Your message dated Tue, 29 Oct 2013 21:17:14 +0000
with message-id <[email protected]>
and subject line Bug#721339: fixed in darktable 1.0.4-1+deb7u2
has caused the Debian Bug report #721339,
regarding CVE-2013-1439: darktable: multiple vulnerabilities
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
721339: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721339
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libraw
Severity: important
Tags: security
Control: clone -1 -2 -3
Control: retitle -1 CVE-2013-1438: libraw: multiple vulnerabilities
Control: retitle -2 CVE-2013-1438: darktable: multiple vulnerabilities
Control: reassign -2 darktable
Control: retitle -3 CVE-2013-1438: libkdcraw: multiple vulnerabilities
Control: reassign -3 libkdcraw
Hi,
In addition to the vulnerabilities mentioned in my other bug report, I
found a few other that are all covered by the CVE-2013-1439 id.
Please refer to the following page for the details:
http://www.openwall.com/lists/oss-security/2013/08/29/3
Please include the CVE id when fixing these vulnerabilities and
consider fixing them in old/stable via a {O,}SPU by following standard
procedures for stable release updates.
Thanks in advance.
Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
--- End Message ---
--- Begin Message ---
Source: darktable
Source-Version: 1.0.4-1+deb7u2
We believe that the bug you reported is fixed in the latest version of
darktable, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
David Bremner <[email protected]> (supplier of updated darktable package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 16 Oct 2013 19:42:55 -0300
Source: darktable
Binary: darktable darktable-dbg
Architecture: source amd64
Version: 1.0.4-1+deb7u2
Distribution: wheezy
Urgency: low
Maintainer: Debian PhotoTools Maintainers
<[email protected]>
Changed-By: David Bremner <[email protected]>
Description:
darktable - virtual lighttable and darkroom for photographers
darktable-dbg - virtual lighttable and darkroom for photographers
Closes: 721233 721339
Changes:
darktable (1.0.4-1+deb7u2) wheezy; urgency=low
.
* Port libraw commit c4e374ea. This one commit is a fix for two bugs.
- CVE-2013-1438 (Closes: #721233).
- CVE-2013-1439 (Closes: #721339).
Checksums-Sha1:
8e0dddf9c919c790a1ac2fd2904cb2714e1098d0 2220 darktable_1.0.4-1+deb7u2.dsc
9f2dc6c28eb6abe92c468e8d329782214b127bd6 11996
darktable_1.0.4-1+deb7u2.debian.tar.gz
9d1297bcaba5c0de3feab656e111f5006fda2997 2127224
darktable_1.0.4-1+deb7u2_amd64.deb
f749c2c8ad10b23ddaeb3a2bee740cdc79131943 5317086
darktable-dbg_1.0.4-1+deb7u2_amd64.deb
Checksums-Sha256:
792c9074df4357b1ae460fce49138bdce030636657bc240ac0d7695c296eb9db 2220
darktable_1.0.4-1+deb7u2.dsc
4dccb2702fbe2b6e96f60f62c55faa9acb3abce9b22b983f2283b066b4292f17 11996
darktable_1.0.4-1+deb7u2.debian.tar.gz
0cd5f754eed5caec03bcfdf019c3925ce64a86bb0d4c560f13090ab9067b3aa1 2127224
darktable_1.0.4-1+deb7u2_amd64.deb
06c3e6c411afb51fdf145e0f9b0cf2e455fb945f7aa12de1239f0d546b1029ab 5317086
darktable-dbg_1.0.4-1+deb7u2_amd64.deb
Files:
6a56d10b136e4f7c0f13c383fe620a1a 2220 graphics optional
darktable_1.0.4-1+deb7u2.dsc
674c23d98aa2ced7cafc438304928cc8 11996 graphics optional
darktable_1.0.4-1+deb7u2.debian.tar.gz
9101f0eda6aa4b7552c28e0e5b992bf6 2127224 graphics optional
darktable_1.0.4-1+deb7u2_amd64.deb
44d52cbca917390a6a0c307aa5388520 5317086 debug extra
darktable-dbg_1.0.4-1+deb7u2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
iQGcBAEBCAAGBQJSaQB3AAoJEPIClx2kp54sxVwL/jvz0AoZghsJzWWInzUR/TwC
Lyd4RTqn+fXm2q4QJEvHGzLOgkD/fvs+IdexNKbSxY6bWB/ecWX3h7n/0u1tlqEv
JYJwThM4WotoTqdbvY6kFNzCT0wwMW5UXaChC1Nl0OlzdWzZaIADgBJP3ZunIbmi
hEeXGuLroMpL2lejYnQ9Tt3PClgCEI3UUaGeuMPktXZs8g+JBI6vejO1k7l0359y
1ZJOIP1CRD/yLvXmTqw+JbLbfA1+w6sxN6YofS7mkRyjBy3FWv7uzhwbRsAa9zvQ
1ChcXp5GVpLzj6juaaFHRDpZmd0lpAL6K7l/gsRZa7gijGGLq/Tk9V+MUsLNbBUb
trRYZhuK61FNayXsaxMU+UM1JwWooWMZmfXu5+PkxQAiYHqVndEDPeuiki1+NSeD
A2yNyBbqUbAFd0FJpP+5xMwImHa/6uU9V1e2iHSZezss8K2PnMrInAwQo4Yr1MT0
SaFH5U8phZqDtSSPOYd4WpHC6QVxYH4er6aENjw37w==
=4DlM
-----END PGP SIGNATURE-----
--- End Message ---
