Bug#534973: marked as done (compface: bufer overflow in xbm-file)

[Debian Bug Tracking System]

Your message dated Mon, 29 Jun 2009 17:17:04 +0000
with message-id <e1mlkty-0001qn...@ries.debian.org>
and subject line Bug#534973: fixed in libcompface 1:1.5.2-5
has caused the Debian Bug report #534973,
regarding compface: bufer overflow in xbm-file
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
534973: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534973
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Subject: compface: bufer overflow in xbm-file
Package: compface
Version: 1:1.5.2-4
Severity: grave
Justification: user security hole
Tags: security

*** Please type your report below this line ***

please note that serius bufer overflow vuln in compface:

  http://milw0rm.org/exploits/8982

-- System Information:
Debian Release: 5.0.2
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages compface depends on:
ii  libc6                         2.7-18     GNU C Library: Shared 
libraries
pi  libcompfaceg1                 1:1.5.2-4  Compress/decompress 
images for mai

compface recommends no packages.

compface suggests no packages.

-- no debconf information

--
Improve your driving ability with a stop at traffic school. Click now!
 
http://tagline.hushmail.com/fc/BLSrjkqhynuzyryeUmYRzlGlYnNeBH1StpEla6mapWGfI2Km3snlzpriJVG/

--- End Message ---

--- Begin Message ---

Source: libcompface
Source-Version: 1:1.5.2-5

We believe that the bug you reported is fixed in the latest version of
libcompface, which is due to be installed in the Debian FTP archive:

compface_1.5.2-5_amd64.deb
  to pool/main/libc/libcompface/compface_1.5.2-5_amd64.deb
libcompface_1.5.2-5.diff.gz
  to pool/main/libc/libcompface/libcompface_1.5.2-5.diff.gz
libcompface_1.5.2-5.dsc
  to pool/main/libc/libcompface/libcompface_1.5.2-5.dsc
libcompfaceg1-dev_1.5.2-5_amd64.deb
  to pool/main/libc/libcompface/libcompfaceg1-dev_1.5.2-5_amd64.deb
libcompfaceg1_1.5.2-5_amd64.deb
  to pool/main/libc/libcompface/libcompfaceg1_1.5.2-5_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 534...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Hakan Ardo <ha...@debian.org> (supplier of updated libcompface package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 29 Jun 2009 18:49:13 +0200
Source: libcompface
Binary: libcompfaceg1-dev libcompfaceg1 compface
Architecture: source amd64
Version: 1:1.5.2-5
Distribution: unstable
Urgency: high
Maintainer: Hakan Ardo <ha...@debian.org>
Changed-By: Hakan Ardo <ha...@debian.org>
Description: 
 compface   - Compress/decompress images for mailheaders, user tools
 libcompfaceg1 - Compress/decompress images for mailheaders, libc6 runtime
 libcompfaceg1-dev - Compress/decompress images for mailheaders, libc6 devel
Closes: 534973
Changes: 
 libcompface (1:1.5.2-5) unstable; urgency=high
 .
   * Fixed bufferoverflow when reading xbm files (closes: #534973)
Checksums-Sha1: 
 369aa31c692f1ee51f0a3a0bc76448e85ebff082 1004 libcompface_1.5.2-5.dsc
 185e3b16f6a2dcb54a94ec4e073dc679feb97c16 13673 libcompface_1.5.2-5.diff.gz
 732f6ff5792afff37a70bbe54db4036953ec51aa 17224 
libcompfaceg1-dev_1.5.2-5_amd64.deb
 68abcd056ad364e9b53985f32c6e10075d01d35e 14612 libcompfaceg1_1.5.2-5_amd64.deb
 cf00eaa46e42ab9be748d3ec895d3523decc186b 12714 compface_1.5.2-5_amd64.deb
Checksums-Sha256: 
 971c0eaccdc38aba0ad3229c28c89a1f5a017f546e3168054e35c057c2d94c0d 1004 
libcompface_1.5.2-5.dsc
 0587f531d09aa229618e4f648ca085a816a8d35cb4d35e216446c7462ffef733 13673 
libcompface_1.5.2-5.diff.gz
 39581d832406db25a53f44bea9f0748ae7c5f13b35557dc7ff57a5794946529b 17224 
libcompfaceg1-dev_1.5.2-5_amd64.deb
 46b501c88a05f04b04298241c9328f75b97ff8e65dd717f888b0a0da802b1898 14612 
libcompfaceg1_1.5.2-5_amd64.deb
 d0f0969fc579eae2a6f58c00a5455448750d0d811c0d48dccdc2cbc94a3c288c 12714 
compface_1.5.2-5_amd64.deb
Files: 
 3a22884201f3ad8b300df687f97b7e02 1004 mail optional libcompface_1.5.2-5.dsc
 6f47cc3d1f23b9bc92b4b0ca2b9fd7dd 13673 mail optional 
libcompface_1.5.2-5.diff.gz
 af4d209aba05272ebf87022cc5b8cafc 17224 devel optional 
libcompfaceg1-dev_1.5.2-5_amd64.deb
 562573e53011c729b16952359c53f510 14612 libs optional 
libcompfaceg1_1.5.2-5_amd64.deb
 71c81bb08ace427a7b903ac9de3b5082 12714 mail optional compface_1.5.2-5_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkpI9MEACgkQAbtddT3jfcBOfwCdE02d+q8RLb69x3dQ4CzBD1D7
54cAn0lFPWq+0pjL5IjuoN/hU/TVgSi4
=f/Kr
-----END PGP SIGNATURE-----

--- End Message ---