/2017/08/msg6.html> Currently Qt4 has been dead upstream and we are starting to have problems maintaining it, like for example in the [OpenSSL 1.1 support] case. [OpenSSL 1.1 support] <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828522> In order to make this move, all packages directly or indirectly depending on the Qt4 libraries have to either get ported to Qt5 or eventually get removed from the Debian repositories. Therefore, please take the time and: - contact your upstream (if existing) and ask about the state of a Qt5 port of your application - if there are no activities regarding porting, investigate whether there are suitable alternatives for your users - if there is a Qt5 port that is not yet packaged, consider packaging it - if both the Qt4 and the Qt5 versions already coexist in the Debian archives, consider removing the Qt4 version = Porting = Some of us where involved in various Qt4 to Qt5 migrations [migration] and we know for sure that porting stuff from Qt4 to Qt5 is much much easier and less painful than it was from Qt3 to Qt4. We also understand that there is still a lot of software still using Qt4. Don't forget to take a look at the C++ API changes page [apichanges] whenever you start porting your application. [migration] http://pkg-kde.alioth.debian.org/packagingqtbasedstuff.html [apichanges] http://doc.qt.io/qt-5/sourcebreaks.html For any questions and issues, do not hesitate to contact the Debian Qt/KDE team at debian-qt-...@lists.debian.org The removal is being tracked in <https://wiki.debian.org/Qt4Removal> Lisandro, on behalf of the Qt4 maintainers --- End Message --- --- Begin Message --- Source: pfstools Source-Version: 2.0.6-3 We believe that the bug you reported is fixed in the latest version of pfstools, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 875...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Metzler <ametz...@debian.org> (supplier of updated pfstools package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 14 Oct 2017 15:16:36 +0200 Source: pfstools Binary: pfstools pfsglview pfsview pfstools-dbg libpfs-dev libpfs2 octave-pfstools pfstmo Architecture: source Version: 2.0.6-3 Distribution: experimental Urgency: low Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org> Changed-By: Andreas Metzler <ametz...@debian.org> Closes: 875094 Description: libpfs2- C++ library to read and write pfs files libpfs-dev - C++ library to read and write pfs files (development files) octave-pfstools - octave bindings for pfstools pfsglview - command line HDR manipulation programs (OpenGL/GLUT viewer) pfstmo - set of tone mapping operators pfstools - command line HDR manipulation programs pfstools-dbg - command line HDR manipulation programs (debugging symbols) pfsview- command line HDR manipulation programs (Qt viewer) Changes: pfstools (2.0.6-3) experimental; urgency=low . * Pull 30_Upgrade-to-Qt5.patch from upstream qt5-upgrade branch and update b-d for qt5 (libqt4-dev -> qtbase5-dev). Closes: #875094 * Upgrade pfsglview/pfsview recommends on pfstools to a dependency since pfstools is required for viewing EXR files. * Sync priorities with override file. Checksums-Sha1: cb63395f19958e24bf116468340a5a71a276352e 2500 pfstools_2.0.6-3.dsc 8
[Pkg-phototools-devel] Bug#873022: marked as done (libexif: CVE-2016-6328: Integer overflow in parsing MNOTE entry data of the input file)
Your message dated Sun, 08 Oct 2017 03:50:58 + with message-id <e1e12ce-000g3w...@fasolo.debian.org> and subject line Bug#873022: fixed in libexif 0.6.21-2.1 has caused the Debian Bug report #873022, regarding libexif: CVE-2016-6328: Integer overflow in parsing MNOTE entry data of the input file to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 873022: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873022 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: libexif Version: 0.6.21-2 Severity: important Tags: security patch upstream Hi, the following vulnerability was published for libexif. CVE-2016-6328[0]: |Integer overflow in parsing MNOTE entry data of the input file If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-6328 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6328 [1] http://libexif.cvs.sourceforge.net/viewvc/libexif/libexif/libexif/pentax/mnote-pentax-entry.c?r1=1.26=1.27 Regards, Salvatore --- End Message --- --- Begin Message --- Source: libexif Source-Version: 0.6.21-2.1 We believe that the bug you reported is fixed in the latest version of libexif, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 873...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hugh McMaster <hugh.mcmas...@outlook.com> (supplier of updated libexif package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 07 Oct 2017 22:42:00 +1100 Source: libexif Binary: libexif-dev libexif12 Architecture: source Version: 0.6.21-2.1 Distribution: unstable Urgency: medium Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org> Changed-By: Hugh McMaster <hugh.mcmas...@outlook.com> Description: libexif-dev - library to parse EXIF files (development files) libexif12 - library to parse EXIF files Closes: 786562 873022 876466 Changes: libexif (0.6.21-2.1) unstable; urgency=medium . * Non-maintainer upload. * debhelper update: - Update package compatibility to level 10. * debian/control: - Bump debhelper build-dep to >= 10~. - Remove dh-autoreconf from the Build-Depends list, as debhelper enables the 'autoreconf' sequence by default. - Bump Standards-Version from 3.9.5 to 4.1.1. - Use the https protocol in the Vcs-Browser field. - Update the URI referenced by the Vcs-Git field. - Mark libexif-dev Multi-Arch: same (Closes: #786562). * debian/copyright: - Update the format specification URI. - Remove references to libjpeg/* and configure.in (lintian). - Merge paragraphs referring to the same source file (lintian). * debian/patches: - Add upstream patches to fix CVE-2016-6328 and CVE-2017-7544 (thanks to Marcus Meissner) (Closes: #873022, #876466). * debian/rules: - Add 'hardening=+all' to DEB_BUILD_MAINT_OPTIONS. - Exclude doxygen md5 files from installation (lintian). - Remove '--with autoreconf' (now handled by debhelper level 10). - Fix grammatical errors in a comment. Checksums-Sha1: bcdd4112b17740fd1d6c7e43eec40b253faecbdf 2076 libexif_0.6.21-2.1.dsc 03f07c240eccd3a88ea05b77a28b239c1c02efe8 9696 libexif_0.6.21-2.1.debian.tar.xz fb91621f63b04be64703a513e451985dcf1865fe 5275 libexif_0.6.21-2.1_source.buildinfo Checksums-Sha256: 7cf7e50a2bb33a7964cca2f6c18fcfd53e123b6e5c42fd05caa6a68ed97d523e 2076 libexif_0.6.21-2.1.dsc d9aa6ebdc988f04d02984370ca3728aa3ae53c311ec67123e1dc01d589f0096c 9696 libexif_0.6.21-2.1.debian.tar.xz 56c989cbf3d6a7d2459ced9e8b472f1d2bf0317433a733f479b562f6883906f5 5275 libexif_0.6.21-2.1_source.buildinfo Files: 066b3237f1ba67ed4897d6937f16e67a 2076 libs optional libexif_0.6.21-2.1.dsc 697875458879e1c53b7426e526b5a687 9696 libs optional libexif_0.6.21-2.1.debian.tar.xz 65774aa7eb9b523eab2d16bd7fdc71d0 5275 libs optional libexif_0.6.21-2.1_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEkjZVexcMh/iCHArDweDZLphv
[Pkg-phototools-devel] Bug#786562: marked as done (libexif-dev is not Multi-Arch compatible)
Your message dated Sun, 08 Oct 2017 03:50:58 + with message-id <e1e12ce-000g3q...@fasolo.debian.org> and subject line Bug#786562: fixed in libexif 0.6.21-2.1 has caused the Debian Bug report #786562, regarding libexif-dev is not Multi-Arch compatible to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 786562: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786562 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: libexif-dev Version: 0.6.21-2 Severity: normal Dear Maintainer, The amd64 version conflicts with the i386 one which makes it impossible to install both. Fortunately the libexif.so symbolic link is provided by the libexif12 (which is not supposed to be the case). This mitigates issues if one is interested only in libexif and does not need the static library. However libgphoto2-dev depends on libexif-dev, so despite proper multiarch support in libgphoto2-dev, one cannot use it to develop 32 bit applications on a 64 bit system. In particular this impacts the Wine development team (32 bit Windows applications are still the majority so 32 bit support is important to Wine). -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (990, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libexif-dev depends on: ii libc6-dev 2.19-18 ii libexif12 0.6.21-2 ii libjs-jquery 1.7.2+dfsg-3.2 libexif-dev recommends no packages. libexif-dev suggests no packages. -- no debconf information --- End Message --- --- Begin Message --- Source: libexif Source-Version: 0.6.21-2.1 We believe that the bug you reported is fixed in the latest version of libexif, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 786...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hugh McMaster <hugh.mcmas...@outlook.com> (supplier of updated libexif package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 07 Oct 2017 22:42:00 +1100 Source: libexif Binary: libexif-dev libexif12 Architecture: source Version: 0.6.21-2.1 Distribution: unstable Urgency: medium Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org> Changed-By: Hugh McMaster <hugh.mcmas...@outlook.com> Description: libexif-dev - library to parse EXIF files (development files) libexif12 - library to parse EXIF files Closes: 786562 873022 876466 Changes: libexif (0.6.21-2.1) unstable; urgency=medium . * Non-maintainer upload. * debhelper update: - Update package compatibility to level 10. * debian/control: - Bump debhelper build-dep to >= 10~. - Remove dh-autoreconf from the Build-Depends list, as debhelper enables the 'autoreconf' sequence by default. - Bump Standards-Version from 3.9.5 to 4.1.1. - Use the https protocol in the Vcs-Browser field. - Update the URI referenced by the Vcs-Git field. - Mark libexif-dev Multi-Arch: same (Closes: #786562). * debian/copyright: - Update the format specification URI. - Remove references to libjpeg/* and configure.in (lintian). - Merge paragraphs referring to the same source file (lintian). * debian/patches: - Add upstream patches to fix CVE-2016-6328 and CVE-2017-7544 (thanks to Marcus Meissner) (Closes: #873022, #876466). * debian/rules: - Add 'hardening=+all' to DEB_BUILD_MAINT_OPTIONS. - Exclude doxygen md5 files from installation (lintian). - Remove '--with autoreconf' (now handled by debhelper level 10). - Fix grammatical errors in a comment. Checksums-Sha1: bcdd4112b17740fd1d6c7e43eec40b253faecbdf 2076 libexif_0.6.21-2.1.dsc 03f07c240eccd3a88ea05b77a28b239c1c02efe8 9696 libexif_0.6.21-2.1.debian.tar.xz fb91621f63b04be64703a513e451985dcf1865fe 5275 libexif_0.6.21-2.1_source.buildinfo Checksums-Sha256: 7cf7e50a2bb33a7964cca2f6c18fcfd53e123b6e5c
[Pkg-phototools-devel] Bug#876466: marked as done (libexif: CVE-2017-7544: Out-of-bounds heap read in exif_data_save_data_entry function)
