Bug#829062: marked as done (libgd2: CVE-2016-6128: Invalid color index is not properly handled leading to denial of service)

Sat, 16 Jul 2016 15:07:20 -0700 

Your message dated Sat, 16 Jul 2016 22:02:47 +0000
with message-id <[email protected]>
and subject line Bug#829062: fixed in libgd2 2.1.0-5+deb8u4
has caused the Debian Bug report #829062,
regarding libgd2: CVE-2016-6128: Invalid color index is not properly handled 
leading to denial of service
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
829062: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=829062
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: libgd2
Version: 2.1.0-5
Severity: important
Tags: security upstream patch fixed-upstream

Hi,

the following vulnerability was published for libgd2.

CVE-2016-6128[0]:
Invalid color index is not properly handled leading to denial of service

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-6128
[1] https://github.com/libgd/libgd/compare/3fe0a71...6ff72ae

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: libgd2
Source-Version: 2.1.0-5+deb8u4

We believe that the bug you reported is fixed in the latest version of
libgd2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ondřej Surý <[email protected]> (supplier of updated libgd2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 15 Jul 2016 15:02:40 +0200
Source: libgd2
Binary: libgd-tools libgd-dev libgd3 libgd-dbg libgd2-xpm-dev libgd2-noxpm-dev
Architecture: source amd64
Version: 2.1.0-5+deb8u4
Distribution: jessie-security
Urgency: high
Maintainer: GD team <[email protected]>
Changed-By: Ondřej Surý <[email protected]>
Description:
 libgd-dbg  - Debug symbols for GD Graphics Library
 libgd-dev  - GD Graphics Library (development version)
 libgd-tools - GD command line tools and example code
 libgd2-noxpm-dev - GD Graphics Library (transitional package)
 libgd2-xpm-dev - GD Graphics Library (transitional package)
 libgd3     - GD Graphics Library
Closes: 829014 829062 829694
Changes:
 libgd2 (2.1.0-5+deb8u4) jessie-security; urgency=high
 .
   * [CVE-2016-5766]: Fix Integer Overflow in _gd2GetHeader() resulting in
     heap overflow (Closes: #829014)
   * [CVE-2016-6128]: Fix invalid color index not handled, can lead to
     crash (Closes: #829062)
   * [CVE-2016-6161]: Add upstream patch to fix gif: avoid out-of-bound
     reads of masks array
   * [CVE-2016-6132]: Fix out-of-bounds read in the parsing of TGA files
     (Closes: #829694)
   * [CVE-2016-6214]: Fix read out-of-bands was found in TGA
   * [CVE-to-be-assigned]: Fix another out-of-bounds read in read_image_tga
     (upstream #248)
   * [CVE-2016-5116]: Fix xbm: avoid stack overflow (read) with large names
Checksums-Sha1:
 ecd2566d277b728d92a2eade015a6eeb44652be2 2467 libgd2_2.1.0-5+deb8u4.dsc
 31370d2bdc6b334791363958d00042676ed18c1e 42188 
libgd2_2.1.0-5+deb8u4.debian.tar.xz
 c612d05bec4d776dc251abbcd1fa4171b2db3980 42170 
libgd-tools_2.1.0-5+deb8u4_amd64.deb
