Your message dated Wed, 29 Dec 2010 16:17:17 +0000
with message-id <[email protected]>
and subject line Bug#606257: fixed in xfig 1:3.2.5.b-1.1
has caused the Debian Bug report #606257,
regarding CVE-2010-4262: Buffer overflow
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
606257: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606257
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: xfig
Severity: important
Tags: security
Hi,
please see https://bugzilla.redhat.com/show_bug.cgi?id=659676 for details
and a patch. Please fix this for Squeeze.
The attack vector is fairly obscure, so we don't need a DSA for it,
you could fix it through a point update, though:
http://www.debian.org/doc/developers-reference/pkgs.html#upload-stable
Cheers,
Moritz
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
Versions of packages xfig depends on:
ii libc6 2.11.2-7 Embedded GNU C Library: Shared lib
ii libjpeg62 6b1-1 The Independent JPEG Group's JPEG
ii libpng12-0 1.2.44-1 PNG library - runtime
ii libx11-6 2:1.3.3-4 X11 client-side library
ii libxi6 2:1.3-5 X11 Input extension library
ii libxpm4 1:3.5.9-1 X11 pixmap library
ii libxt6 1:1.0.7-1 X11 toolkit intrinsics library
ii xaw3dg 1.5+E-18 Xaw3d widget set
Versions of packages xfig recommends:
pn transfig <none> (no description available)
pn xfig-libs <none> (no description available)
Versions of packages xfig suggests:
pn cupsys-client | lpr <none> (no description available)
ii ghostscript-x [gs] 8.71~dfsg2-6 The GPL Ghostscript PostScript/PDF
ii gimp 2.6.11-1 The GNU Image Manipulation Program
ii gs 8.64~dfsg-1.1 Transitional package
pn gsfonts-x11 <none> (no description available)
ii netpbm 2:10.0-12.2+b1 Graphics conversion tools between
pn spell <none> (no description available)
pn xfig-doc <none> (no description available)
--- End Message ---
--- Begin Message ---
Source: xfig
Source-Version: 1:3.2.5.b-1.1
We believe that the bug you reported is fixed in the latest version of
xfig, which is due to be installed in the Debian FTP archive:
xfig-doc_3.2.5.b-1.1_all.deb
to main/x/xfig/xfig-doc_3.2.5.b-1.1_all.deb
xfig-libs_3.2.5.b-1.1_all.deb
to main/x/xfig/xfig-libs_3.2.5.b-1.1_all.deb
xfig_3.2.5.b-1.1.diff.gz
to main/x/xfig/xfig_3.2.5.b-1.1.diff.gz
xfig_3.2.5.b-1.1.dsc
to main/x/xfig/xfig_3.2.5.b-1.1.dsc
xfig_3.2.5.b-1.1_i386.deb
to main/x/xfig/xfig_3.2.5.b-1.1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Giuseppe Iuculano <[email protected]> (supplier of updated xfig package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 29 Dec 2010 16:50:04 +0100
Source: xfig
Binary: xfig xfig-doc xfig-libs
Architecture: source all i386
Version: 1:3.2.5.b-1.1
Distribution: unstable
Urgency: high
Maintainer: Roland Rosenfeld <[email protected]>
Changed-By: Giuseppe Iuculano <[email protected]>
Description:
xfig - Facility for Interactive Generation of figures under X11
xfig-doc - XFig on-line documentation and examples
xfig-libs - XFig image libraries and examples
Closes: 606257
Changes:
xfig (1:3.2.5.b-1.1) unstable; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fixed CVE-2010-4262: Stack-based buffer overflow by processing certain FIG
images (Closes: #606257)
Checksums-Sha1:
4ac02fcafa1311e6172e263668fdf57a3bd9ded7 1161 xfig_3.2.5.b-1.1.dsc
f0d19399584b5e6a914fd7d1f92945a394bd425e 48728 xfig_3.2.5.b-1.1.diff.gz
2ed55fc84ffcfa6643b3724a532d00444c2202ef 3435242 xfig-doc_3.2.5.b-1.1_all.deb
4a79ac269f8dafcad699b977a2f04f5e9d9067d1 1752754 xfig-libs_3.2.5.b-1.1_all.deb
eec420e70bf0e25625f5583245ba03011656272d 643376 xfig_3.2.5.b-1.1_i386.deb
Checksums-Sha256:
4fa74ab32c91d8356e4c7997ee69c3dcd864aeda30c44d9fa099a57fd6510513 1161
xfig_3.2.5.b-1.1.dsc
5f2d7db923cfc88ea13971b01abad09f3cb1aeac42ef6cc99501f982fb13d8f6 48728
xfig_3.2.5.b-1.1.diff.gz
151109866000fd867836422c9f47a2354b36ea540a1b4fe7eda3cd592f9b6f22 3435242
xfig-doc_3.2.5.b-1.1_all.deb
957f2a76c276a669e700c25b97d46db33c8291d748e065d9bc572befb3dcc609 1752754
xfig-libs_3.2.5.b-1.1_all.deb
2d44a0d47ecb4e2d8636cda25bd4ce760cb7e4b6bc187621c3762e0f8f45463b 643376
xfig_3.2.5.b-1.1_i386.deb
Files:
4feaad14a93211c4d5719fc3f43458e6 1161 graphics optional xfig_3.2.5.b-1.1.dsc
72d04f0adaac6623538cfb4ad07f97e3 48728 graphics optional
xfig_3.2.5.b-1.1.diff.gz
b97163d3b8d2f60bd21ab8efbda2fd36 3435242 doc optional
xfig-doc_3.2.5.b-1.1_all.deb
1d044702064998d699e4837341fb7e5e 1752754 graphics optional
xfig-libs_3.2.5.b-1.1_all.deb
a98836898b7a04a01ee60a017d2c4aaa 643376 graphics optional
xfig_3.2.5.b-1.1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk0bWsYACgkQNxpp46476apt0ACfTAi29UB9CIfF0KozT6Fh31I1
zXEAn2tclqsEChPla7+TmS6yFlr5CAzS
=rSij
-----END PGP SIGNATURE-----
--- End Message ---