Your message dated Sun, 08 Oct 2017 03:50:58 + with message-id <e1e12ce-000g42...@fasolo.debian.org> and subject line Bug#876466: fixed in libexif 0.6.21-2.1 has caused the Debian Bug report #876466, regarding libexif: CVE-2017-7544: Out-of-bounds heap read in exif_data_save_data_entry function to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 876466: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876466 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: libexif Version: 0.6.21-2 Severity: important Tags: security patch upstream Forwarded: https://sourceforge.net/p/libexif/bugs/130/ Hi, the following vulnerability was published for libexif. CVE-2017-7544[0]: | libexif through 0.6.21 is vulnerable to out-of-bounds heap read | vulnerability in exif_data_save_data_entry function in | libexif/exif-data.c caused by improper length computation of the | allocated data of an ExifMnote entry which can cause denial-of-service | or possibly information disclosure. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-7544 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7544 [1] https://sourceforge.net/p/libexif/bugs/130/ The attched report in the upstream bug is password protected, but there is a produced patch by Marcus Meissner in the upstream bug. Regards, Salvatore --- End Message --- --- Begin Message --- Source: libexif Source-Version: 0.6.21-2.1 We believe that the bug you reported is fixed in the latest version of libexif, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 876...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hugh McMaster <hugh.mcmas...@outlook.com> (supplier of updated libexif package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 07 Oct 2017 22:42:00 +1100 Source: libexif Binary: libexif-dev libexif12 Architecture: source Version: 0.6.21-2.1 Distribution: unstable Urgency: medium Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org> Changed-By: Hugh McMaster <hugh.mcmas...@outlook.com> Description: libexif-dev - library to parse EXIF files (development files) libexif12 - library to parse EXIF files Closes: 786562 873022 876466 Changes: libexif (0.6.21-2.1) unstable; urgency=medium . * Non-maintainer upload. * debhelper update: - Update package compatibility to level 10. * debian/control: - Bump debhelper build-dep to >= 10~. - Remove dh-autoreconf from the Build-Depends list, as debhelper enables the 'autoreconf' sequence by default. - Bump Standards-Version from 3.9.5 to 4.1.1. - Use the https protocol in the Vcs-Browser field. - Update the URI referenced by the Vcs-Git field. - Mark libexif-dev Multi-Arch: same (Closes: #786562). * debian/copyright: - Update the format specification URI. - Remove references to libjpeg/* and configure.in (lintian). - Merge paragraphs referring to the same source file (lintian). * debian/patches: - Add upstream patches to fix CVE-2016-6328 and CVE-2017-7544 (thanks to Marcus Meissner) (Closes: #873022, #876466). * debian/rules: - Add 'hardening=+all' to DEB_BUILD_MAINT_OPTIONS. - Exclude doxygen md5 files from installation (lintian). - Remove '--with autoreconf' (now handled by debhelper level 10). - Fix grammatical errors in a comment. Checksums-Sha1: bcdd4112b17740fd1d6c7e43eec40b253faecbdf 2076 libexif_0.6.21-2.1.dsc 03f07c240eccd3a88ea05b77a28b239c1c02efe8 9696 libexif_0.6.21-2.1.debian.tar.xz fb91621f63b04be64703a513e451985dcf1865fe 5275 libexif_0.6.21-2.1_source.buildinfo Checksums-Sha256: 7cf7e50a2bb33a7964cca2f6c18fcfd53e123b6e5c42fd05caa6a68ed97d523e 2076 libexif_0.6.21-2.1.dsc d9aa6ebdc988f04d02984370ca3728aa3ae53c311ec67123e1dc01d589f0096c 9696 libexif_0.6.21-2.1.debian.tar.xz 56c989cbf3d6a7d2459ced9e8b472f1d2bf0317433a733f479b562f6883906f5 5275 libe
[Pkg-phototools-devel] Bug#874729: marked as done (CVE-2017-13735: libraw: floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp)
Your message dated Fri, 06 Oct 2017 21:08:49 + with message-id <e1e0zrv-0004zm...@fasolo.debian.org> and subject line Bug#874729: fixed in libraw 0.18.5-1 has caused the Debian Bug report #874729, regarding CVE-2017-13735: libraw: floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 874729: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874729 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: libraw Version: 0.18.2-2 Severity: normal Tags: security patch upstream Forwarded: https://github.com/LibRaw/LibRaw/issues/96 There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack. https://nvd.nist.gov/vuln/detail/CVE-2017-13735 https://github.com/LibRaw/LibRaw/issues/96 https://bugzilla.redhat.com/show_bug.cgi?id=1483988 This has been fixed in upstream 0.18.3 release. Please see: https://www.libraw.org/news/libraw-0-18-3 -- Henri Salo signature.asc Description: PGP signature --- End Message --- --- Begin Message --- Source: libraw Source-Version: 0.18.5-1 We believe that the bug you reported is fixed in the latest version of libraw, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 874...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Matteo F. Vescovi <m...@debian.org> (supplier of updated libraw package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 06 Oct 2017 21:51:38 +0200 Source: libraw Binary: libraw16 libraw-bin libraw-dev libraw-doc Architecture: source Version: 0.18.5-1 Distribution: unstable Urgency: medium Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org> Changed-By: Matteo F. Vescovi <m...@debian.org> Description: libraw-bin - raw image decoder library (tools) libraw-dev - raw image decoder library (development files) libraw-doc - raw image decoder library (documentation) libraw16 - raw image decoder library Closes: 874729 Changes: libraw (0.18.5-1) unstable; urgency=medium . * New upstream release (Closes: #874729) * debian/: autotools-dev usage dropped * debian/control: S-V bump 4.0.0 -> 4.1.1 (no changes needed) Checksums-Sha1: cba03d352d7a13b49cdbdcc938b6318540657079 2334 libraw_0.18.5-1.dsc e407586eb93f08faf866715f2c2e356a7d304900 517232 libraw_0.18.5.orig.tar.gz f9b3700a1cf5ee1c4a0ee51bcffc7a41f204d769 20908 libraw_0.18.5-1.debian.tar.xz 9624aaec2cb98af3ed70f9c6496db3941399e5f0 5563 libraw_0.18.5-1_source.buildinfo Checksums-Sha256: 0fc369ad26a75ab38fc27ef315eaa8e534902b52955913f60060bf2f6da4642e 2334 libraw_0.18.5-1.dsc b2b86ff1dadb0ec36ec4d818d71113164f668e68b4e62ca19f29f452ea354840 517232 libraw_0.18.5.orig.tar.gz 9a984e398396ce0e4d2d423d392fd29d2f12e200c97a1e294b2aa6ff69a75296 20908 libraw_0.18.5-1.debian.tar.xz aa379690727f9138b3401ad76fca7d89d24d71f234595a17a09401164d2f10d1 5563 libraw_0.18.5-1_source.buildinfo Files: 243dc5c423a822454a2b3c85c36a33f6 2334 libs optional libraw_0.18.5-1.dsc 8de74a03bf30dc08a667030aaa78d0ca 517232 libs optional libraw_0.18.5.orig.tar.gz 3346d1aef30e1401f9d5c7d6783d09b9 20908 libs optional libraw_0.18.5-1.debian.tar.xz 03a5085c4f4a35f4a540c4fd65730c1f 5563 libs optional libraw_0.18.5-1_source.buildinfo -BEGIN PGP SIGNATURE- Comment: Debian powered! iQKTBAEBCgB9FiEE890J+NqH0d9QRsmbBhL0lE7NzVoFAlnX3wNfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEYz REQwOUY4REE4N0QxREY1MDQ2Qzk5QjA2MTJGNDk0NEVDRENENUEACgkQBhL0lE7N zVr6AQ//e+LCavFLNHe/KLZuNIe0zjpg65zlyznTBGngHqkzrWCO9l4IGIMk31dO 3rb9LIBkbPXwva6qXZjhF9PLOprZxSYAy0QHszkvn4xg7Ol/ajzthfbpj+bQOQNb emqjwSIdC3mgGbfj/b9NE64SVhDAANF9PXDbpwyePS5nA1O/Ch3C3hBUqmRFTNJ/ f4GihNeaSaVW71LhR7CxwleFGxQc2JHKvyFN1lw2PjHuAE/QLXcZ8cwDR75mpZ8f FHA15wo5R3Pf9miaQLqhQOyFn1NKpREitqeiuOeMSlnQ/OoczDzTpBoxBdLI7TOB TdajCOjnbVyKriMmEvD5jNvW1jXk9ErTVgKae0BkTCvGZTt2t77H3tnAZEEWlxQn 0C60uvHMtx8tVutR7I75iu2yjGS8BRVmUyDDEOer8hXt9M6GgwGfkooCHEFtFZRH WnzkxAB+pth/minoWp+SSqUxxynjMtlP8OP8N
[Pkg-phototools-devel] Bug#876535: marked as done (openjpeg2: Incoorporate lost changelogs (and possibly changes) for NMUs 2.1.2-1.1, 2.1.2-1.2 and 2.1.2-1.3)
Your message dated Tue, 03 Oct 2017 09:05:49 + with message-id <e1dzj9b-000fju...@fasolo.debian.org> and subject line Bug#876535: fixed in openjpeg2 2.2.0-2 has caused the Debian Bug report #876535, regarding openjpeg2: Incoorporate lost changelogs (and possibly changes) for NMUs 2.1.2-1.1, 2.1.2-1.2 and 2.1.2-1.3 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 876535: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876535 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: openjpeg2 Version: 2.2.0-1 Severity: normal Hi Mathieu, There was an update for openjpeg2 not incoorporating the NMU changelog for 2.1.2-1.1, 2.1.2-1.2 and 2.1.2-1.3. Please consider incorporating those again (and double check no change was lost, I guess not that all should in meanwhile be included in 2.2.0, but for #851422 I'm unsure if it was fully covered, see the respective upstream issues which only partially landed in 2.2.0). Specifically there were some CVEs addressed, which are hopefully still be fixed in 2.2.0-1, the FTBFS defintively seems so. cut-cut-cut-cut-cut-cut- diff -Nru openjpeg2-2.1.2/debian/changelog openjpeg2-2.2.0/debian/changelog --- openjpeg2-2.1.2/debian/changelog2017-08-12 15:54:38.0 +0200 +++ openjpeg2-2.2.0/debian/changelog2017-09-22 21:51:36.0 +0200 @@ -1,26 +1,13 @@ -openjpeg2 (2.1.2-1.3) unstable; urgency=medium +openjpeg2 (2.2.0-1) unstable; urgency=medium - * Fix FTFBS (Closes: #871905) + * New upstream release. Closes: #872041 + * Fix CVE-2016-9113. Closes: #844552 + * Fix CVE-2016-9114. Closes: #844553 + * Fix CVE-2016-9115. Closes: #844554 + * Fix CVE-2016-9116. Closes: #844555 + * Fix CVE-2016-9117. Closes: #844556 - -- Moritz Muehlenhoff <j...@debian.org> Sat, 12 Aug 2017 15:54:38 +0200 - -openjpeg2 (2.1.2-1.2) unstable; urgency=medium - - * Non-maintainer upload - * Fix CVE-2016-1626, CVE-2016-1628, CVE-2016-5152, CVE-2016-9112 and -CVE-2016-9118.patch - - -- Moritz Muehlenhoff <j...@debian.org> Fri, 11 Aug 2017 22:17:07 +0200 - -openjpeg2 (2.1.2-1.1) unstable; urgency=medium - - * Non-maintainer upload. - * Add CVE-2016-9572_CVE-2016-9573.patch patch. -CVE-2016-9572: NULL pointer dereference in input decoding -CVE-2016-9573: Heap out-of-bounds read due to insufficient check in -imagetopnm(). (Closes: #851422) - - -- Salvatore Bonaccorso <car...@debian.org> Sun, 22 Jan 2017 14:18:13 +0100 + -- Mathieu Malaterre <ma...@debian.org> Fri, 22 Sep 2017 21:51:36 +0200 openjpeg2 (2.1.2-1) unstable; urgency=medium cut-cut-cut-cut-cut-cut- Thanks for your time, double-checking and working on openjpeg2! Regards, Salvatore --- End Message --- --- Begin Message --- Source: openjpeg2 Source-Version: 2.2.0-2 We believe that the bug you reported is fixed in the latest version of openjpeg2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 876...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Mathieu Malaterre <ma...@debian.org> (supplier of updated openjpeg2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 03 Oct 2017 07:20:44 +0200 Source: openjpeg2 Binary: libopenjp2-7-dev libopenjp2-7 libopenjpip7 libopenjp3d7 libopenjp2-7-dbg libopenjpip-dec-server libopenjpip-viewer libopenjpip-server libopenjp3d-tools libopenjp2-tools Architecture: source Version: 2.2.0-2 Distribution: unstable Urgency: medium Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org> Changed-By: Mathieu Malaterre <ma...@debian.org> Description: libopenjp2-7 - JPEG 2000 image compression/decompression library libopenjp2-7-dbg - debug symbols for libopenjp2-7, a JPEG 2000 image library libopenjp2-7-dev - development files for OpenJPEG, a JPEG 2000 image library libopenjp2-tools - command-line tools using the JPEG 2000 library libopenjp3d-tools - command-line tools using the JPEG 2000 - 3D library libopenjp3d7 - JP3D (JPEG 2000 / Part 10) image compression/decompression
[Pkg-phototools-devel] Processed: retitle 877352 to openexr: CVE-2017-12596
