Your message dated Thu, 17 Dec 2009 01:03:23 +0000
with message-id <[email protected]>
and subject line Bug#537174: fixed in wxwidgets2.8 2.8.7.1-1.1+lenny1
has caused the Debian Bug report #537174,
regarding CVE-2009-2369: Integer overflow in the wxImage::Create function
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
537174: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=537174
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: wxwidgets2.8
Severity: grave
Tags: security patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for wxwidgets2.8.
CVE-2009-2369[0]:
| Integer overflow in the wxImage::Create function in
| src/common/image.cpp in wxWidgets 2.8.10 allows attackers to cause a
| denial of service (crash) and possibly execute arbitrary code via a
| crafted JPEG file, which triggers a heap-based buffer overflow. NOTE:
| the provenance of this information is unknown; the details are
| obtained solely from third party information.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2369
http://security-tracker.debian.net/tracker/CVE-2009-2369
Patch:
http://trac.wxwidgets.org/changeset/60875
http://trac.wxwidgets.org/changeset/60876
http://trac.wxwidgets.org/changeset/60897
Cheers,
Giuseppe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkpeI6IACgkQNxpp46476ao5awCgjQl+5bM8qo94jOMVtWpZyGAK
5toAnjAKmNUXAkPypElmQY1l0q30hFZ3
=Comj
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: wxwidgets2.8
Source-Version: 2.8.7.1-1.1+lenny1
We believe that the bug you reported is fixed in the latest version of
wxwidgets2.8, which is due to be installed in the Debian FTP archive:
libwxbase2.8-0_2.8.7.1-1.1+lenny1_i386.deb
to main/w/wxwidgets2.8/libwxbase2.8-0_2.8.7.1-1.1+lenny1_i386.deb
libwxbase2.8-dbg_2.8.7.1-1.1+lenny1_i386.deb
to main/w/wxwidgets2.8/libwxbase2.8-dbg_2.8.7.1-1.1+lenny1_i386.deb
libwxbase2.8-dev_2.8.7.1-1.1+lenny1_i386.deb
to main/w/wxwidgets2.8/libwxbase2.8-dev_2.8.7.1-1.1+lenny1_i386.deb
libwxgtk2.8-0_2.8.7.1-1.1+lenny1_i386.deb
to main/w/wxwidgets2.8/libwxgtk2.8-0_2.8.7.1-1.1+lenny1_i386.deb
libwxgtk2.8-dbg_2.8.7.1-1.1+lenny1_i386.deb
to main/w/wxwidgets2.8/libwxgtk2.8-dbg_2.8.7.1-1.1+lenny1_i386.deb
libwxgtk2.8-dev_2.8.7.1-1.1+lenny1_i386.deb
to main/w/wxwidgets2.8/libwxgtk2.8-dev_2.8.7.1-1.1+lenny1_i386.deb
python-wxgtk2.8-dbg_2.8.7.1-1.1+lenny1_i386.deb
to main/w/wxwidgets2.8/python-wxgtk2.8-dbg_2.8.7.1-1.1+lenny1_i386.deb
python-wxgtk2.8_2.8.7.1-1.1+lenny1_i386.deb
to main/w/wxwidgets2.8/python-wxgtk2.8_2.8.7.1-1.1+lenny1_i386.deb
wx2.8-doc_2.8.7.1-1.1+lenny1_all.deb