 694fddad0afeca74252a7fa96e303469623e8a57 285990 
libgd-dev_2.1.0-5+deb8u4_amd64.deb
 cf5c751405d7ef91c0660b10661ac6e44f591650 147158 libgd3_2.1.0-5+deb8u4_amd64.deb
 da96ddec0407ea5ee86f2b2d48ae77590c46b32b 312798 
libgd-dbg_2.1.0-5+deb8u4_amd64.deb
 3907816e7b17db029304207345db05a26ab62311 1226 
libgd2-xpm-dev_2.1.0-5+deb8u4_amd64.deb
 c54558be2a2fb692c3721066c0d5ae2fdaff9bfe 1234 
libgd2-noxpm-dev_2.1.0-5+deb8u4_amd64.deb
Checksums-Sha256:
 36f4108f39a7c0f94c3c6f7e82ded7fd97107a2ba562de53746e2cab3dfd149e 2467 
libgd2_2.1.0-5+deb8u4.dsc
 02d1970ea4764cea15586f5f9663cbfb20694f985f8bd50927912d481f1d61cc 42188 
libgd2_2.1.0-5+deb8u4.debian.tar.xz
 6f3d26ee2f2b3d4dbdef2e3c016ea8d961b4b2a8f11c9cb92fa5c9310fb7d3a6 42170 
libgd-tools_2.1.0-5+deb8u4_amd64.deb
 1a828e6d07c861f1664509f9b69c1cb976fa6500a32f44b042ecd7e3756c983a 285990 
libgd-dev_2.1.0-5+deb8u4_amd64.deb
 81c79acdb6280b5581f362e093447bb45b00b2cb12e08a2732a49f7ff98ecb4e 147158 
libgd3_2.1.0-5+deb8u4_amd64.deb
 ef6ad931e8cb4202914e916e0ddb8752c64092adae56d6fd84badb3f3385ab09 312798 
libgd-dbg_2.1.0-5+deb8u4_amd64.deb
 bdca1fb09a060f6855760cd8a61141b8c0edbb366f46935fae6c3798e04610c3 1226 
libgd2-xpm-dev_2.1.0-5+deb8u4_amd64.deb
 0d88e7dbe42220e4136b5cb72813a8b1538c2fb28d5f467268185f3893408cc9 1234 
libgd2-noxpm-dev_2.1.0-5+deb8u4_amd64.deb
Files:
 7406b8daef1a4a32288fb1917245e62b 2467 graphics optional 
libgd2_2.1.0-5+deb8u4.dsc
 3f98fe92e5546e149a64c8c3a6cb175e 42188 graphics optional 
libgd2_2.1.0-5+deb8u4.debian.tar.xz
 170f217cf2e9cc0c07c6303874565cec 42170 graphics optional 
libgd-tools_2.1.0-5+deb8u4_amd64.deb
 480e518a04dbdf1675f35bf83901e104 285990 libdevel optional 
libgd-dev_2.1.0-5+deb8u4_amd64.deb
 f3dc95517656c2ecb67811d1c5cf0f27 147158 libs optional 
libgd3_2.1.0-5+deb8u4_amd64.deb
 449b6edc19c751a319c66671239d96ac 312798 debug extra 
libgd-dbg_2.1.0-5+deb8u4_amd64.deb
 7cbc6eaf10cf3847c139baa6887b0644 1226 oldlibs extra 
libgd2-xpm-dev_2.1.0-5+deb8u4_amd64.deb
 e530298ac8fc56048d092f1aa1c67f2d 1234 oldlibs extra 
libgd2-noxpm-dev_2.1.0-5+deb8u4_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQJ8BAEBCgBmBQJXiOAoXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzMEI5MzNEODBGQ0UzRDk4MUEyRDM4RkIw
Qzk5QjcwRUY0RkNCQjA3AAoJEAyZtw70/LsHMKIP/01h981oZSck38eG1cSfGUnf
lIfC+JCADXSdEGP2lf0iVDnLteRDaopB7wCMUM1GbVrwxDOz4rsZxwC6pxz89iuv
/ht0SPzxaSKpz0SQ5UEi/tOno2aDFfgFW9G8Cp/la96ipcMGYzcpUqyB+TXliL5G
iAa6J7msxesgQ+4IUNrnLE+gqLyPEgP3Wga171lDf5AGd0BF+wD+I6oG4dBbW2VI
TTHM3qi69SsNFPB7GQx88n0ZHJaukmPLmRq1LOB4mvv1R6qlxTzNvaO4K6mkzcCi
il7MMEN7RKcoTCSRO4useHZy2q1oViZdcnU9d56iqDeirokaNK07wF562M1/lqzb
ovXUcjh4MiILTA3alx0Z70Vmtv11ROamHPQApjiD5PbFnj1mCjiNYfrjRtKmCIQL
dv7x0nsUerGVJxqmyuhLVah5zMIPQafQMwqSSm0BLDscgtkeVUxpTUn06wVFReJi
0znG53cztxdDN09+ULGie2JyLp3egOjM+ZK3w0sjhMUuCZ7Dm2ZZ4eKrGOVCJ2I6
6ZbitGLOgUfWdEEpuyqduHlfgutQg8EySFEh81T9ZV9iW00XMne+H89BTsFNkpFB
zWD7zy7Wcb+8llyQuH4U1zp0z5M8A7/y+IYmSbffaHI8mDDr0XsAzpKzXAbi7rtZ
b9TOaT/yuTI3m8hnoTOY
=gJe0
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to