Processing commands for cont...@bugs.debian.org: > retitle 877352 openexr: CVE-2017-12596 Bug #877352 [src:openexr] openexr:CVE-2017-12596 Changed Bug title to 'openexr: CVE-2017-12596' from 'openexr:CVE-2017-12596'. > thanks Stopping processing here. Please contact me if you need assistance. -- 877352: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877352 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processed: your mail
Processing commands for cont...@bugs.debian.org: > fixed 851422 2.2.0-1 Bug #851422 {Done: Salvatore Bonaccorso <car...@debian.org>} [src:openjpeg2] openjpeg2: CVE-2016-9572 CVE-2016-9573 Marked as fixed in versions openjpeg2/2.2.0-1. > End of message, stopping processing here. Please contact me if you need assistance. -- 851422: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851422 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processed: Fwd: openjpeg2 CVE mess
Processing commands for cont...@bugs.debian.org: > reopen 844552 Bug #844552 {Done: Mathieu Malaterre <ma...@debian.org>} [src:openjpeg2] openjpeg2: CVE-2016-9113 Bug reopened Ignoring request to alter fixed versions of bug #844552 to the same values previously set > reopen 844553 Bug #844553 {Done: Mathieu Malaterre <ma...@debian.org>} [src:openjpeg2] openjpeg2: CVE-2016-9114 Bug reopened Ignoring request to alter fixed versions of bug #844553 to the same values previously set > reopen 844554 Bug #844554 {Done: Mathieu Malaterre <ma...@debian.org>} [src:openjpeg2] openjpeg2: CVE-2016-9115 Bug reopened Ignoring request to alter fixed versions of bug #844554 to the same values previously set > reopen 844555 Bug #844555 {Done: Mathieu Malaterre <ma...@debian.org>} [src:openjpeg2] openjpeg2: CVE-2016-9116 Bug reopened Ignoring request to alter fixed versions of bug #844555 to the same values previously set > reopen 844556 Bug #844556 {Done: Mathieu Malaterre <ma...@debian.org>} [src:openjpeg2] openjpeg2: CVE-2016-9117 Bug reopened Ignoring request to alter fixed versions of bug #844556 to the same values previously set > End of message, stopping processing here. Please contact me if you need assistance. -- 844552: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844552 844553: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844553 844554: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844554 844555: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844555 844556: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844556 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processed: openjpeg2 CVE mess
Processing commands for cont...@bugs.debian.org: > notfixed 844552 2.2.0-1 Bug #844552 {Done: Mathieu Malaterre <ma...@debian.org>} [src:openjpeg2] openjpeg2: CVE-2016-9113 No longer marked as fixed in versions openjpeg2/2.2.0-1. > notfixed 844553 2.2.0-1 Bug #844553 {Done: Mathieu Malaterre <ma...@debian.org>} [src:openjpeg2] openjpeg2: CVE-2016-9114 No longer marked as fixed in versions openjpeg2/2.2.0-1. > notfixed 844554 2.2.0-1 Bug #844554 {Done: Mathieu Malaterre <ma...@debian.org>} [src:openjpeg2] openjpeg2: CVE-2016-9115 No longer marked as fixed in versions openjpeg2/2.2.0-1. > notfixed 844555 2.2.0-1 Bug #844555 {Done: Mathieu Malaterre <ma...@debian.org>} [src:openjpeg2] openjpeg2: CVE-2016-9116 No longer marked as fixed in versions openjpeg2/2.2.0-1. > notfixed 844556 2.2.0-1 Bug #844556 {Done: Mathieu Malaterre <ma...@debian.org>} [src:openjpeg2] openjpeg2: CVE-2016-9117 No longer marked as fixed in versions openjpeg2/2.2.0-1. > End of message, stopping processing here. Please contact me if you need assistance. -- 844552: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844552 844553: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844553 844554: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844554 844555: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844555 844556: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844556 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processed: Re: Bug#876535: openjpeg2: Incoorporate lost changelogs (and possibly changes) for NMUs 2.1.2-1.1, 2.1.2-1.2 and 2.1.2-1.3
Processing control commands: > tags -1 pending Bug #876535 [src:openjpeg2] openjpeg2: Incoorporate lost changelogs (and possibly changes) for NMUs 2.1.2-1.1, 2.1.2-1.2 and 2.1.2-1.3 Added tag(s) pending. -- 876535: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876535 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processed: found 874113 in 2.1.2-1
Processing commands for cont...@bugs.debian.org: > found 874113 2.1.2-1 Bug #874113 {Done: Salvatore Bonaccorso <car...@debian.org>} [src:openjpeg2] openjpeg2: CVE-2016-10504: Heap-based buffer over-write in in opj_mqc_byteout function of mqc.c Marked as found in versions openjpeg2/2.1.2-1. > thanks Stopping processing here. Please contact me if you need assistance. -- 874113: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874113 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processed (with 1 error): unarchiving 851422, unarchiving 844551, fixed 844551 in 2.2.0-1, unarchiving 844557 ...
Processing commands for cont...@bugs.debian.org: > unarchive 851422 > unarchive 844551 Bug #844551 {Done: Salvatore Bonaccorso <car...@debian.org>} [src:openjpeg2] openjpeg2: CVE-2016-9112 Unarchived Bug 844551 > fixed 844551 2.2.0-1 Bug #844551 {Done: Salvatore Bonaccorso <car...@debian.org>} [src:openjpeg2] openjpeg2: CVE-2016-9112 Marked as fixed in versions openjpeg2/2.2.0-1. > unarchive 844557 Bug #844557 {Done: Salvatore Bonaccorso <car...@debian.org>} [src:openjpeg2] openjpeg2: CVE-2016-9118 Unarchived Bug 844557 > fixed 844557 2.2.0-1 Bug #844557 {Done: Salvatore Bonaccorso <car...@debian.org>} [src:openjpeg2] openjpeg2: CVE-2016-9118 Marked as fixed in versions openjpeg2/2.2.0-1. > thanks Stopping processing here. Please contact me if you need assistance. -- 844551: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844551 844557: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844557 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processed: unarchiving 851422
Processing commands for cont...@bugs.debian.org: > unarchive 851422 Bug #851422 {Done: Salvatore Bonaccorso <car...@debian.org>} [src:openjpeg2] openjpeg2: CVE-2016-9572 CVE-2016-9573 Unarchived Bug 851422 > thanks Stopping processing here. Please contact me if you need assistance. -- 851422: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851422 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processed: closing 874113
Processing commands for cont...@bugs.debian.org: > close 874113 2.2.0-1 Bug #874113 [src:openjpeg2] openjpeg2: CVE-2016-10504: Heap-based buffer over-write in in opj_mqc_byteout function of mqc.c Marked as fixed in versions openjpeg2/2.2.0-1. Bug #874113 [src:openjpeg2] openjpeg2: CVE-2016-10504: Heap-based buffer over-write in in opj_mqc_byteout function of mqc.c Marked Bug as done > thanks Stopping processing here. Please contact me if you need assistance. -- 874113: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874113 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#844553: marked as done (openjpeg2: CVE-2016-9114)
Your message dated Fri, 22 Sep 2017 21:06:30 + with message-id <e1dvv9a-000crd...@fasolo.debian.org> and subject line Bug#844553: fixed in openjpeg2 2.2.0-1 has caused the Debian Bug report #844553, regarding openjpeg2: CVE-2016-9114 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 844553: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844553 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: openjpeg2 Version: 2.1.2-1 Severity: important Tags: security upstream Forwarded: https://github.com/uclouvain/openjpeg/issues/857 Hi, the following vulnerability was published for openjpeg2. CVE-2016-9114[0]: | There is a NULL Pointer Access in function imagetopnm of | convert.c:1943(jp2) of OpenJPEG 2.1.2. image-comps[compno].data is not | assigned a value after initialization(NULL). Impact is Denial of | Service. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-9114 [1] https://github.com/uclouvain/openjpeg/issues/857 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: openjpeg2 Source-Version: 2.2.0-1 We believe that the bug you reported is fixed in the latest version of openjpeg2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 844...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Mathieu Malaterre <ma...@debian.org> (supplier of updated openjpeg2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 22 Sep 2017 21:51:36 +0200 Source: openjpeg2 Binary: libopenjp2-7-dev libopenjp2-7 libopenjpip7 libopenjp3d7 libopenjp2-7-dbg libopenjpip-dec-server libopenjpip-viewer libopenjpip-server libopenjp3d-tools libopenjp2-tools Architecture: source amd64 all Version: 2.2.0-1 Distribution: unstable Urgency: medium Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org> Changed-By: Mathieu Malaterre <ma...@debian.org> Description: libopenjp2-7 - JPEG 2000 image compression/decompression library libopenjp2-7-dbg - debug symbols for libopenjp2-7, a JPEG 2000 image library libopenjp2-7-dev - development files for OpenJPEG, a JPEG 2000 image library libopenjp2-tools - command-line tools using the JPEG 2000 library libopenjp3d-tools - command-line tools using the JPEG 2000 - 3D library libopenjp3d7 - JP3D (JPEG 2000 / Part 10) image compression/decompression librar libopenjpip-dec-server - tool to allow caching of JPEG 2000 files using JPIP protocol libopenjpip-server - JPIP server for JPEG 2000 files libopenjpip-viewer - JPEG 2000 java based viewer for advanced remote JPIP access libopenjpip7 - JPEG 2000 Interactive Protocol Closes: 844552 844553 844554 844555 844556 872041 Changes: openjpeg2 (2.2.0-1) unstable; urgency=medium . * New upstream release. Closes: #872041 * Fix CVE-2016-9113. Closes: #844552 * Fix CVE-2016-9114. Closes: #844553 * Fix CVE-2016-9115. Closes: #844554 * Fix CVE-2016-9116. Closes: #844555 * Fix CVE-2016-9117. Closes: #844556 Checksums-Sha1: 97ff8dc3cbb3cb95c601bf5d94e4e61c3b431297 2786 openjpeg2_2.2.0-1.dsc 2f36b87f7d5875aea1310208fcae6193f605780a 2043867 openjpeg2_2.2.0.orig.tar.gz a33ca110a67e7757acd10c6f2d43de6d2d9d7f04 17460 openjpeg2_2.2.0-1.debian.tar.xz 459a4df4b28c241ef89adbed519cebbb9d81a050 1203632 libopenjp2-7-dbg_2.2.0-1_amd64.deb 372108cde89d84269644947a14b0d47d4e97e35e 40948 libopenjp2-7-dev_2.2.0-1_amd64.deb 7c71f1795096bd0ba59a54b7b8535017b013fad8 148514 libopenjp2-7_2.2.0-1_amd64.deb a3dd8e8201cf0c3a5968082db9732335adf9761a 96810 libopenjp2-tools_2.2.0-1_amd64.deb ca96a36b8d8a00af54db28c288f03c58e409271c 43636 libopenjp3d-tools_2.2.0-1_amd64.deb 288eca067497e902375bae89c94593d5cb7c64f0 86806 libopenjp3d7_2.2.0-1_amd64.deb 2c3f037f69de10dac89d2ead8e67208eebc7f2ff 30694 libopenjpip-dec-server_2.2.0-1_amd64.deb f999dcbe1e41a3cdbb0fadc3067e516dcc2c4e70 53096 libopenj
[Pkg-phototools-devel] Bug#844556: marked as done (openjpeg2: CVE-2016-9117)