to main/w/wxwidgets2.8/wx2.8-doc_2.8.7.1-1.1+lenny1_all.deb
wx2.8-examples_2.8.7.1-1.1+lenny1_all.deb
to main/w/wxwidgets2.8/wx2.8-examples_2.8.7.1-1.1+lenny1_all.deb
wx2.8-headers_2.8.7.1-1.1+lenny1_i386.deb
to main/w/wxwidgets2.8/wx2.8-headers_2.8.7.1-1.1+lenny1_i386.deb
wx2.8-i18n_2.8.7.1-1.1+lenny1_all.deb
to main/w/wxwidgets2.8/wx2.8-i18n_2.8.7.1-1.1+lenny1_all.deb
wxwidgets2.8_2.8.7.1-1.1+lenny1.diff.gz
to main/w/wxwidgets2.8/wxwidgets2.8_2.8.7.1-1.1+lenny1.diff.gz
wxwidgets2.8_2.8.7.1-1.1+lenny1.dsc
to main/w/wxwidgets2.8/wxwidgets2.8_2.8.7.1-1.1+lenny1.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Giuseppe Iuculano <[email protected]> (supplier of updated wxwidgets2.8
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 17 Sep 2009 12:00:32 +0200
Source: wxwidgets2.8
Binary: libwxbase2.8-0 libwxbase2.8-dev libwxbase2.8-dbg libwxgtk2.8-0
libwxgtk2.8-dev libwxgtk2.8-dbg python-wxgtk2.8 python-wxgtk2.8-dbg
python-wxversion python-wxaddons python-wxtools wx-common wx2.8-headers
wx2.8-i18n wx2.8-doc wx2.8-examples libwxmsw2.8-dev libwxmsw2.8-dbg
wx2.8-headers-msw
Architecture: source i386 all
Version: 2.8.7.1-1.1+lenny1
Distribution: stable-security
Urgency: high
Maintainer: Adeodato Simó <[email protected]>
Changed-By: Giuseppe Iuculano <[email protected]>
Description:
libwxbase2.8-0 - wxBase library (runtime) - non-GUI support classes of
wxWidgets t
libwxbase2.8-dbg - wxBase library (debug) - non-GUI support classes of
wxWidgets too
libwxbase2.8-dev - wxBase library (development) - non-GUI support classes of
wxWidge
libwxgtk2.8-0 - wxWidgets Cross-platform C++ GUI toolkit (GTK+ runtime)
libwxgtk2.8-dbg - wxWidgets Cross-platform C++ GUI toolkit (GTK+ development)
libwxgtk2.8-dev - wxWidgets Cross-platform C++ GUI toolkit (GTK+ development)
libwxmsw2.8-dbg - wxMSW mingw32msvc-cross (debug)
libwxmsw2.8-dev - wxMSW mingw32msvc-cross
python-wxaddons - wxWidgets Cross-platform C++ GUI toolkit (wxPython add-on
package
python-wxgtk2.8 - wxWidgets Cross-platform C++ GUI toolkit (wxPython binding)
python-wxgtk2.8-dbg - wxWidgets Cross-platform C++ GUI toolkit (wxPython
binding, debug
python-wxtools - wxWidgets Cross-platform C++ GUI toolkit (wxPython common
files)
python-wxversion - wxWidgets Cross-platform C++ GUI toolkit (wxPython version
select
wx-common - wxWidgets Cross-platform C++ GUI toolkit (common support files)
wx2.8-doc - wxWidgets Cross-platform C++ GUI toolkit (documentation)
wx2.8-examples - wxWidgets Cross-platform C++ GUI toolkit (examples)
wx2.8-headers - wxWidgets Cross-platform C++ GUI toolkit (header files)
