Bug#902196: marked as done (flif: CVE-2018-12109)

[Debian Bug Tracking System]

Your message dated Tue, 6 Aug 2019 07:06:57 +0200
with message-id <227ae243-9c22-6af2-8db3-bfa35489e...@debian.org>
and subject line Removed package(s) from experimental
has caused the Debian Bug report #902196,
regarding flif: CVE-2018-12109
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
902196: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902196
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: flif
Version: 0.3-5
Severity: important
Tags: security upstream
Forwarded: https://github.com/FLIF-hub/FLIF/issues/513

Hi,

There is one more flif CVE:

CVE-2018-12109[0]:
| An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The
| TransformPaletteC<FileIO>::process function in transform/palette_C.hpp
| allows remote attackers to cause a denial of service (heap-based buffer
| overflow and application crash) or possibly have unspecified other
| impact via a crafted PAM image file.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-12109
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12109
[1] https://github.com/FLIF-hub/FLIF/issues/513

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Version: 0.3-7+rm

Dear submitter,

as the package flif has just been removed from the Debian archive
experimental we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/933898

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)

--- End Message ---