Your message dated Fri, 22 Sep 2017 21:06:31 + with message-id <e1dvv9b-000crv...@fasolo.debian.org> and subject line Bug#844556: fixed in openjpeg2 2.2.0-1 has caused the Debian Bug report #844556, regarding openjpeg2: CVE-2016-9117 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 844556: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844556 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: openjpeg2 Version: 2.1.2-1 Severity: important Tags: security upstream Forwarded: https://github.com/uclouvain/openjpeg/issues/860 Hi, the following vulnerability was published for openjpeg2. CVE-2016-9117[0]: | NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in | OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a | crafted j2k file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-9117 [1] https://github.com/uclouvain/openjpeg/issues/860 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: openjpeg2 Source-Version: 2.2.0-1 We believe that the bug you reported is fixed in the latest version of openjpeg2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 844...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Mathieu Malaterre <ma...@debian.org> (supplier of updated openjpeg2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 22 Sep 2017 21:51:36 +0200 Source: openjpeg2 Binary: libopenjp2-7-dev libopenjp2-7 libopenjpip7 libopenjp3d7 libopenjp2-7-dbg libopenjpip-dec-server libopenjpip-viewer libopenjpip-server libopenjp3d-tools libopenjp2-tools Architecture: source amd64 all Version: 2.2.0-1 Distribution: unstable Urgency: medium Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org> Changed-By: Mathieu Malaterre <ma...@debian.org> Description: libopenjp2-7 - JPEG 2000 image compression/decompression library libopenjp2-7-dbg - debug symbols for libopenjp2-7, a JPEG 2000 image library libopenjp2-7-dev - development files for OpenJPEG, a JPEG 2000 image library libopenjp2-tools - command-line tools using the JPEG 2000 library libopenjp3d-tools - command-line tools using the JPEG 2000 - 3D library libopenjp3d7 - JP3D (JPEG 2000 / Part 10) image compression/decompression librar libopenjpip-dec-server - tool to allow caching of JPEG 2000 files using JPIP protocol libopenjpip-server - JPIP server for JPEG 2000 files libopenjpip-viewer - JPEG 2000 java based viewer for advanced remote JPIP access libopenjpip7 - JPEG 2000 Interactive Protocol Closes: 844552 844553 844554 844555 844556 872041 Changes: openjpeg2 (2.2.0-1) unstable; urgency=medium . * New upstream release. Closes: #872041 * Fix CVE-2016-9113. Closes: #844552 * Fix CVE-2016-9114. Closes: #844553 * Fix CVE-2016-9115. Closes: #844554 * Fix CVE-2016-9116. Closes: #844555 * Fix CVE-2016-9117. Closes: #844556 Checksums-Sha1: 97ff8dc3cbb3cb95c601bf5d94e4e61c3b431297 2786 openjpeg2_2.2.0-1.dsc 2f36b87f7d5875aea1310208fcae6193f605780a 2043867 openjpeg2_2.2.0.orig.tar.gz a33ca110a67e7757acd10c6f2d43de6d2d9d7f04 17460 openjpeg2_2.2.0-1.debian.tar.xz 459a4df4b28c241ef89adbed519cebbb9d81a050 1203632 libopenjp2-7-dbg_2.2.0-1_amd64.deb 372108cde89d84269644947a14b0d47d4e97e35e 40948 libopenjp2-7-dev_2.2.0-1_amd64.deb 7c71f1795096bd0ba59a54b7b8535017b013fad8 148514 libopenjp2-7_2.2.0-1_amd64.deb a3dd8e8201cf0c3a5968082db9732335adf9761a 96810 libopenjp2-tools_2.2.0-1_amd64.deb ca96a36b8d8a00af54db28c288f03c58e409271c 43636 libopenjp3d-tools_2.2.0-1_amd64.deb 288eca067497e902375bae89c94593d5cb7c64f0 86806 libopenjp3d7_2.2.0-1_amd64.deb 2c3f037f69de10dac89d2ead8e67208eebc7f2ff 30694 libopenjpip-dec-server_2.2.0-1_amd64.deb f999dcbe1e41a3cdbb0fadc3067e516dcc2c4e70 53096 libopenjpip-server_2.2.0-1_amd64.deb 936c9bd713916ab04c4ff2ee2042dab670e52aa3 47208 libope
[Pkg-phototools-devel] Bug#844554: marked as done (openjpeg2: CVE-2016-9115)
Your message dated Fri, 22 Sep 2017 21:06:31 + with message-id <e1dvv9b-000crj...@fasolo.debian.org> and subject line Bug#844554: fixed in openjpeg2 2.2.0-1 has caused the Debian Bug report #844554, regarding openjpeg2: CVE-2016-9115 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 844554: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844554 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: openjpeg2 Version: 2.1.2-1 Severity: important Tags: security upstream Forwarded: https://github.com/uclouvain/openjpeg/issues/858 Hi, the following vulnerability was published for openjpeg2. CVE-2016-9115[0]: | Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in | OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a | crafted j2k file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-9115 [1] https://github.com/uclouvain/openjpeg/issues/858 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: openjpeg2 Source-Version: 2.2.0-1 We believe that the bug you reported is fixed in the latest version of openjpeg2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 844...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Mathieu Malaterre <ma...@debian.org> (supplier of updated openjpeg2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 22 Sep 2017 21:51:36 +0200 Source: openjpeg2 Binary: libopenjp2-7-dev libopenjp2-7 libopenjpip7 libopenjp3d7 libopenjp2-7-dbg libopenjpip-dec-server libopenjpip-viewer libopenjpip-server libopenjp3d-tools libopenjp2-tools Architecture: source amd64 all Version: 2.2.0-1 Distribution: unstable Urgency: medium Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org> Changed-By: Mathieu Malaterre <ma...@debian.org> Description: libopenjp2-7 - JPEG 2000 image compression/decompression library libopenjp2-7-dbg - debug symbols for libopenjp2-7, a JPEG 2000 image library libopenjp2-7-dev - development files for OpenJPEG, a JPEG 2000 image library libopenjp2-tools - command-line tools using the JPEG 2000 library libopenjp3d-tools - command-line tools using the JPEG 2000 - 3D library libopenjp3d7 - JP3D (JPEG 2000 / Part 10) image compression/decompression librar libopenjpip-dec-server - tool to allow caching of JPEG 2000 files using JPIP protocol libopenjpip-server - JPIP server for JPEG 2000 files libopenjpip-viewer - JPEG 2000 java based viewer for advanced remote JPIP access libopenjpip7 - JPEG 2000 Interactive Protocol Closes: 844552 844553 844554 844555 844556 872041 Changes: openjpeg2 (2.2.0-1) unstable; urgency=medium . * New upstream release. Closes: #872041 * Fix CVE-2016-9113. Closes: #844552 * Fix CVE-2016-9114. Closes: #844553 * Fix CVE-2016-9115. Closes: #844554 * Fix CVE-2016-9116. Closes: #844555 * Fix CVE-2016-9117. Closes: #844556 Checksums-Sha1: 97ff8dc3cbb3cb95c601bf5d94e4e61c3b431297 2786 openjpeg2_2.2.0-1.dsc 2f36b87f7d5875aea1310208fcae6193f605780a 2043867 openjpeg2_2.2.0.orig.tar.gz a33ca110a67e7757acd10c6f2d43de6d2d9d7f04 17460 openjpeg2_2.2.0-1.debian.tar.xz 459a4df4b28c241ef89adbed519cebbb9d81a050 1203632 libopenjp2-7-dbg_2.2.0-1_amd64.deb 372108cde89d84269644947a14b0d47d4e97e35e 40948 libopenjp2-7-dev_2.2.0-1_amd64.deb 7c71f1795096bd0ba59a54b7b8535017b013fad8 148514 libopenjp2-7_2.2.0-1_amd64.deb a3dd8e8201cf0c3a5968082db9732335adf9761a 96810 libopenjp2-tools_2.2.0-1_amd64.deb ca96a36b8d8a00af54db28c288f03c58e409271c 43636 libopenjp3d-tools_2.2.0-1_amd64.deb 288eca067497e902375bae89c94593d5cb7c64f0 86806 libopenjp3d7_2.2.0-1_amd64.deb 2c3f037f69de10dac89d2ead8e67208eebc7f2ff 30694 libopenjpip-dec-server_2.2.0-1_amd64.deb f999dcbe1e41a3cdbb0fadc3067e516dcc2c4e70 53096 libopenjpip-server_2.2.0-1_amd64.deb 936c9bd713916ab04c4ff2ee2042dab670e52aa3 47208 libope
[Pkg-phototools-devel] Bug#844552: marked as done (openjpeg2: CVE-2016-9113)
Your message dated Fri, 22 Sep 2017 21:06:30 + with message-id <e1dvv9a-000crx...@fasolo.debian.org> and subject line Bug#844552: fixed in openjpeg2 2.2.0-1 has caused the Debian Bug report #844552, regarding openjpeg2: CVE-2016-9113 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 844552: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844552 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: openjpeg2 Version: 2.1.2-1 Severity: important Tags: security upstream Forwarded: https://github.com/uclouvain/openjpeg/issues/856 Hi, the following vulnerability was published for openjpeg2. CVE-2016-9113[0]: | There is a NULL pointer dereference in function imagetobmp of | convertbmp.c:980 of OpenJPEG 2.1.2. image-comps[0].data is not | assigned a value after initialization(NULL). Impact is Denial of | Service. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-9113 [1] https://github.com/uclouvain/openjpeg/issues/856 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: openjpeg2 Source-Version: 2.2.0-1 We believe that the bug you reported is fixed in the latest version of openjpeg2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 844...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Mathieu Malaterre <ma...@debian.org> (supplier of updated openjpeg2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 22 Sep 2017 21:51:36 +0200 Source: openjpeg2 Binary: libopenjp2-7-dev libopenjp2-7 libopenjpip7 libopenjp3d7 libopenjp2-7-dbg libopenjpip-dec-server libopenjpip-viewer libopenjpip-server libopenjp3d-tools libopenjp2-tools Architecture: source amd64 all Version: 2.2.0-1 Distribution: unstable Urgency: medium Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org> Changed-By: Mathieu Malaterre <ma...@debian.org> Description: libopenjp2-7 - JPEG 2000 image compression/decompression library libopenjp2-7-dbg - debug symbols for libopenjp2-7, a JPEG 2000 image library libopenjp2-7-dev - development files for OpenJPEG, a JPEG 2000 image library libopenjp2-tools - command-line tools using the JPEG 2000 library libopenjp3d-tools - command-line tools using the JPEG 2000 - 3D library libopenjp3d7 - JP3D (JPEG 2000 / Part 10) image compression/decompression librar libopenjpip-dec-server - tool to allow caching of JPEG 2000 files using JPIP protocol libopenjpip-server - JPIP server for JPEG 2000 files libopenjpip-viewer - JPEG 2000 java based viewer for advanced remote JPIP access libopenjpip7 - JPEG 2000 Interactive Protocol Closes: 844552 844553 844554 844555 844556 872041 Changes: openjpeg2 (2.2.0-1) unstable; urgency=medium . * New upstream release. Closes: #872041 * Fix CVE-2016-9113. Closes: #844552 * Fix CVE-2016-9114. Closes: #844553 * Fix CVE-2016-9115. Closes: #844554 * Fix CVE-2016-9116. Closes: #844555 * Fix CVE-2016-9117. Closes: #844556 Checksums-Sha1: 97ff8dc3cbb3cb95c601bf5d94e4e61c3b431297 2786 openjpeg2_2.2.0-1.dsc 2f36b87f7d5875aea1310208fcae6193f605780a 2043867 openjpeg2_2.2.0.orig.tar.gz a33ca110a67e7757acd10c6f2d43de6d2d9d7f04 17460 openjpeg2_2.2.0-1.debian.tar.xz 459a4df4b28c241ef89adbed519cebbb9d81a050 1203632 libopenjp2-7-dbg_2.2.0-1_amd64.deb 372108cde89d84269644947a14b0d47d4e97e35e 40948 libopenjp2-7-dev_2.2.0-1_amd64.deb 7c71f1795096bd0ba59a54b7b8535017b013fad8 148514 libopenjp2-7_2.2.0-1_amd64.deb a3dd8e8201cf0c3a5968082db9732335adf9761a 96810 libopenjp2-tools_2.2.0-1_amd64.deb ca96a36b8d8a00af54db28c288f03c58e409271c 43636 libopenjp3d-tools_2.2.0-1_amd64.deb 288eca067497e902375bae89c94593d5cb7c64f0 86806 libopenjp3d7_2.2.0-1_amd64.deb 2c3f037f69de10dac89d2ead8e67208eebc7f2ff 30694 libopenjpip-dec-server_2.2.0-1_amd64.deb f999dcbe1e41a3cdbb0fadc3067e516dcc2c4e70 53096 libopenj
[Pkg-phototools-devel] Processed: [bts-link] source package src:libraw
Processing commands for cont...@bugs.debian.org: > # > # bts-link upstream status pull for source package src:libraw > # see http://lists.debian.org/debian-devel-announce/2006/05/msg1.html > # > user bts-link-upstr...@lists.alioth.debian.org Setting user to bts-link-upstr...@lists.alioth.debian.org (was bts-link-de...@lists.alioth.debian.org). > # remote status report for #874729 (http://bugs.debian.org/874729) > # Bug title: CVE-2017-13735: libraw: floating point exception in the > kodak_radc_load_raw function in dcraw_common.cpp > # * https://github.com/LibRaw/LibRaw/issues/96 > # * remote status changed: (?) -> closed > # * closed upstream > tags 874729 + fixed-upstream Bug #874729 [src:libraw] CVE-2017-13735: libraw: floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp Added tag(s) fixed-upstream. > usertags 874729 + status-closed There were no usertags set. Usertags are now: status-closed. > thanks Stopping processing here. Please contact me if you need assistance. -- 874729: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874729 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processed: [bts-link] source package src:openjpeg2