wx2.8-headers-msw - Extra wxWidgets headers for mingw32msvc-cross
wx2.8-i18n - wxWidgets Cross-platform C++ GUI toolkit (i18n support)
Closes: 537174
Changes:
wxwidgets2.8 (2.8.7.1-1.1+lenny1) stable-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* debian/patches/CVE-2009-2369.dpatch: Fixed Integer overflow in the
wxImage::Create function (CVE-2009-2369) (Closes: #537174)
Checksums-Sha1:
a84d8ebc488452aa241baa948c67b50c80b47f06 1797
wxwidgets2.8_2.8.7.1-1.1+lenny1.dsc
2e570316b3b201fdef68dc9fa6cc8bec16f5883d 34856152
wxwidgets2.8_2.8.7.1.orig.tar.gz
aa5aa468b64364700000f7b1e80e4d611321dda1 40476
wxwidgets2.8_2.8.7.1-1.1+lenny1.diff.gz
39cb32270ddc746db9b992ef885a79c926f2fe34 676722
libwxbase2.8-0_2.8.7.1-1.1+lenny1_i386.deb
bb0216edabd353eceeefb0ca9105c96e5df922b8 91594
libwxbase2.8-dev_2.8.7.1-1.1+lenny1_i386.deb
95c61805242c4b028cbd79611215fb4b5ac05dc4 3737246
libwxbase2.8-dbg_2.8.7.1-1.1+lenny1_i386.deb
1e3838679c77487398cddd9f901ff9cb8745aa8e 3415336
libwxgtk2.8-0_2.8.7.1-1.1+lenny1_i386.deb
b1cbb73a0c6bdc478c5fa05f1dcbe73ced16f9df 91842
libwxgtk2.8-dev_2.8.7.1-1.1+lenny1_i386.deb
2420e46294ce10d8533cfb86c79e31b9873a3e80 24102752
libwxgtk2.8-dbg_2.8.7.1-1.1+lenny1_i386.deb
69b86713f87b1012de8b95139b698284962170db 9444950
python-wxgtk2.8_2.8.7.1-1.1+lenny1_i386.deb
7baff47376c87a14ec48c726879b1dd2f1bfe6f8 34725574
python-wxgtk2.8-dbg_2.8.7.1-1.1+lenny1_i386.deb
b83605187bf02758be7f8e173e2818d735f0d4da 1099970
wx2.8-headers_2.8.7.1-1.1+lenny1_i386.deb
f2ca3597067567ca7ec6779304763be77bbb458b 779384
wx2.8-i18n_2.8.7.1-1.1+lenny1_all.deb
feb4356db25b525b80dbfe255654fb506a543d16 2077546
wx2.8-doc_2.8.7.1-1.1+lenny1_all.deb
b3c6cc74775ad9dc0c912d365dd894b820540b98 6606152
wx2.8-examples_2.8.7.1-1.1+lenny1_all.deb
Checksums-Sha256:
3299b91f0daae0751cec4c73e3f9ca498369153034169613b214a355b98796ec 1797
wxwidgets2.8_2.8.7.1-1.1+lenny1.dsc
55bd199ce9f37cc562ed5c9c76982575e27f5a087529f9d3455e53a194b9e8e6 34856152
wxwidgets2.8_2.8.7.1.orig.tar.gz
725042d6c880c804edcd9b91f1878af1abf748f2e478e4eb95529ab73684d13c 40476
wxwidgets2.8_2.8.7.1-1.1+lenny1.diff.gz
c9063fa3c1aca9bb9809df21ffe15c8893b4a9b1e20d0325f5f88a19887d2c4c 676722
libwxbase2.8-0_2.8.7.1-1.1+lenny1_i386.deb
1d7b7b04b970701affa8e9030dd02f58c3ce04f2303d8ce7c790a00902583ad3 91594
libwxbase2.8-dev_2.8.7.1-1.1+lenny1_i386.deb
a581bd78974e68527096ffd324ab9c370e6b239c01d446e21267d2d9906715bc 3737246
libwxbase2.8-dbg_2.8.7.1-1.1+lenny1_i386.deb
8eda5836bc68831e57d9d95c8dfc09b7a4e9309c03d2205d49b9239aa3fe58a6 3415336
libwxgtk2.8-0_2.8.7.1-1.1+lenny1_i386.deb
