Your message dated Thu, 18 Aug 2005 00:02:05 -0700 with message-id <[EMAIL PROTECTED]> and subject line Bug#284124: fixed in zgv 5.9-1 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 3 Dec 2004 21:07:02 +0000 >From [EMAIL PROTECTED] Fri Dec 03 13:07:02 2004 Return-path: <[EMAIL PROTECTED]> Received: from kitenet.net [64.62.161.42] (postfix) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1CaKdq-0005Ed-00; Fri, 03 Dec 2004 13:07:02 -0800 Received: from dragon.kitenet.net (unknown [66.168.94.144]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "Joey Hess", Issuer "Joey Hess" (verified OK)) by kitenet.net (Postfix) with ESMTP id D09FC1804E for <[EMAIL PROTECTED]>; Fri, 3 Dec 2004 21:07:01 +0000 (GMT) Received: by dragon.kitenet.net (Postfix, from userid 1000) id 59FC46E508; Fri, 3 Dec 2004 16:08:33 -0500 (EST) Date: Fri, 3 Dec 2004 16:08:33 -0500 From: Joey Hess <[EMAIL PROTECTED]> To: Debian Bug Tracking System <[EMAIL PROTECTED]> Subject: multiple heap overflows (CAN-2004-1095) Message-ID: <[EMAIL PROTECTED]> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="dDRMvlgZJXvWKvBx" Content-Disposition: inline X-Reportbug-Version: 3.2 User-Agent: Mutt/1.5.6+20040907i Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: --dDRMvlgZJXvWKvBx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Package: zgv Version: 5.7-1.2 Severity: grave Tags: patch, security There are a bunch of buffer overflows in zgv. See http://marc.theaimsgroup.com/?l=3Dbugtraq&m=3D109886210702781&w=3D2 Upstream has a patch at http://www.svgalib.org/rus/zgv/ and promised a better fix later. This patch should be applied to Debian immediatly. --=20 see shy jo --dDRMvlgZJXvWKvBx Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBsNXRd8HHehbQuO8RAqXzAKDadHbltGMdy62Owc5e5KIlMu+4TgCfTi8e +8PfLiqTG2W20A+kvtXtcRM= =3u2n -----END PGP SIGNATURE----- --dDRMvlgZJXvWKvBx-- --------------------------------------- Received: (at 284124-close) by bugs.debian.org; 18 Aug 2005 07:11:21 +0000 >From [EMAIL PROTECTED] Thu Aug 18 00:11:21 2005 Return-path: <[EMAIL PROTECTED]> Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian)) id 1E5ePd-0006mX-00; Thu, 18 Aug 2005 00:02:05 -0700 From: Christian Haggstrom <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] X-Katie: $Revision: 1.56 $ Subject: Bug#284124: fixed in zgv 5.9-1 Message-Id: <[EMAIL PROTECTED]> Sender: Archive Administrator <[EMAIL PROTECTED]> Date: Thu, 18 Aug 2005 00:02:05 -0700 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-CrossAssassin-Score: 4 Source: zgv Source-Version: 5.9-1 We believe that the bug you reported is fixed in the latest version of zgv, which is due to be installed in the Debian FTP archive: zgv_5.9-1.diff.gz to pool/main/z/zgv/zgv_5.9-1.diff.gz zgv_5.9-1.dsc to pool/main/z/zgv/zgv_5.9-1.dsc zgv_5.9-1_i386.deb to pool/main/z/zgv/zgv_5.9-1_i386.deb zgv_5.9.orig.tar.gz to pool/main/z/zgv/zgv_5.9.orig.tar.gz A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Christian Haggstrom <[EMAIL PROTECTED]> (supplier of updated zgv package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Wed, 17 Aug 2005 00:17:57 +0200 Source: zgv Binary: zgv Architecture: source i386 Version: 5.9-1 Distribution: unstable Urgency: low Maintainer: Christian Haggstrom <[EMAIL PROTECTED]> Changed-By: Christian Haggstrom <[EMAIL PROTECTED]> Description: zgv - SVGAlib graphics viewer Closes: 262164 263240 263785 284124 321593 Changes: zgv (5.9-1) unstable; urgency=low . * New upstream release. - Added more multiple-image GIF brokenness checks than before. - Fixed a problem with freeing memory when a GIF fails to load. - Fixed a possible hang when reading GIF files with corrupted extension blocks. - Fixed a possible hang when reading corrupted non-raw PBM files. - Added support for dithering in 15/16-bit modes. * Acknowledge security fix in NMU, closes: #284124. The patch also fixed CAN-2004-0999: Animated GIF causes segfault. * Acknowledge NMUs. Closes: #263240, #262164 * debian/control: Add amd64 to the list of architectures. Closes: #263785 * debian/presubj: Suggest bug reporters to consider svgalib instead. Many bugs reported on zgv are in fact in svgalib. * debian/rules: Don't use deprecated dh_installmanpages. * debian/postinst, debian/rules: Use chmod instead of dpkg-statoverride for the suid root binary. Closes: #321593 Files: b1c32f6bfc7d7947cc46e0d1c422d6b7 610 graphics optional zgv_5.9-1.dsc d65a434ddeb612f0c488177f873afad2 395525 graphics optional zgv_5.9.orig.tar.gz d550ac2923af858d3ee08a67a37e4852 8863 graphics optional zgv_5.9-1.diff.gz 0036a33ebeecc6681754930dfc24c243 235428 graphics optional zgv_5.9-1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDBC1sjfWLtkqIVOYRAnVqAJ9dK9ZKpEZD0j0jiVBRBD+Wo8gVDwCfUiMi eMCs9pHC+5V47G06hOosTWM= =Gbtq -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]