Processing commands for cont...@bugs.debian.org: > # > # bts-link upstream status pull for source package src:openjpeg2 > # see http://lists.debian.org/debian-devel-announce/2006/05/msg1.html > # > user bts-link-upstr...@lists.alioth.debian.org Setting user to bts-link-upstr...@lists.alioth.debian.org (was bts-link-de...@lists.alioth.debian.org). > # remote status report for #874430 (http://bugs.debian.org/874430) > # Bug title: openjpeg2: CVE-2017-14151: heap-based buffer overflow in > opj_mqc_flush > # * https://github.com/uclouvain/openjpeg/issues/982 > # * remote status changed: (?) -> closed > # * closed upstream > tags 874430 + fixed-upstream Bug #874430 [src:openjpeg2] openjpeg2: CVE-2017-14151: heap-based buffer overflow in opj_mqc_flush Added tag(s) fixed-upstream. > usertags 874430 + status-closed There were no usertags set. Usertags are now: status-closed. > # remote status report for #874431 (http://bugs.debian.org/874431) > # Bug title: openjpeg2: CVE-2017-14152: heap-based buffer overflow in > opj_write_bytes_LE > # * https://github.com/uclouvain/openjpeg/issues/985 > # * remote status changed: (?) -> closed > # * closed upstream > tags 874431 + fixed-upstream Bug #874431 [src:openjpeg2] openjpeg2: CVE-2017-14152: heap-based buffer overflow in opj_write_bytes_LE Added tag(s) fixed-upstream. > usertags 874431 + status-closed There were no usertags set. Usertags are now: status-closed. > thanks Stopping processing here. Please contact me if you need assistance. -- 874430: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874430 874431: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874431 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processed: bug 875072 is forwarded to https://github.com/OpenImageIO/oiio/pull/1711, tagging 875072
Processing commands for cont...@bugs.debian.org: > forwarded 875072 https://github.com/OpenImageIO/oiio/pull/1711 Bug #875072 [src:openimageio] [openimageio] Future Qt4 removal from Buster Set Bug forwarded-to-address to 'https://github.com/OpenImageIO/oiio/pull/1711'. > tags 875072 + fixed-upstream Bug #875072 [src:openimageio] [openimageio] Future Qt4 removal from Buster Added tag(s) fixed-upstream. > thanks Stopping processing here. Please contact me if you need assistance. -- 875072: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875072 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processed: bug 875094 is forwarded to https://sourceforge.net/p/pfstools/bugs/44/
Processing commands for cont...@bugs.debian.org: > forwarded 875094 https://sourceforge.net/p/pfstools/bugs/44/ Bug #875094 [src:pfstools] [pfstools] Future Qt4 removal from Buster Set Bug forwarded-to-address to 'https://sourceforge.net/p/pfstools/bugs/44/'. > thanks Stopping processing here. Please contact me if you need assistance. -- 875094: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875094 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processed: [bts-link] source package openjpeg2
Processing commands for cont...@bugs.debian.org: > # > # bts-link upstream status pull for source package openjpeg2 > # see http://lists.debian.org/debian-devel-announce/2006/05/msg1.html > # > user bts-link-upstr...@lists.alioth.debian.org Setting user to bts-link-upstr...@lists.alioth.debian.org (was bts-link-de...@lists.alioth.debian.org). > # remote status report for #825339 (http://bugs.debian.org/825339) > # Bug title: Need public function to tell kernel type used (5x3 vs 9x7) > # * https://github.com/uclouvain/openjpeg/issues/3 > # * remote status changed: open -> closed > # * closed upstream > tags 825339 + fixed-upstream Bug #825339 [libopenjp2-7-dev] Need public function to tell kernel type used (5x3 vs 9x7) Added tag(s) fixed-upstream. > usertags 825339 - status-open Usertags were: status-open. Usertags are now: . > usertags 825339 + status-closed There were no usertags set. Usertags are now: status-closed. > thanks Stopping processing here. Please contact me if you need assistance. -- 825339: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825339 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processed: retitle 864078 to openexr: CVE-2017-9110 CVE-2017-9112 CVE-2017-9116
Processing commands for cont...@bugs.debian.org: > retitle 864078 openexr: CVE-2017-9110 CVE-2017-9112 CVE-2017-9116 Bug #864078 {Done: Markus Koschany <a...@debian.org>} [src:openexr] CVE-2017-9110 CVE-2017-9111 CVE-2017-9112 CVE-2017-9113 CVE-2017-9114 CVE-2017-9115 CVE-2017-9116 CVE-2017-9117 Changed Bug title to 'openexr: CVE-2017-9110 CVE-2017-9112 CVE-2017-9116' from 'CVE-2017-9110 CVE-2017-9111 CVE-2017-9112 CVE-2017-9113 CVE-2017-9114 CVE-2017-9115 CVE-2017-9116 CVE-2017-9117'. > thanks Stopping processing here. Please contact me if you need assistance. -- 864078: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864078 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#864078: marked as done (CVE-2017-9110 CVE-2017-9111 CVE-2017-9112 CVE-2017-9113 CVE-2017-9114 CVE-2017-9115 CVE-2017-9116 CVE-2017-9117)
Your message dated Thu, 31 Aug 2017 22:52:01 + with message-id <e1dnyjd-000gkg...@fasolo.debian.org> and subject line Bug#864078: fixed in openexr 2.2.0-11.1 has caused the Debian Bug report #864078, regarding CVE-2017-9110 CVE-2017-9111 CVE-2017-9112 CVE-2017-9113 CVE-2017-9114 CVE-2017-9115 CVE-2017-9116 CVE-2017-9117 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 864078: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864078 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: openexr Severity: grave Tags: security Please see http://www.openwall.com/lists/oss-security/2017/05/12/5 These were reported upstream at https://github.com/openexr/openexr/issues/232 Upstream fixes are linked in the github bug. Cheers, Moritz --- End Message --- --- Begin Message --- Source: openexr Source-Version: 2.2.0-11.1 We believe that the bug you reported is fixed in the latest version of openexr, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 864...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Markus Koschany <a...@debian.org> (supplier of updated openexr package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 31 Aug 2017 23:52:03 +0200 Source: openexr Binary: openexr openexr-doc libopenexr-dev libopenexr22 Architecture: source Version: 2.2.0-11.1 Distribution: unstable Urgency: high Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org> Changed-By: Markus Koschany <a...@debian.org> Description: libopenexr-dev - development files for the OpenEXR image library libopenexr22 - runtime files for the OpenEXR image library openexr- command-line tools for the OpenEXR image format openexr-doc - documentation and examples for the OpenEXR image format Closes: 864078 Changes: openexr (2.2.0-11.1) unstable; urgency=high . * Non-maintainer upload. * Fix CVE-2017-9110, CVE-2017-9112 and CVE-2017-9116. Brandon Perry discovered that openexr was affected by an integer overflow vulnerability and missing boundary checks that would allow a remote attacker to cause a denial of service (application crash) via specially crafted image files. (Closes: #864078) Checksums-Sha1: 593be276da8186200a66d17fbf48a09a2719a175 2439 openexr_2.2.0-11.1.dsc 221bfdeb51296f243601a3273e3c413bf38f3b0f 17344 openexr_2.2.0-11.1.debian.tar.xz e48088e2be4d28facdecfc754acad8240d71a452 7006 openexr_2.2.0-11.1_amd64.buildinfo Checksums-Sha256: 8d987878d616cf3c089042b2becedeb06b5d599936194ab92e5a5b44d663bf0f 2439 openexr_2.2.0-11.1.dsc d0499a25e6307dea5f985cb11a00045b7f22b71f4b86bca00b133be4acfa8a4e 17344 openexr_2.2.0-11.1.debian.tar.xz 9872fe715f8b473b6c030330b7d85dc3327e79d041f0fa3faf41cbf5474dc460 7006 openexr_2.2.0-11.1_amd64.buildinfo Files: 5523c1dfe6e72693501b9416012fda92 2439 graphics optional openexr_2.2.0-11.1.dsc 4ffdb4a4d1c0f997147e7748bc2ab35c 17344 graphics optional openexr_2.2.0-11.1.debian.tar.xz 8a3c634ed6ed896658061562de8cad48 7006 graphics optional openexr_2.2.0-11.1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlmojNJfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkD6kP/RE59KHJw8mXUHXSsEtMKVctE2vcUfKbdo5I dl1DUzUiLGV3uAR75c0/1kAYYr8xeUbFmB4kadpbTVvl6dWJk3bgN04LkB/Jp8rr r0GyzgHM3w78XXIzBnUy8fEhMVUJ7jCkJQ1s5GRNnUXpkK26Rm9KOTt4RCZGoXjg hvlWir/pE+OMhOWYssa2QQSqValeYVF5eDmtRn5MBjZWKLOgKYik/nQ3a67l91Kh suawzYkfQM5Ny3oXb53gD0C9bm0iwpHg0/xJ2tY35WPpAWQ0rVCzwKZ332RUNlyK a08xMxO+g0S2q8OqruVihwjsGwOUO13o4XQrR+n5nW3asHj+L68r3z3WM4nl33KZ fWgdge9jldZ5P/lUHSFqRLBcr+aRdeUvhao9sxymn4gzfgjZicpp3beyTtf8/0jx 9kAUvslaLpfUeWrPmINY4iEFYL7UKMZs67KFrsD75oYASiosbpPJPfvh98c3Eb9K QsBPWRUgGfWbzMDKBtvbSpmgkkOFMcG+GYF0AUoSUOzEcgcad4rbaWy9dKde9VPk vlkNq/959iDBOJgi5jHhf5oSfTOzLZ8Dcax8Fnq6I0O+doGRKsspGaFTJLUREsVh Rpu55yZMxGCm1rQW9+Mb/hFWwTqGjDshfSyRZHSTfGdHSzWx3FKuclMPXMGkaUXZ XG8nRFe2 =3DLb -END PGP SIGNATURE End Message --- __
[Pkg-phototools-devel] Bug#864183: marked as done (CVE-2017-6886 CVE-2017-6887)
Your message dated Mon, 21 Aug 2017 20:29:50 -0400 with message-id <3032593.3olfi1D1Ys@box> and subject line CVE-2017-6886 CVE-2017-6887 has caused the Debian Bug report #864183, regarding CVE-2017-6886 CVE-2017-6887 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 864183: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864183 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: libraw Severity: grave Tags: security Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6886 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6887 Cheers, Moritz --- End Message --- --- Begin Message --- Source: libraw Source-Version: 0.16.0-9+deb8u3 Fixed by https://www.debian.org/security/2017/DSA-3950 /luciano--- End Message --- ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#864183: marked as done (CVE-2017-6886 CVE-2017-6887)
Your message dated Mon, 21 Aug 2017 20:30:24 -0400 with message-id <1768204.pXOWJv7i0a@box> and subject line CVE-2017-6886 CVE-2017-6887 has caused the Debian Bug report #864183, regarding CVE-2017-6886 CVE-2017-6887 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 864183: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864183 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: libraw Severity: grave Tags: security Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6886 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6887 Cheers, Moritz --- End Message --- --- Begin Message --- Source: libraw Source-Version: 0.17.2-6+deb9u1 Fixed by https://www.debian.org/security/2017/DSA-3950 /luciano--- End Message --- ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processed: fixed 864183 in libraw/0.14.6-2+deb7u2
Processing commands for cont...@bugs.debian.org: > fixed 864183 libraw/0.14.6-2+deb7u2 Bug #864183 [src:libraw] CVE-2017-6886 CVE-2017-6887 The source libraw and version 0.14.6-2+deb7u2 do not appear to match any binary packages Marked as fixed in versions libraw/0.14.6-2+deb7u2. > thanks Stopping processing here. Please contact me if you need assistance. -- 864183: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864183 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processed: unblock 853389