33516a89c673bb07c798a9e370b1a0a4213b8ff7130350d4d79d45d3f3d23fb8 91842
libwxgtk2.8-dev_2.8.7.1-1.1+lenny1_i386.deb
035c2423efae39e4030a52fb62f8e71ff5ba508f47e2813be6ee5442b5c23f97 24102752
libwxgtk2.8-dbg_2.8.7.1-1.1+lenny1_i386.deb
410513c920b3f6c7f34b73d0499e339867a3588af42888d43d0f323cb8fafdf5 9444950
python-wxgtk2.8_2.8.7.1-1.1+lenny1_i386.deb
892a322c102e35a3496f41210dd083bef66639d5eaf5914239d9c034a9b70bd1 34725574
python-wxgtk2.8-dbg_2.8.7.1-1.1+lenny1_i386.deb
e01ac6464d3a91159e537d1e1c9759691b444856cd276ce6c4f510621a679e56 1099970
wx2.8-headers_2.8.7.1-1.1+lenny1_i386.deb
8e4717ad8720052f1f55f3fc6f1b399f36c932f046948a15199aadcc1d4a00d4 779384
wx2.8-i18n_2.8.7.1-1.1+lenny1_all.deb
135aaad1211cfd9bffe0016111332bae7ce7b163d84e4de18ceaab73f0f18911 2077546
wx2.8-doc_2.8.7.1-1.1+lenny1_all.deb
804550947b710bf9989b3c338133097278fe0e6eed3a788204bf07d9e73667f5 6606152
wx2.8-examples_2.8.7.1-1.1+lenny1_all.deb
Files:
33a581cfe33271a4b4106f6e8ec83da4 1797 libs optional
wxwidgets2.8_2.8.7.1-1.1+lenny1.dsc
f75d2be063c2f2d180085b98e7775ecb 34856152 libs optional
wxwidgets2.8_2.8.7.1.orig.tar.gz
7175110c4231ee1ae2df920f545af50d 40476 libs optional
wxwidgets2.8_2.8.7.1-1.1+lenny1.diff.gz
0eef10c25ea193e9a94301415cd3e9af 676722 libs optional
libwxbase2.8-0_2.8.7.1-1.1+lenny1_i386.deb
3d41fd327034fdd337391219203a503c 91594 libdevel optional
libwxbase2.8-dev_2.8.7.1-1.1+lenny1_i386.deb
79505c13aec6e91491407e1b337b370a 3737246 libdevel extra
libwxbase2.8-dbg_2.8.7.1-1.1+lenny1_i386.deb
4b0d9c0da7012b54fc3009740a2b8df5 3415336 libs optional
libwxgtk2.8-0_2.8.7.1-1.1+lenny1_i386.deb
edbf452341ecb2702f9b5e10558e88a8 91842 libdevel optional
libwxgtk2.8-dev_2.8.7.1-1.1+lenny1_i386.deb
3af471989f1461812184e1997c2e225b 24102752 libdevel extra
libwxgtk2.8-dbg_2.8.7.1-1.1+lenny1_i386.deb
69be1c41758664b84e34d11d5b0c7f47 9444950 python optional
python-wxgtk2.8_2.8.7.1-1.1+lenny1_i386.deb
9b2395d6084e2f07dc514a824d654ad0 34725574 python extra
python-wxgtk2.8-dbg_2.8.7.1-1.1+lenny1_i386.deb
8d6d1fc4216988554b9d8f34d0d40469 1099970 devel optional
wx2.8-headers_2.8.7.1-1.1+lenny1_i386.deb
4627c7e8dff7b126050e979d2f20c2d1 779384 libs optional
wx2.8-i18n_2.8.7.1-1.1+lenny1_all.deb
6061427a5fa642aaf032d8e92d661f9a 2077546 doc optional
wx2.8-doc_2.8.7.1-1.1+lenny1_all.deb
a441eef8c835207a1fed60aafe8c6ac2 6606152 devel optional
wx2.8-examples_2.8.7.1-1.1+lenny1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkqzt08ACgkQ62zWxYk/rQdUeACfc97O/jhs6T9VW3VkjKK8pbet
MtQAoIYEBB9WXJs8N06/DiYX8gEdIEvt
=vy9/
-----END PGP SIGNATURE-----
--- End Message ---
