Your message dated Wed, 16 Nov 2005 11:32:07 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#339458: fixed in gdk-pixbuf 0.22.0-11
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 16 Nov 2005 09:17:36 +0000
>From [EMAIL PROTECTED] Wed Nov 16 01:17:36 2005
Return-path: <[EMAIL PROTECTED]>
Received: from inutil.org ([193.22.164.111]
helo=vserver151.vserver151.serverflex.de)
by spohr.debian.org with esmtp (Exim 4.50)
id 1EcJQ7-0006Do-Pd
for [EMAIL PROTECTED]; Wed, 16 Nov 2005 01:17:35 -0800
Received: from wlan-client-004.informatik.uni-bremen.de ([134.102.116.5]
helo=localhost.localdomain)
by vserver151.vserver151.serverflex.de with esmtpsa
(TLS-1.0:RSA_AES_256_CBC_SHA:32)
(Exim 4.50)
id 1EcJQ4-0006J7-RE
for [EMAIL PROTECTED]; Wed, 16 Nov 2005 10:17:32 +0100
Received: from jmm by localhost.localdomain with local (Exim 4.54)
id 1EcJPw-0001PW-KK; Wed, 16 Nov 2005 10:17:24 +0100
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code
X-Mailer: reportbug 3.17
Date: Wed, 16 Nov 2005 10:17:24 +0100
X-Debbugs-Cc: Debian Security Team <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
X-SA-Exim-Connect-IP: 134.102.116.5
X-SA-Exim-Mail-From: [EMAIL PROTECTED]
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond
expanded to false
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02
Package: gtk+2.0
Severity: grave
Tags: security
Justification: user security hole
An integer overflow in gdk-pixbuf's XPM rendering code can be exploited
to overwrite the heap and exploit arbitrary code through crafted images.
Please see www.idefense.com/application/poi/display?id=339&type=vulnerabilities
for more details.
Cheers,
Moritz
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-1-686
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
---------------------------------------
Received: (at 339458-close) by bugs.debian.org; 16 Nov 2005 19:41:26 +0000
>From [EMAIL PROTECTED] Wed Nov 16 11:41:26 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 4.50)
id 1EcT0p-0008N5-9S; Wed, 16 Nov 2005 11:32:07 -0800
From: Ryan Murray <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#339458: fixed in gdk-pixbuf 0.22.0-11
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Wed, 16 Nov 2005 11:32:07 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Source: gdk-pixbuf
Source-Version: 0.22.0-11
We believe that the bug you reported is fixed in the latest version of
gdk-pixbuf, which is due to be installed in the Debian FTP archive:
gdk-pixbuf_0.22.0-11.diff.gz
to pool/main/g/gdk-pixbuf/gdk-pixbuf_0.22.0-11.diff.gz
gdk-pixbuf_0.22.0-11.dsc
to pool/main/g/gdk-pixbuf/gdk-pixbuf_0.22.0-11.dsc
libgdk-pixbuf-dev_0.22.0-11_i386.deb
to pool/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-11_i386.deb
libgdk-pixbuf-gnome-dev_0.22.0-11_i386.deb
to pool/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-11_i386.deb
libgdk-pixbuf-gnome2_0.22.0-11_i386.deb
to pool/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-11_i386.deb
libgdk-pixbuf2_0.22.0-11_i386.deb
to pool/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-11_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ryan Murray <[EMAIL PROTECTED]> (supplier of updated gdk-pixbuf package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 16 Nov 2005 10:41:40 -0800
Source: gdk-pixbuf
Binary: libgdk-pixbuf-gnome-dev libgdk-pixbuf-dev libgdk-pixbuf-gnome2
libgdk-pixbuf2
Architecture: source i386
Version: 0.22.0-11
Distribution: unstable
Urgency: high
Maintainer: Ryan Murray <[EMAIL PROTECTED]>
Changed-By: Ryan Murray <[EMAIL PROTECTED]>
Description:
libgdk-pixbuf-dev - The GdkPixBuf library - development files
libgdk-pixbuf-gnome-dev - The GNOME1 GdkPixBuf library - development files
libgdk-pixbuf-gnome2 - The GNOME1 Canvas pixbuf library
libgdk-pixbuf2 - The GdkPixBuf image library, gtk+ 1.2 version
Closes: 339458
Changes:
gdk-pixbuf (0.22.0-11) unstable; urgency=high
.
* Fix for integer overflows in io-xpm.c which could be exploited to execute
arbitrary code (CVE-2005-2975 and CVE-2005-2976 from
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171900)
and Fix for endless loop in io-xpm.c which could cause applications to
hang (CVE-2005-3186 from
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171071)
(closes: #339458)
Files:
99b0feec1ea5c37da28845a82f42885e 709 libs optional gdk-pixbuf_0.22.0-11.dsc
028e242df86d62e43c54ae8c9adea766 411290 libs optional
gdk-pixbuf_0.22.0-11.diff.gz
dad0480ae3360e5c4ebd210be8dbb1a6 165920 oldlibs optional
libgdk-pixbuf2_0.22.0-11_i386.deb
9f1f5ce3ab21e6224fb4017491fdf596 6852 oldlibs optional
libgdk-pixbuf-gnome2_0.22.0-11_i386.deb
909745872307cebbbeb46e93d97fed65 148040 oldlibs optional
libgdk-pixbuf-dev_0.22.0-11_i386.deb
c063e2a61e71fdb166853b6bc020f0d5 7692 oldlibs optional
libgdk-pixbuf-gnome-dev_0.22.0-11_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDe4cDN2Dbz/1mRasRAh3VAJ9Vyj0nDQWIm9aMVeQFYh30WJ+GVwCbBr4W
D/2dblwQPfMbE/19Gyg86z4=
=JDjg
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