Processing commands for cont...@bugs.debian.org: > unblock 853389 by 853513 Bug #853389 [src:enblend-enfuse] enblend-enfuse: ftbfs with GCC-7 853389 was blocked by: 853513 853389 was not blocking any bugs. Removed blocking bug(s) of 853389: 853513 > unblock 853447 by 853513 Bug #853447 [src:hugin] hugin: ftbfs with GCC-7 853447 was blocked by: 853513 853447 was not blocking any bugs. Removed blocking bug(s) of 853447: 853513 > affects 853513 - hugin Bug #853513 [src:libvigraimpex] libvigraimpex: BlockwiseWatershedTest not fit for gcc7 Removed indication that 853513 affects > thanks Stopping processing here. Please contact me if you need assistance. -- 853389: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853389 853447: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853447 853513: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853513 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processed: Re: Bug#853513: libvigraimpex: ftbfs with GCC-7
Processing control commands: > forwarded -1 https://github.com/ukoethe/vigra/issues/409 Bug #853513 [src:libvigraimpex] libvigraimpex: ftbfs with GCC-7 Set Bug forwarded-to-address to 'https://github.com/ukoethe/vigra/issues/409'. > block 853447 with 853513 Bug #853447 [src:hugin] hugin: ftbfs with GCC-7 853447 was blocked by: 853513 853447 was not blocking any bugs. Ignoring request to alter blocking bugs of bug #853447 to the same blocks previously set > block 853389 with 853513 Bug #853389 [src:enblend-enfuse] enblend-enfuse: ftbfs with GCC-7 853389 was not blocked by any bugs. 853389 was not blocking any bugs. Added blocking bug(s) of 853389: 853513 -- 853389: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853389 853447: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853447 853513: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853513 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processed: GCC 7 now the default in unstable: bumping the priority of the ftbfs issues
Processing commands for cont...@bugs.debian.org: > severity 853490 serious Bug #853490 [src:libdomain-publicsuffix-perl] libdomain-publicsuffix-perl: ftbfs with GCC-7 Severity set to 'serious' from 'important' > severity 853297 serious Bug #853297 [src:abinit] abinit: ftbfs with GCC-7 Severity set to 'serious' from 'important' > severity 853298 serious Bug #853298 [src:accelio] accelio: ftbfs with GCC-7 Severity set to 'serious' from 'important' > severity 853299 serious Bug #853299 [src:ace] ace: ftbfs with GCC-7 Severity set to 'serious' from 'important' > severity 853300 serious Bug #853300 [src:aff4] aff4: ftbfs with GCC-7 Severity set to 'serious' from 'important' > severity 853301 serious Bug #853301 [src:afflib] afflib: ftbfs with GCC-7 Severity set to 'serious' from 'important' > severity 853302 serious Bug #853302 [src:afnix] afnix: ftbfs with GCC-7 Severity set to 'serious' from 'important' > severity 853303 serious Bug #853303 [src:agg] agg: ftbfs with GCC-7 Bug #853720 [src:agg] agg: ftbfs of exactimage with GCC-7 Severity set to 'serious' from 'important' Severity set to 'serious' from 'important' > severity 853304 serious Bug #853304 [src:alljoyn-core-1504] alljoyn-core-1504: ftbfs with GCC-7 Severity set to 'serious' from 'important' > severity 853305 serious Bug #853305 [src:alljoyn-core-1509] alljoyn-core-1509: ftbfs with GCC-7 Severity set to 'serious' from 'important' > severity 853306 serious Bug #853306 [src:alljoyn-core-1604] alljoyn-core-1604: ftbfs with GCC-7 Severity set to 'serious' from 'important' > severity 853307 serious Bug #853307 [src:alljoyn-services-1504] alljoyn-services-1504: ftbfs with GCC-7 Severity set to 'serious' from 'important' > severity 853308 serious Bug #853308 [src:alljoyn-services-1604] alljoyn-services-1604: ftbfs with GCC-7 Severity set to 'serious' from 'important' > severity 853309 serious Bug #853309 [src:altermime] altermime: ftbfs with GCC-7 Severity set to 'serious' from 'important' > severity 853310 serious Bug #853310 [src:android-platform-build] android-platform-build: ftbfs with GCC-7 Severity set to 'serious' from 'important' > severity 853311 serious Bug #853311 [src:android-platform-frameworks-base] android-platform-frameworks-base: ftbfs with GCC-7 Severity set to 'serious' from 'important' > severity 853312 serious Bug #853312 [src:android-platform-system-core] android-platform-system-core: ftbfs with GCC-7 Severity set to 'serious' from 'important' > severity 853313 serious Bug #853313 [src:anjuta] anjuta: ftbfs with GCC-7 Severity set to 'serious' from 'important' > severity 853314 serious Bug #853314 [src:ants] ants: ftbfs with GCC-7 Severity set to 'serious' from 'important' > severity 853316 serious Bug #853316 [src:aptitude] aptitude: ftbfs with GCC-7 Severity set to 'serious' from 'important' > severity 853317 serious Bug #853317 [src:apvlv] apvlv: ftbfs with GCC-7 Severity set to 'serious' from 'important' > severity 853318 serious Bug #853318 [src:arc-gui-clients] arc-gui-clients: ftbfs with GCC-7 Severity set to 'serious' from 'important' > severity 853320 serious Bug #853320 [src:aspell] aspell: ftbfs with GCC-7 Severity set to 'serious' from 'important' > severity 853321 serious Bug #853321 [src:astyle] astyle: ftbfs with GCC-7 Severity set to 'serious' from 'important' > severity 853322 serious Bug #853322 [src:atanks] atanks: ftbfs with GCC-7 Severity set to 'serious' from 'important' > severity 853323 serious Bug #853323 [src:atlas-cpp] atlas-cpp: ftbfs with GCC-7 Severity set to 'serious' from 'important' > severity 853324 serious Bug #853324 [src:bagel] bagel: ftbfs with GCC-7 Severity set to 'serious' from 'important' > severity 853325 serious Bug #853325 [src:berusky2] berusky2: ftbfs with GCC-7 Severity set to 'serious' from 'important' > severity 853326 serious Bug #853326 [src:bind-dyndb-ldap] bind-dyndb-ldap: ftbfs with GCC-7 Severity set to 'serious' from 'important' > severity 853327 serious Bug #853327 [src:binutils-arm-none-eabi] binutils-arm-none-eabi: ftbfs with GCC-7 Severity set to 'serious' from 'important' > severity 853328 serious Bug #853328 [src:binutils-avr] binutils-avr: ftbfs with GCC-7 Severity set to 'serious' from 'important' > severity 853329 serious Bug #853329 [src:binutils-msp430] binutils-msp430: ftbfs with GCC-7 Severity set to 'serious' from 'important' > severity 853331 serious Bug #853331 [src:bitz-server] bitz-server: ftbfs with GCC-7 Severity set to 'serious' from 'important' > severity 853332 serious Bug #853332 [src:bladerf] bladerf: ftbfs with GCC-7 Severity set to 'serious' from 'important' > severity 85 serious Bug #85 [src:blitz++] blitz++: ftbfs with GCC-7 Severity set to 'serious' from 'important' > severity 853334 serious Bug #853334 [src:blktap] blktap: ftbfs with GCC-7 Severity set to 'serious' from 'important' > severity 853336 serious Bug #853336 [src:bomberclone] bomberclone: ftbfs with GCC-7 Severity set to 'serious' from 'important' > severity 853337 serious
[Pkg-phototools-devel] Processed: [bts-link] source package src:openjpeg2
Processing commands for cont...@bugs.debian.org: > # > # bts-link upstream status pull for source package src:openjpeg2 > # see http://lists.debian.org/debian-devel-announce/2006/05/msg1.html > # > user bts-link-upstr...@lists.alioth.debian.org Setting user to bts-link-upstr...@lists.alioth.debian.org (was bts-link-de...@lists.alioth.debian.org). > # remote status report for #844551 (http://bugs.debian.org/844551) > # Bug title: openjpeg2: CVE-2016-9112 > # * https://github.com/uclouvain/openjpeg/issues/855 > # * remote status changed: open -> closed > # * closed upstream > tags 844551 + fixed-upstream Bug #844551 [src:openjpeg2] openjpeg2: CVE-2016-9112 Added tag(s) fixed-upstream. > usertags 844551 - status-open Usertags were: status-open. Usertags are now: . > usertags 844551 + status-closed There were no usertags set. Usertags are now: status-closed. > # remote status report for #844557 (http://bugs.debian.org/844557) > # Bug title: openjpeg2: CVE-2016-9118 > # * https://github.com/uclouvain/openjpeg/issues/861 > # * remote status changed: open -> closed > # * closed upstream > tags 844557 + fixed-upstream Bug #844557 [src:openjpeg2] openjpeg2: CVE-2016-9118 Added tag(s) fixed-upstream. > usertags 844557 - status-open Usertags were: status-open. Usertags are now: . > usertags 844557 + status-closed There were no usertags set. Usertags are now: status-closed. > thanks Stopping processing here. Please contact me if you need assistance. -- 844551: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844551 844557: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844557 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processed: [bts-link] source package src:openjpeg2
Processing commands for cont...@bugs.debian.org: > # > # bts-link upstream status pull for source package src:openjpeg2 > # see http://lists.debian.org/debian-devel-announce/2006/05/msg1.html > # > user bts-link-upstr...@lists.alioth.debian.org Setting user to bts-link-upstr...@lists.alioth.debian.org (was bts-link-de...@lists.alioth.debian.org). > # remote status report for #826742 (http://bugs.debian.org/826742) > # Bug title: WARNING in tgt_create tree->numnodes == 0, no tree created. > # * https://github.com/uclouvain/openjpeg/issues/794 > # * remote status changed: open -> closed > # * closed upstream > tags 826742 + fixed-upstream Bug #826742 [src:openjpeg2] WARNING in tgt_create tree->numnodes == 0, no tree created. Added tag(s) fixed-upstream. > usertags 826742 - status-open Usertags were: status-open. Usertags are now: . > usertags 826742 + status-closed There were no usertags set. Usertags are now: status-closed. > thanks Stopping processing here. Please contact me if you need assistance. -- 826742: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=826742 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processed: libraw CVEs
Processing commands for cont...@bugs.debian.org: > fixed 864183 libraw/0.18.2-2 Bug #864183 [src:libraw] CVE-2017-6886 CVE-2017-6887 Marked as fixed in versions libraw/0.18.2-2. > thanks Stopping processing here. Please contact me if you need assistance. -- 864183: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864183 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#865565: marked as done (libopenimageio-dev requires libilmbase-dev but lacks dependency)
