Your message dated Mon, 10 Jan 2005 16:28:15 -0600
with message-id <[EMAIL PROTECTED]>
and subject line cleanup
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 9 Dec 2004 14:51:15 +0000
>From [EMAIL PROTECTED] Thu Dec 09 06:51:15 2004
Return-path: <[EMAIL PROTECTED]>
Received: from server.logic.univie.ac.at [131.130.190.41]
([A9k44FQn4c2h3A9CiRTKh0RzLtgc02yn])
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CcPdT-0003Lu-00; Thu, 09 Dec 2004 06:51:15 -0800
Received: from m-134-246.adsl.univie.ac.at ([131.130.134.246])
by server.logic.univie.ac.at with asmtp (Exim 4.34)
id 1CcPdL-0002au-Uy; Thu, 09 Dec 2004 15:51:13 +0100
Received: from ametzler by downhill.univie.ac.at with local (Exim 4.34)
id 1CcPdM-0002sZ-0j; Thu, 09 Dec 2004 15:51:08 +0100
Date: Thu, 9 Dec 2004 15:51:07 +0100
From: Andreas Metzler <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: imlib: Vulnerable to GLSA 200412-03?
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Reportbug-Version: 3.2
X-GPG-Fingerprint: BCF7 1345 BE42 B5B8 1A57 EE09 1D33 9C65 8B8D 7663
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
Package: imlib,imlib+png2
Severity: normal
Tags: security,patch
Hello,
---------------------
http://www.gentoo.org/security/en/glsa/glsa-200412-03.xml
Synopsis
Multiple overflows have been found in the imlib library image decoding
routines, potentially allowing execution of arbitrary code.
2. Impact Information
Background
imlib is an advanced replacement library for image manipulation libraries like
libXpm. It is called by numerous programs, including gkrellm and several window
managers, to help in displaying images.
Description
Pavel Kankovsky discovered that several overflows found in the libXpm library
(see GLSA 200409-34) also applied to imlib. He also fixed a number of other
potential flaws.
Impact
A remote attacker could entice a user to view a carefully-crafted image file,
which would potentially lead to execution of arbitrary code with the rights of
the user viewing the image. This affects any program that makes use of the
imlib library.
[...]
---------------------
Links:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=138516
https://bugzilla.fedora.us/show_bug.cgi?id=2051#c11
Patch:
http://gd.tuwien.ac.at/platform/Linux/gentoo-portage/media-libs/imlib/files/imlib-1.9.14-sec2.patch
(does apply cleanly to imlib 1.9.14-17 and imlib+png2 1.9.14-16.)
I am submitting as normal because the given exploit
(http://scary.beasts.org/misc/doom.xpm) does not work for me, and I'd
rather not use an inflated severity.
cu andreas
--
"See, I told you they'd listen to Reason," [SPOILER] Svfurlr fnlf,
fuhggvat qbja gur juveyvat tha.
Neal Stephenson in "Snow Crash"
---------------------------------------
Received: (at 285138-done) by bugs.debian.org; 10 Jan 2005 22:28:17 +0000
>From [EMAIL PROTECTED] Mon Jan 10 14:28:17 2005
Return-path: <[EMAIL PROTECTED]>
Received: from master.debian.org [146.82.138.7]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Co81J-00079E-00; Mon, 10 Jan 2005 14:28:17 -0800
Received: from ljlane by master.debian.org with local (Exim 3.35 1 (Debian))
id 1Co81H-0001R3-00; Mon, 10 Jan 2005 16:28:15 -0600
Date: Mon, 10 Jan 2005 16:28:15 -0600
From: "Laurence J. Lane" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: cleanup
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.3.28i
X-Linux-Distro: Debian GNU/Linux http://www.debian.org
Sender: Laurence Lane <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=1.0 required=4.0 tests=BAYES_01,ONEWORD,OUR_MTA_MSGID
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: *
X-CrossAssassin-Score: 2
fixed in sarge with 1.1.2-2.1
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
