Your message dated Tue, 19 Apr 2005 19:02:40 -0400 with message-id <[EMAIL PROTECTED]> and subject line Bug#305068: fixed in gocr 0.39-5 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 17 Apr 2005 18:41:44 +0000 >From [EMAIL PROTECTED] Sun Apr 17 11:41:44 2005 Return-path: <[EMAIL PROTECTED]> Received: from inutil.org (vserver151.vserver151.serverflex.de) [193.22.164.111] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1DNEiG-0001FU-00; Sun, 17 Apr 2005 11:41:44 -0700 Received: from p54894f93.dip.t-dialin.net ([84.137.79.147] helo=localhost.localdomain) by vserver151.vserver151.serverflex.de with esmtpsa (TLS-1.0:RSA_AES_256_CBC_SHA:32) (Exim 4.50) id 1DNEiE-00024M-FJ for [EMAIL PROTECTED]; Sun, 17 Apr 2005 20:41:42 +0200 Received: from jmm by localhost.localdomain with local (Exim 4.50) id 1DNEiA-0001dv-Co; Sun, 17 Apr 2005 20:41:38 +0200 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Moritz Muehlenhoff <[EMAIL PROTECTED]> To: Debian Bug Tracking System <[EMAIL PROTECTED]> Subject: Integer and heap overflow in gocr X-Mailer: reportbug 3.9 Date: Sun, 17 Apr 2005 20:41:37 +0200 Message-Id: <[EMAIL PROTECTED]> X-SA-Exim-Connect-IP: 84.137.79.147 X-SA-Exim-Mail-From: [EMAIL PROTECTED] X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond expanded to false Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Package: gocr Severity: grave Tags: security Justification: user security hole Two security vulnerabilities have been reported on gocr that may be exploited to execute arbitrary code. For full details please have a look at http://www.overflow.pl/adv/gocr.txt Cheers, Moritz -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.11 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) --------------------------------------- Received: (at 305068-close) by bugs.debian.org; 19 Apr 2005 23:10:08 +0000 >From [EMAIL PROTECTED] Tue Apr 19 16:10:08 2005 Return-path: <[EMAIL PROTECTED]> Received: from newraff.debian.org [208.185.25.31] (mail) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1DO1r5-0007Ka-00; Tue, 19 Apr 2005 16:10:08 -0700 Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian)) id 1DO1js-0004jk-00; Tue, 19 Apr 2005 19:02:40 -0400 From: Cosimo Alfarano <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] X-Katie: $Revision: 1.55 $ Subject: Bug#305068: fixed in gocr 0.39-5 Message-Id: <[EMAIL PROTECTED]> Sender: Archive Administrator <[EMAIL PROTECTED]> Date: Tue, 19 Apr 2005 19:02:40 -0400 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Source: gocr Source-Version: 0.39-5 We believe that the bug you reported is fixed in the latest version of gocr, which is due to be installed in the Debian FTP archive: gocr-doc_0.39-5_all.deb to pool/main/g/gocr/gocr-doc_0.39-5_all.deb gocr-gtk_0.39-5_i386.deb to pool/main/g/gocr/gocr-gtk_0.39-5_i386.deb gocr-tk_0.39-5_i386.deb to pool/main/g/gocr/gocr-tk_0.39-5_i386.deb gocr_0.39-5.diff.gz to pool/main/g/gocr/gocr_0.39-5.diff.gz gocr_0.39-5.dsc to pool/main/g/gocr/gocr_0.39-5.dsc gocr_0.39-5_i386.deb to pool/main/g/gocr/gocr_0.39-5_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Cosimo Alfarano <[EMAIL PROTECTED]> (supplier of updated gocr package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Wed, 20 Apr 2005 00:12:48 +0200 Source: gocr Binary: gocr-tk gocr-doc gocr-gtk gocr Architecture: source i386 all Version: 0.39-5 Distribution: unstable Urgency: high Maintainer: Cosimo Alfarano <[EMAIL PROTECTED]> Changed-By: Cosimo Alfarano <[EMAIL PROTECTED]> Description: gocr - A command line OCR gocr-doc - gocr documentation gocr-gtk - A GTK wrapper around gocr gocr-tk - A tcl/tk wrapper around gocr Closes: 305068 Changes: gocr (0.39-5) unstable; urgency=high . * security fix for http://www.overflow.pl/adv/gocr.txt Closes: #305068 * copied src/pnm.c from 0.40 and patched gocr.c according to upstream, it's the best way to backport the fix from 0.40 Files: 87ecee488d19faf94bec4d85496fdc79 660 graphics optional gocr_0.39-5.dsc bcfb9cd4dfe9d539ddcf0ac145e5fcfd 10570 graphics optional gocr_0.39-5.diff.gz 11073d7ff955ffd9d3812fac1e815dec 13684 doc optional gocr-doc_0.39-5_all.deb 3e11884d80d06716ce92726513724010 306308 graphics optional gocr_0.39-5_i386.deb 5781d332f6768d19818849bb2c13242a 9674 graphics optional gocr-tk_0.39-5_i386.deb 995756c2d84b7fed8e49f5ed78025c26 12282 graphics optional gocr-gtk_0.39-5_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFCZYXT5DsVPMtGficRAn7uAJ9cif2MHpLjuMTFqFxBuXEU5edzfwCdHYOo 6i7HtmfAIdvQ5d5dff8J5KM= =uFO1 -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]