Your message dated Tue, 27 Jun 2017 22:28:08 + with message-id <e1dpyxs-0006we...@fasolo.debian.org> and subject line Bug#865862: fixed in openimageio 1.7.15~dfsg0-4 has caused the Debian Bug report #865862, regarding libopenimageio-dev requires libilmbase-dev but lacks dependency to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 865862: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865862 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: libopenimageio-dev Version: 1.7.15~dfsg0-2 Severity: grave Control: affects -1 src:opencolorio https://buildd.debian.org/status/fetch.php?pkg=opencolorio=mips=1.0.9~dfsg0-11=1498157949=0 ... In file included from /usr/include/OpenImageIO/fmath.h:64:0, from /usr/include/OpenImageIO/hash.h:51, from /usr/include/OpenImageIO/strutil.h:54, from /usr/include/OpenImageIO/ustring.h:137, from /usr/include/OpenImageIO/paramlist.h:52, from /usr/include/OpenImageIO/imageio.h:61, from /<>/src/apps/ociolutimage/main.cpp:33: /usr/include/OpenImageIO/simd.h:56:30: fatal error: OpenEXR/ImathVec.h: No such file or directory #include ^ ... --- End Message --- --- Begin Message --- Source: openimageio Source-Version: 1.7.15~dfsg0-4 We believe that the bug you reported is fixed in the latest version of openimageio, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 865...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Matteo F. Vescovi <m...@debian.org> (supplier of updated openimageio package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 27 Jun 2017 21:23:31 +0200 Source: openimageio Binary: libopenimageio1.7 libopenimageio-dev openimageio-tools python-openimageio libopenimageio-doc Architecture: source Version: 1.7.15~dfsg0-4 Distribution: unstable Urgency: medium Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org> Changed-By: Matteo F. Vescovi <m...@debian.org> Description: libopenimageio-dev - Library for reading and writing images - development libopenimageio-doc - Library for reading and writing images - documentation libopenimageio1.7 - Library for reading and writing images - runtime openimageio-tools - Library for reading and writing images - command line tools python-openimageio - Library for reading and writing images - Python bindings Closes: 865862 Changes: openimageio (1.7.15~dfsg0-4) unstable; urgency=medium . * debian/control: fix wrong place for libilmbase-dev dependency (Closes: #865862) Checksums-Sha1: 5925f55c503cd5a7e38be6ddfd7f30b81626c621 2879 openimageio_1.7.15~dfsg0-4.dsc 9782553f0ec76ec30b98b83c7e7703aabeff0c10 24516 openimageio_1.7.15~dfsg0-4.debian.tar.xz ec3a79fbe3e340b07210a440fa0184efc51e5a43 6204 openimageio_1.7.15~dfsg0-4_source.buildinfo Checksums-Sha256: d4caff694574446f54b7dbc0e174f13bd9f5abf189007761e86a85e8aaf99f48 2879 openimageio_1.7.15~dfsg0-4.dsc bde730177b14f38c1b7de4a6b03e7fac38633606182b3bd1516f20e0f8121ba9 24516 openimageio_1.7.15~dfsg0-4.debian.tar.xz d0c11561f2e285c307ab7d98de007390d8b6c94dfc546e4da23680ed78771735 6204 openimageio_1.7.15~dfsg0-4_source.buildinfo Files: 75fc5268e3f645dc0ef08afb018a2195 2879 libs optional openimageio_1.7.15~dfsg0-4.dsc 095cddd259aaf77ee1fd4d84ad7bf9be 24516 libs optional openimageio_1.7.15~dfsg0-4.debian.tar.xz 303a8fffa986b92c7e3fc8a6890c899d 6204 libs optional openimageio_1.7.15~dfsg0-4_source.buildinfo -BEGIN PGP SIGNATURE- Comment: Debian powered! iQKTBAEBCgB9FiEE890J+NqH0d9QRsmbBhL0lE7NzVoFAllSsN1fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEYz REQwOUY4REE4N0QxREY1MDQ2Qzk5QjA2MTJGNDk0NEVDRENENUEACgkQBhL0lE7N zVrh4w/8CZDwZFZgFMJcccn5GFH6McG44+6YZCrTrJ6QItiYcLotV6S+jxbRIkOV cXEi/Zz1s+8Jr2DhGniDdcb44Frw1QfznXzCGR5V7SUIyIIehOgdi1FLMc/+6JDN fSwaSdTg17PLRjke454jkLNoLzDtrsoNP2r5pSJJ41bYcKqloBTZH6Q17q9izLE1 4r1cqTHPfSGQkVBew4E7VkY61g2UooHvMfnGE4wUbVJzHbjw3QWK7VWDc1Y/1x3T T3K+rqpF9S3dx6qhbJnxGqDpWbwWADpwMy+KbluKtfE
[Pkg-phototools-devel] Bug#865862: marked as done (FTBFS: OpenEXR/ImathVec.h: No such file or directory)
Your message dated Tue, 27 Jun 2017 22:28:08 + with message-id <e1dpyxs-0006we...@fasolo.debian.org> and subject line Bug#865862: fixed in openimageio 1.7.15~dfsg0-4 has caused the Debian Bug report #865862, regarding FTBFS: OpenEXR/ImathVec.h: No such file or directory to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 865862: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865862 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: opencolorio Version: 1.0.9~dfsg0-11 Severity: serious Justification: fails to build from source (but built successfully in the past) opencolorio FTBFS on armhf, mips, mips64el and mipsel. It looks like you want to build-depend on libilmbase-dev. -- System Information: Debian Release: 9.0 APT prefers stable APT policy: (990, 'stable'), (500, 'unstable'), (500, 'oldstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) --- End Message --- --- Begin Message --- Source: openimageio Source-Version: 1.7.15~dfsg0-4 We believe that the bug you reported is fixed in the latest version of openimageio, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 865...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Matteo F. Vescovi <m...@debian.org> (supplier of updated openimageio package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 27 Jun 2017 21:23:31 +0200 Source: openimageio Binary: libopenimageio1.7 libopenimageio-dev openimageio-tools python-openimageio libopenimageio-doc Architecture: source Version: 1.7.15~dfsg0-4 Distribution: unstable Urgency: medium Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org> Changed-By: Matteo F. Vescovi <m...@debian.org> Description: libopenimageio-dev - Library for reading and writing images - development libopenimageio-doc - Library for reading and writing images - documentation libopenimageio1.7 - Library for reading and writing images - runtime openimageio-tools - Library for reading and writing images - command line tools python-openimageio - Library for reading and writing images - Python bindings Closes: 865862 Changes: openimageio (1.7.15~dfsg0-4) unstable; urgency=medium . * debian/control: fix wrong place for libilmbase-dev dependency (Closes: #865862) Checksums-Sha1: 5925f55c503cd5a7e38be6ddfd7f30b81626c621 2879 openimageio_1.7.15~dfsg0-4.dsc 9782553f0ec76ec30b98b83c7e7703aabeff0c10 24516 openimageio_1.7.15~dfsg0-4.debian.tar.xz ec3a79fbe3e340b07210a440fa0184efc51e5a43 6204 openimageio_1.7.15~dfsg0-4_source.buildinfo Checksums-Sha256: d4caff694574446f54b7dbc0e174f13bd9f5abf189007761e86a85e8aaf99f48 2879 openimageio_1.7.15~dfsg0-4.dsc bde730177b14f38c1b7de4a6b03e7fac38633606182b3bd1516f20e0f8121ba9 24516 openimageio_1.7.15~dfsg0-4.debian.tar.xz d0c11561f2e285c307ab7d98de007390d8b6c94dfc546e4da23680ed78771735 6204 openimageio_1.7.15~dfsg0-4_source.buildinfo Files: 75fc5268e3f645dc0ef08afb018a2195 2879 libs optional openimageio_1.7.15~dfsg0-4.dsc 095cddd259aaf77ee1fd4d84ad7bf9be 24516 libs optional openimageio_1.7.15~dfsg0-4.debian.tar.xz 303a8fffa986b92c7e3fc8a6890c899d 6204 libs optional openimageio_1.7.15~dfsg0-4_source.buildinfo -BEGIN PGP SIGNATURE- Comment: Debian powered! iQKTBAEBCgB9FiEE890J+NqH0d9QRsmbBhL0lE7NzVoFAllSsN1fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEYz REQwOUY4REE4N0QxREY1MDQ2Qzk5QjA2MTJGNDk0NEVDRENENUEACgkQBhL0lE7N zVrh4w/8CZDwZFZgFMJcccn5GFH6McG44+6YZCrTrJ6QItiYcLotV6S+jxbRIkOV cXEi/Zz1s+8Jr2DhGniDdcb44Frw1QfznXzCGR5V7SUIyIIehOgdi1FLMc/+6JDN fSwaSdTg17PLRjke454jkLNoLzDtrsoNP2r5pSJJ41bYcKqloBTZH6Q17q9izLE1 4r1cqTHPfSGQkVBew4E7VkY61g2UooHvMfnGE4wUbVJzHbjw3QWK7VWDc1Y/1x3T T3K+rqpF9S3dx6qhbJnxGqDpWbwWADpwMy+KbluKtfEvW9pnIm04rrIUYUI52+P1 ztFyDlK1/DI1Ima9j9zePRF4uiobLU4XNqbgc99V01OXoXHUbGVvXIpsspxml6XH 8Z+li9nPACAuMUz0u3HsgolU4Vthc/MMnJl4EV7M
[Pkg-phototools-devel] Processed: Re: Bug#865565 closed by m...@debian.org (Matteo F. Vescovi) (Bug#865565: fixed in openimageio 1.7.15~dfsg0-3)
Processing control commands: > reopen -1 Bug #865565 {Done: m...@debian.org (Matteo F. Vescovi)} [libopenimageio-dev] libopenimageio-dev requires libilmbase-dev but lacks dependency Bug #865862 {Done: m...@debian.org (Matteo F. Vescovi)} [libopenimageio-dev] FTBFS: OpenEXR/ImathVec.h: No such file or directory 'reopen' may be inappropriate when a bug has been closed with a version; all fixed versions will be cleared, and you may need to re-add them. Bug reopened No longer marked as fixed in versions openimageio/1.7.15~dfsg0-3. No longer marked as fixed in versions openimageio/1.7.15~dfsg0-3. -- 865565: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865565 865862: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865862 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#865565: marked as done (libopenimageio-dev requires libilmbase-dev but lacks dependency)
Your message dated Mon, 26 Jun 2017 15:35:12 + with message-id <e1dpw2i-000e2s...@fasolo.debian.org> and subject line Bug#865565: fixed in openimageio 1.7.15~dfsg0-3 has caused the Debian Bug report #865565, regarding libopenimageio-dev requires libilmbase-dev but lacks dependency to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 865565: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865565 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: libopenimageio-dev Version: 1.7.15~dfsg0-2 Severity: grave Control: affects -1 src:opencolorio https://buildd.debian.org/status/fetch.php?pkg=opencolorio=mips=1.0.9~dfsg0-11=1498157949=0 ... In file included from /usr/include/OpenImageIO/fmath.h:64:0, from /usr/include/OpenImageIO/hash.h:51, from /usr/include/OpenImageIO/strutil.h:54, from /usr/include/OpenImageIO/ustring.h:137, from /usr/include/OpenImageIO/paramlist.h:52, from /usr/include/OpenImageIO/imageio.h:61, from /<>/src/apps/ociolutimage/main.cpp:33: /usr/include/OpenImageIO/simd.h:56:30: fatal error: OpenEXR/ImathVec.h: No such file or directory #include ^ ... --- End Message --- --- Begin Message --- Source: openimageio Source-Version: 1.7.15~dfsg0-3 We believe that the bug you reported is fixed in the latest version of openimageio, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 865...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Matteo F. Vescovi <m...@debian.org> (supplier of updated openimageio package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 26 Jun 2017 17:09:08 +0200 Source: openimageio Binary: libopenimageio1.7 libopenimageio-dev openimageio-tools python-openimageio libopenimageio-doc Architecture: source Version: 1.7.15~dfsg0-3 Distribution: unstable Urgency: medium Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org> Changed-By: Matteo F. Vescovi <m...@debian.org> Description: libopenimageio-dev - Library for reading and writing images - development libopenimageio-doc - Library for reading and writing images - documentation libopenimageio1.7 - Library for reading and writing images - runtime openimageio-tools - Library for reading and writing images - command line tools python-openimageio - Library for reading and writing images - Python bindings Closes: 865565 Changes: openimageio (1.7.15~dfsg0-3) unstable; urgency=medium . * debian/control: libilmbase-dev b-dep added (Closes: #865565) Checksums-Sha1: df71eb4acc7b65abf96c17359326e59df6f8ae38 2895 openimageio_1.7.15~dfsg0-3.dsc f7c437b583ce0f6e9281fc46580ecf0dc3ff460b 24492 openimageio_1.7.15~dfsg0-3.debian.tar.xz 6317b65db1f648066a07684893d09a2e01db7991 6204 openimageio_1.7.15~dfsg0-3_source.buildinfo Checksums-Sha256: ac6aa8cc0f2efcb859dcad5ec938c4412070de716fbb5575fa73372848d29dfe 2895 openimageio_1.7.15~dfsg0-3.dsc 60d9d26ae5ea373a81d45da0ed895fa39b40ecd4b755741699d413b0d3d2d158 24492 openimageio_1.7.15~dfsg0-3.debian.tar.xz 46a61c9aacebf64e4624db4082c0c6f576b45365915b83a80ac020a07d77aa62 6204 openimageio_1.7.15~dfsg0-3_source.buildinfo Files: c2ee9038525e5cfd099508b2513b8fb2 2895 libs optional openimageio_1.7.15~dfsg0-3.dsc a47df2d593808fc6827aa862d529fe75 24492 libs optional openimageio_1.7.15~dfsg0-3.debian.tar.xz f893bfd558c9c662047edd6be1ff8c64 6204 libs optional openimageio_1.7.15~dfsg0-3_source.buildinfo -BEGIN PGP SIGNATURE- Comment: Debian powered! iQKTBAEBCgB9FiEE890J+NqH0d9QRsmbBhL0lE7NzVoFAllRI95fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEYz REQwOUY4REE4N0QxREY1MDQ2Qzk5QjA2MTJGNDk0NEVDRENENUEACgkQBhL0lE7N zVo7MBAAo/0Yhc2PCuLqhQTBgDNNg8TbTwn+MlrOGwR4uO3iA/MKGwzwKh6WNx0c Y4G2/HLuf1uX269qtyjiSxAsPFdoqXS9P/fkLazt3MQ3318ycLmt77h7Zd08p/1/ bzgB5JblWbCQ74v/3uTET5wAZh2Fehc7ixhoDBazCr6AcI2eRFNRwLdpg2Duvvyh 8I/hlGkGccilnp0rZDevyuyltJrOtSgpVAtnvxBF0w21OyQIX0+iBZcUcCIe78zW nUUke9mi/q3233vAHwtOshH/mKyFFwwnz3XhdLvhKKuDBzaksTKq
