Your message dated Tue, 19 Apr 2005 19:02:40 -0400
with message-id <[EMAIL PROTECTED]>
and subject line Bug#305068: fixed in gocr 0.39-5
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 17 Apr 2005 18:41:44 +0000
>From [EMAIL PROTECTED] Sun Apr 17 11:41:44 2005
Return-path: <[EMAIL PROTECTED]>
Received: from inutil.org (vserver151.vserver151.serverflex.de)
[193.22.164.111]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DNEiG-0001FU-00; Sun, 17 Apr 2005 11:41:44 -0700
Received: from p54894f93.dip.t-dialin.net ([84.137.79.147]
helo=localhost.localdomain)
by vserver151.vserver151.serverflex.de with esmtpsa
(TLS-1.0:RSA_AES_256_CBC_SHA:32)
(Exim 4.50)
id 1DNEiE-00024M-FJ
for [EMAIL PROTECTED]; Sun, 17 Apr 2005 20:41:42 +0200
Received: from jmm by localhost.localdomain with local (Exim 4.50)
id 1DNEiA-0001dv-Co; Sun, 17 Apr 2005 20:41:38 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: Integer and heap overflow in gocr
X-Mailer: reportbug 3.9
Date: Sun, 17 Apr 2005 20:41:37 +0200
Message-Id: <[EMAIL PROTECTED]>
X-SA-Exim-Connect-IP: 84.137.79.147
X-SA-Exim-Mail-From: [EMAIL PROTECTED]
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond
expanded to false
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: gocr
Severity: grave
Tags: security
Justification: user security hole
Two security vulnerabilities have been reported on gocr that may be
exploited to execute arbitrary code. For full details please have a
look at http://www.overflow.pl/adv/gocr.txt
Cheers,
Moritz
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
---------------------------------------
Received: (at 305068-close) by bugs.debian.org; 19 Apr 2005 23:10:08 +0000
>From [EMAIL PROTECTED] Tue Apr 19 16:10:08 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DO1r5-0007Ka-00; Tue, 19 Apr 2005 16:10:08 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1DO1js-0004jk-00; Tue, 19 Apr 2005 19:02:40 -0400
From: Cosimo Alfarano <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#305068: fixed in gocr 0.39-5
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Tue, 19 Apr 2005 19:02:40 -0400
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Source: gocr
Source-Version: 0.39-5
We believe that the bug you reported is fixed in the latest version of
gocr, which is due to be installed in the Debian FTP archive:
gocr-doc_0.39-5_all.deb
to pool/main/g/gocr/gocr-doc_0.39-5_all.deb
gocr-gtk_0.39-5_i386.deb
to pool/main/g/gocr/gocr-gtk_0.39-5_i386.deb
gocr-tk_0.39-5_i386.deb
to pool/main/g/gocr/gocr-tk_0.39-5_i386.deb
gocr_0.39-5.diff.gz
to pool/main/g/gocr/gocr_0.39-5.diff.gz
gocr_0.39-5.dsc
to pool/main/g/gocr/gocr_0.39-5.dsc
gocr_0.39-5_i386.deb
to pool/main/g/gocr/gocr_0.39-5_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Cosimo Alfarano <[EMAIL PROTECTED]> (supplier of updated gocr package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 20 Apr 2005 00:12:48 +0200
Source: gocr
Binary: gocr-tk gocr-doc gocr-gtk gocr
Architecture: source i386 all
Version: 0.39-5
Distribution: unstable
Urgency: high
Maintainer: Cosimo Alfarano <[EMAIL PROTECTED]>
Changed-By: Cosimo Alfarano <[EMAIL PROTECTED]>
Description:
gocr - A command line OCR
gocr-doc - gocr documentation
gocr-gtk - A GTK wrapper around gocr
gocr-tk - A tcl/tk wrapper around gocr
Closes: 305068
Changes:
gocr (0.39-5) unstable; urgency=high
.
* security fix for http://www.overflow.pl/adv/gocr.txt
Closes: #305068
* copied src/pnm.c from 0.40 and patched gocr.c
according to upstream, it's the best way to backport the fix from 0.40
Files:
87ecee488d19faf94bec4d85496fdc79 660 graphics optional gocr_0.39-5.dsc
bcfb9cd4dfe9d539ddcf0ac145e5fcfd 10570 graphics optional gocr_0.39-5.diff.gz
11073d7ff955ffd9d3812fac1e815dec 13684 doc optional gocr-doc_0.39-5_all.deb
3e11884d80d06716ce92726513724010 306308 graphics optional gocr_0.39-5_i386.deb
5781d332f6768d19818849bb2c13242a 9674 graphics optional gocr-tk_0.39-5_i386.deb
995756c2d84b7fed8e49f5ed78025c26 12282 graphics optional
gocr-gtk_0.39-5_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCZYXT5DsVPMtGficRAn7uAJ9cif2MHpLjuMTFqFxBuXEU5edzfwCdHYOo
6i7HtmfAIdvQ5d5dff8J5KM=
=uFO1
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
