Your message dated Mon, 2 Mar 2020 14:42:38 +0100
with message-id <[email protected]>
and subject line [[email protected]: Re: CVE-2018-7587 and
CVE-2019-13568]
has caused the Debian Bug report #940951,
regarding cimg: CVE-2018-7587
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
940951: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940951
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: cimg
Severity: important
Tags: security
Please see these links for details and patches:
https://security-tracker.debian.org/tracker/CVE-2018-7641
https://security-tracker.debian.org/tracker/CVE-2018-7640
https://security-tracker.debian.org/tracker/CVE-2018-7639
https://security-tracker.debian.org/tracker/CVE-2018-7638
https://security-tracker.debian.org/tracker/CVE-2018-7637
https://security-tracker.debian.org/tracker/CVE-2018-7589
https://security-tracker.debian.org/tracker/CVE-2018-7588
And then there's
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7587
where the upstream isn't clear, it would be great if you
could clarify with upstream on the status.
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
----- Forwarded message from Tschumperle David <[email protected]>
-----
Date: Mon, 2 Mar 2020 13:18:11 +0100 (CET)
From: Tschumperle David <[email protected]>
To: Andreas Tille <[email protected]>
Subject: Re: CVE-2018-7587 and CVE-2019-13568
Hello Andreas,
I think I've fixed these bugs indeed, a few months ago.
Regards,
David.
PS : I'm sorry but I don't write Changelog for CImg anymore. Not that I don't
maintain it, but it write my changes directly in the Changelog of the G'MIC
project.
-----------------------------------------------------------------------------
David Tschumperlé
CNRS Researcher
GREYC (UMR-CNRS 6072) E-mail: [email protected]
6, Bd du Marechal Juin Tel: +33 (0)2-31-45-29-25
F-14050 CAEN Cedex Fax: +33 (0)2-31-45-26-98
France https://tschumperle.users.greyc.fr/
-----------------------------------------------------------------------------
----- Original Message -----
From: "Andreas Tille" <[email protected]>
To: [email protected], [email protected], "David Tschumperlé"
<[email protected]>
Sent: Monday, March 2, 2020 12:51:04 PM
Subject: CVE-2018-7587 and CVE-2019-13568
Control: tags -1 upstream
Control: forwarded -1 David Tschumperlé <[email protected]>
Hi David,
there are two bug reports about CVE related bugs against the Debian
package of an older version of cimg (which was not updated since some
time :-( - also shame on me but I have quite a number of packages in
Debian Med thus Debian Science has only lower preference).
Would you mind having a lock at
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940951
and
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940952
and confirm whether the current version has dealt with these bug
reports. If yes it would be helpful if you would mention these fixes in
some kind of changelog in cimg.
Kind regards
Andreas.
--
http://fam-tille.de
----- End forwarded message -----
--
http://fam-tille.de
--- End Message ---