[Pkg-phototools-devel] Bug#549495: marked as done (hugin: Control Points tab forgets to display images)
Your message dated Sun, 25 Jun 2017 13:44:45 +0200 with message-id <20170625114445.fot3m3slma232...@argenau.bebt.de> and subject line Re: Bug#549495: hugin: Control Points tab forgets to display images has caused the Debian Bug report #549495, regarding hugin: Control Points tab forgets to display images to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 549495: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=549495 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: hugin Version: 0.8.0.dfsg-2 Severity: important Steps to reproduce: Create a panorama. Then start a new one. It loads images, does the control point autopano magic, etc, all fine. But the "Control Points" tab does no longer show the images. It shows all the usual other stuff, so you see which image has how many control points with which other, but it forgets about the display part. You have to save this new project, end hugin, start again and load it to see something there. -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.30-1-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages hugin depends on: ii enblend 3.2+dfsg-3 image blending tool ii enfuse 3.2+dfsg-3 image exposure blending tool ii hugin-tools 0.8.0.dfsg-2 CLI tools for Hugin ii libboost-thread1.39.0 1.39.0-6 portable C++ multi-threading ii libc6 2.9-25 GNU C Library: Shared libraries ii libexiv2-5 0.18.2-1+b1 EXIF/IPTC metadata manipulation li ii libgcc1 1:4.4.1-2GCC support library ii libgl1-mesa-glx [libgl1]7.5-3A free implementation of the OpenG ii libglew1.5 1.5.1-4 The OpenGL Extension Wrangler - ru ii libglu1-mesa [libglu1] 7.5-3The OpenGL utility library (GLU) ii libimage-exiftool-perl 7.30-1 Library and program to read and wr ii libpano13-1 2.9.14-1 panorama tools library ii libstdc++6 4.4.1-2 The GNU Standard C++ Library v3 ii libtiff43.8.2-13 Tag Image File Format (TIFF) libra ii libwxbase2.8-0 2.8.7.1-2wxBase library (runtime) - non-GUI ii libwxgtk2.8-0 2.8.7.1-2wxWidgets Cross-platform C++ GUI t ii make3.81-6 An utility for Directing compilati hugin recommends no packages. hugin suggests no packages. -- no debconf information -- bye, Joerg Some NM: graphviz: ouch, that license is hard to read, damn lawyer gibberish. --- End Message --- --- Begin Message --- On 2009-10-03 Joerg Jaspert <jo...@ganneff.de> wrote: > Package: hugin > Version: 0.8.0.dfsg-2 > Severity: important > Steps to reproduce: > Create a panorama. Then start a new one. It loads images, does the > control point autopano magic, etc, all fine. But the "Control Points" > tab does no longer show the images. It shows all the usual other stuff, > so you see which image has how many control points with which other, but > it forgets about the display part. > You have to save this new project, end hugin, start again and load it to > see something there. [...] I am closing this old bug-report, I have never been able to reproduce. Please re-open if you can still reproduce with current hugin. cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'--- End Message --- ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processed: tagging 864676
Processing commands for cont...@bugs.debian.org: > tags 864676 - moreinfo Bug #864676 [darktable] [darktable] Freezes when trying to operate on RAW images Removed tag(s) moreinfo. > thanks Stopping processing here. Please contact me if you need assistance. -- 864676: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864676 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processed: tag cleanup
Processing commands for cont...@bugs.debian.org: > tags 852904 - buster Bug #852904 {Done: Andreas Metzler <ametz...@debian.org>} [libp11-kit0] gnutls28: FTBFS: Test failures Bug #852227 {Done: Andreas Metzler <ametz...@debian.org>} [libp11-kit0] libp11-kit0: Temporarily block migration of 0.23.3-4 to testing Removed tag(s) buster. Removed tag(s) buster. > tags 852904 - sid Bug #852904 {Done: Andreas Metzler <ametz...@debian.org>} [libp11-kit0] gnutls28: FTBFS: Test failures Bug #852227 {Done: Andreas Metzler <ametz...@debian.org>} [libp11-kit0] libp11-kit0: Temporarily block migration of 0.23.3-4 to testing Removed tag(s) sid. Removed tag(s) sid. > archive 852904 Bug #852904 {Done: Andreas Metzler <ametz...@debian.org>} [libp11-kit0] gnutls28: FTBFS: Test failures Bug #852227 {Done: Andreas Metzler <ametz...@debian.org>} [libp11-kit0] libp11-kit0: Temporarily block migration of 0.23.3-4 to testing archived 852904 to archive/04 (from 852904) archived 852227 to archive/27 (from 852904) > tags 853401 - sid Bug #853401 {Done: Andreas Metzler <ametz...@debian.org>} [src:findutils] findutils: ftbfs with GCC-7 Removed tag(s) sid. > tags 853401 - buster Bug #853401 {Done: Andreas Metzler <ametz...@debian.org>} [src:findutils] findutils: ftbfs with GCC-7 Removed tag(s) buster. > tags 853447 - sid Bug #853447 [src:hugin] hugin: ftbfs with GCC-7 Removed tag(s) sid. > tags 853447 - buster Bug #853447 [src:hugin] hugin: ftbfs with GCC-7 Removed tag(s) buster. > End of message, stopping processing here. Please contact me if you need assistance. -- 852227: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852227 852904: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852904 853401: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853401 853447: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853447 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#831744: marked as done (darktable: Camera profile for denoise disappears)
Your message dated Thu, 08 Jun 2017 11:50:52 -0300 with message-id <87poee354j@tesseract.cs.unb.ca> and subject line Re: [Pkg-phototools-devel] Bug#831744: darktable: Camera profile for denoise disappears has caused the Debian Bug report #831744, regarding darktable: Camera profile for denoise disappears to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 831744: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831744 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: darktable Version: 2.0.5-2 Severity: important Darktable has a profiled denoise function, which applies denoising on an image based on ISO and Camera type. When I use this function, the camera profile disappears after some time. When Darktable is started, the profile is there. However, after some time, the camera specific profile disappears, and only the generic poissionian is shown. This causes very heavy noise reduction. I found issue #10340 in the darktable issue database (https://redmine.darktable.org/issues/10340) and tried the command found there: $ darktable -d control | grep noiseprofile This at first shows: > [noiseprofile] looking for maker `Sony', model `DSLR-A200' > [noiseprofile] found 11 makers > [noiseprofile] found `Sony' as `Sony' > [noiseprofile] found 36 models > [noiseprofile] found DSLR-A200 > [noiseprofile] found 6 profiles > [noiseprofile] looking for maker `Sony', model `DSLR-A200' > [noiseprofile] found 11 makers > [noiseprofile] found `Sony' as `Sony' > [noiseprofile] found 36 models > [noiseprofile] found DSLR-A200 > [noiseprofile] found 6 profiles > [noiseprofile] looking for maker `Sony', model `DSLR-A200' > [noiseprofile] found 11 makers > [noiseprofile] found `Sony' as `Sony' > [noiseprofile] found 36 models > [noiseprofile] found DSLR-A200 > [noiseprofile] found 6 profiles when these messages are printed, the noise profiles for my camera (guess what type of camera I have ;) are available in Darktable. When the profile disappears, the following is shown by the debug output: > [noiseprofile] looking for maker `Sony', model `DSLR-A200' > [noiseprofile] found 11 makers > [noiseprofile] found 11 makers > [noiseprofile] found `Sony' as `Sony' > [noiseprofile] found `Sony' as `Sony' > [noiseprofile] found 36 models > [noiseprofile] found 36 models > [noiseprofile] found DSLR-A200 > [noiseprofile] found 6 profiles > [noiseprofile] found DSLR-A200 > [noiseprofile] found 6 profiles > [noiseprofile] looking for maker `Sony', model `DSLR-A200' > > (darktable:21855): Json-CRITICAL **: json_object_ref: assertion > 'object->ref_count > 0' failed > > (darktable:21855): Json-CRITICAL **: json_object_has_member: assertion > 'object != NULL' failed > [noiseprofile] found -1 makers > [noiseprofile] looking for maker `Sony', model `DSLR-A200' > > (darktable:21855): Json-CRITICAL **: json_object_ref: assertion > 'object->ref_count > 0' failed > > (darktable:21855): Json-CRITICAL **: json_object_has_member: assertion > 'object != NULL' failed > [noiseprofile] found -1 makers > [noiseprofile] looking for maker `Sony', model `DSLR-A200' > > (darktable:21855): Json-CRITICAL **: json_object_ref: assertion > 'object->ref_count > 0' failed > > (darktable:21855): Json-CRITICAL **: json_object_has_member: assertion > 'object != NULL' failed > [noiseprofile] found -1 makers > > (darktable:21855): Json-CRITICAL **: json_object_ref: assertion > 'object->ref_count > 0' failed > [noiseprofile] looking for maker `Sony', model `DSLR-A200' > > (darktable:21855): Json-CRITICAL **: json_object_has_member: assertion > 'object != NULL' failed > [noiseprofile] found -1 makers -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (450, 'testing'), (400, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.5.0-2-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages darktable depends on: ii libatk1.0-0 2.20.0-1 ii libc6 2.22-11 ii libcairo-gobject2 1.14.6-1+b1 ii libcairo2 1.14.6-1+b1 ii libcolord-gtk10.1.26-1 ii libcolord21.3.2-1 ii libcups2 2.1.4-
[Pkg-phototools-devel] Processed: libraw
Processing commands for cont...@bugs.debian.org: > fixed 864183 libraw/0.18.2-1 Bug #864183 [src:libraw] CVE-2017-6886 CVE-2017-6887 Marked as fixed in versions libraw/0.18.2-1. > forwarded 864183 https://github.com/LibRaw/LibRaw/issues/90 Bug #864183 [src:libraw] CVE-2017-6886 CVE-2017-6887 Set Bug forwarded-to-address to 'https://github.com/LibRaw/LibRaw/issues/90'. > thanks Stopping processing here. Please contact me if you need assistance. -- 864183: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864183 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processed: Re: lepton: Upstream requires sse4.1 in Intel platform which is not available in all build machines
Processing control commands: > severity -1 serious Bug #864012 [lepton] lepton: Upstream requires sse4.1 in Intel platform which is not available in all build machines Severity set to 'serious' from 'normal' -- 864012: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864012 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processed: severity of 778916 is wishlist
Processing commands for cont...@bugs.debian.org: > severity 778916 wishlist Bug #778916 [darktable] darktable: manual focus only works in big steps on Canon EF-S 60mm 1:2.8 USM macro Severity set to 'wishlist' from 'normal' > thanks Stopping processing here. Please contact me if you need assistance. -- 778916: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778916 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel