Your message dated Mon, 11 May 2020 23:33:50 +0000
with message-id <[email protected]>
and subject line Bug#960192: fixed in imlib2 1.6.1-2
has caused the Debian Bug report #960192,
regarding imlib2: CVE-2020-12761
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
960192: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960192
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: imlib2
Version: 1.6.1-1
Severity: important
Tags: security upstream
Hi,
The following vulnerability was published for imlib2.
CVE-2020-12761[0]:
| modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow
| (with resultant invalid memory allocations and out-of-bounds reads)
| via an icon with many colors in its color map.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-12761
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12761
[1]
https://git.enlightenment.org/legacy/imlib2.git/commit/?id=c95f938ff1effaf91729c050a0f1c8684da4
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: imlib2
Source-Version: 1.6.1-2
Done: Markus Koschany <[email protected]>
We believe that the bug you reported is fixed in the latest version of
imlib2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Markus Koschany <[email protected]> (supplier of updated imlib2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 12 May 2020 01:14:46 +0200
Source: imlib2
Architecture: source
Version: 1.6.1-2
Distribution: unstable
Urgency: medium
Maintainer: Markus Koschany <[email protected]>
Changed-By: Markus Koschany <[email protected]>
Closes: 960192
Changes:
imlib2 (1.6.1-2) unstable; urgency=medium
.
* Declare compliance with Debian Policy 4.5.0.
* Switch to debhelper-compat = 13.
* Fix CVE-2020-12761.
Integer overflow when an ICO file contains many colors in its color map.
Thanks to Salvatore Bonaccorso for the report and Tobias Stoeckmann for the
patch. (Closes: #960192)
Checksums-Sha1:
bd50b23bcd632bfb8980cc03118842d8514d04c3 2259 imlib2_1.6.1-2.dsc
cd2473048d7c5f7d68ed2fc800db82d178ae8ed7 11524 imlib2_1.6.1-2.debian.tar.xz
663042442a1c0f1e784d142b22df0d60cee3bf31 7702 imlib2_1.6.1-2_amd64.buildinfo
Checksums-Sha256:
a92ea5d81de4a25028dc6e402399159e5c71a854bd93852e55178765b2c1f5fd 2259
imlib2_1.6.1-2.dsc
f9f4b18be11e5848531003c34e30d1910d59ad3d998619b33ec16c46ed08ea89 11524
imlib2_1.6.1-2.debian.tar.xz
2bae0eea5bde8aa53fd3c6e1c4b246186eff1f087df8d49b76fc29a6fba21b60 7702
imlib2_1.6.1-2_amd64.buildinfo
Files:
166c2276e15af7460601ccc7cc447bac 2259 libs optional imlib2_1.6.1-2.dsc
94a36db46f516bae491530c0338353bc 11524 libs optional
imlib2_1.6.1-2.debian.tar.xz
d30f1d2fbacf905d9acd48d6022dde5f 7702 libs optional
imlib2_1.6.1-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl653UpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hkzk4P/3TYPyB872DaeRBPpGlfzFTDjqtlRWtXKqrW
BPFAVTxVGL1kWWXzbRwrq80bRgi5OFSMeyHgJIn7qpgHMOXJTSXuT2Oi1bXHnlxE
MP0t1wzIcT4JVU2q8wHJZMeE9+pSnGylGfWIPkcFF+TrlBY15nDw9jX9XCPUOZal
1HYTKN3RY3I7p0/8xGkb6FNqu262Y147zMOcqUni3cTW2guqoV206VdvCaJrCaPX
ZyApQBrffKWtD7P9SNkO3KMKNtIhxzLoUcarXwtRnjs0wvdilQjPseN1dfkpTYVS
2eUYH3RJGxzUJ1qB3YJAsFPprS3lBHbZ01Rg6bS06qjuCRUEQoPrCrKZU2n8RTVt
xNLlQ5lXZYEuyczUEeNwNKLAx6esEF0+vby4q3YUX7HsWK3ToxcHFRtHZ/hUJn3U
HElqEdO+EXjpf9fei9eEVjM1IQ8KpECcYvMp2Mi88RyWzrYObQ8uLkHHxpfT2uln
Lwj7PBaNDGA+twAJPhNjlU3Z9eGeV6YIlm7RqaFAQm1dN8/JHKJCl6RH5WgX0W+N
6J3s4/lFfTXIbRUViYfwNUF+pUtD3Rj4DCK4AE//sJd2idODmPgi2kPs84BS7PPs
2SRIkJu5a4l9DI8r8873R83GNoVZVPYRyqNDDfUM2B0hKk2to4VnWdY6PRWyfUSc
u2s98wv3
=H61/
-----END PGP SIGNATURE-----
--- End Message ---
