Your message dated Mon, 25 Apr 2016 22:19:39 +0000 with message-id <e1auoqx-0003es...@franck.debian.org> and subject line Bug#822242: fixed in libgd2 2.0.36~rc1~dfsg-6.1+deb7u2 has caused the Debian Bug report #822242, regarding libgd2: CVE-2016-3074: Signedness vulnerability causing heap overflow to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 822242: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=822242 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libgd2 Version: 2.1.1-4 Severity: grave Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for libgd2. CVE-2016-3074[0]: Signedness vulnerability causing heap overflow If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-3074 [1] https://github.com/libgd/libgd/commit/2bb97f407c1145c850416a3bfbcc8cf124e68a19 Please adjust the affected versions in the BTS as needed. Salvatore
--- End Message ---
--- Begin Message ---Source: libgd2 Source-Version: 2.0.36~rc1~dfsg-6.1+deb7u2 We believe that the bug you reported is fixed in the latest version of libgd2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 822...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated libgd2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 23 Apr 2016 11:39:20 +0200 Source: libgd2 Binary: libgd-tools libgd2-xpm-dev libgd2-noxpm-dev libgd2-xpm libgd2-noxpm Architecture: source amd64 Version: 2.0.36~rc1~dfsg-6.1+deb7u2 Distribution: wheezy-security Urgency: high Maintainer: GD team <pkg-gd-de...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: libgd-tools - GD command line tools and example code libgd2-noxpm - GD Graphics Library version 2 (without XPM support) libgd2-noxpm-dev - GD Graphics Library version 2 (development version) libgd2-xpm - GD Graphics Library version 2 libgd2-xpm-dev - GD Graphics Library version 2 (development version) Closes: 822242 Changes: libgd2 (2.0.36~rc1~dfsg-6.1+deb7u2) wheezy-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2016-3074: Signedness vulnerability causing heap overflow (Closes: #822242) Checksums-Sha1: 619c3503f0e67cc84665423e1dc7169f99bdfec0 2411 libgd2_2.0.36~rc1~dfsg-6.1+deb7u2.dsc 090329d88b9b028f5ab65f9c92f7b96daa8f5ab7 28717 libgd2_2.0.36~rc1~dfsg-6.1+deb7u2.debian.tar.gz 8d681d996b1a1606b8f80e895e94f5ec23648845 169556 libgd-tools_2.0.36~rc1~dfsg-6.1+deb7u2_amd64.deb 70f5628e1247004304f36fb07a2e52e8120a7fa3 374904 libgd2-xpm-dev_2.0.36~rc1~dfsg-6.1+deb7u2_amd64.deb 7d3da06d94fa42160c5beb99b6c81572ff5a2d4c 372156 libgd2-noxpm-dev_2.0.36~rc1~dfsg-6.1+deb7u2_amd64.deb 2c038c10404b049adc852c84575b2feba7d7b337 233568 libgd2-xpm_2.0.36~rc1~dfsg-6.1+deb7u2_amd64.deb 868001e4c47528bfcfebd11ccaf45a206b5064e7 231158 libgd2-noxpm_2.0.36~rc1~dfsg-6.1+deb7u2_amd64.deb Checksums-Sha256: 8c3d01be1f7528a164efe063c8df17e869a9a6b3c9ca0e786f3671d09100ea8d 2411 libgd2_2.0.36~rc1~dfsg-6.1+deb7u2.dsc f32001406f86bda78f5a194457c9d7107ad7a4a141d3305067448918653c05d5 28717 libgd2_2.0.36~rc1~dfsg-6.1+deb7u2.debian.tar.gz 43f80cf1a9b9b11df62609b2ad95932f61dbee6614adb483dbccca72d12f2e13 169556 libgd-tools_2.0.36~rc1~dfsg-6.1+deb7u2_amd64.deb 552f54c73b0037cbabb36eb86d235dd968e140affeb10010f629b06d6aaf7c8d 374904 libgd2-xpm-dev_2.0.36~rc1~dfsg-6.1+deb7u2_amd64.deb ee8500868c8d83ba49454b9439a73654e188d030cb3880745bab33483b34ba6a 372156 libgd2-noxpm-dev_2.0.36~rc1~dfsg-6.1+deb7u2_amd64.deb 1eb39b4cfbf297fe7cc6276ef03d9eb1ed642c21e38335067ee8478a7f7ca184 233568 libgd2-xpm_2.0.36~rc1~dfsg-6.1+deb7u2_amd64.deb eb0a541721592ca50f585883db003c5e9b27b5207c62b66110ed5fcedc72397a 231158 libgd2-noxpm_2.0.36~rc1~dfsg-6.1+deb7u2_amd64.deb Files: 3b496b087c4391d947191bad5db23f9a 2411 graphics optional libgd2_2.0.36~rc1~dfsg-6.1+deb7u2.dsc 312db3cafcd933e16ef7e85ae2e5d048 28717 graphics optional libgd2_2.0.36~rc1~dfsg-6.1+deb7u2.debian.tar.gz 561e3a85bbeafaee0c40bf4857e9c1b2 169556 graphics optional libgd-tools_2.0.36~rc1~dfsg-6.1+deb7u2_amd64.deb c4ff026d99dead953e5439ada01248c0 374904 libdevel optional libgd2-xpm-dev_2.0.36~rc1~dfsg-6.1+deb7u2_amd64.deb 753b67bb8a3e5762762a8f9bcc92e711 372156 libdevel optional libgd2-noxpm-dev_2.0.36~rc1~dfsg-6.1+deb7u2_amd64.deb a713e5b5086a9e5f7164ce08abdc7fcd 233568 libs optional libgd2-xpm_2.0.36~rc1~dfsg-6.1+deb7u2_amd64.deb a5383078f1bf3fede03b3f80acb5a57f 231158 libs optional libgd2-noxpm_2.0.36~rc1~dfsg-6.1+deb7u2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJXG4PsAAoJEAVMuPMTQ89EW/UP/2e04vVcbuqtkgmll9iBeTjp wC3PQWJpror2lDMmkUlCbt6zmgGgrf87Ufrc1WjKY0hy0wME2FbCMDH8DW7YUk0h dv+kpZEZxG8hKnoFUAoY/Wn+CitIsdmceh31FaU3qhI5BZBt1/t3Z+iHdhis0Kcz zjMoEPK9+pYakfSeK2fvFElFRjyOGjLt5Lk29uown6CI+FSjW6AnYtPENlfNJwJb Vlp2abqLTyS8iRHSkHTfKuxuthJQMyOMLrquRLxFCdU+Zevvy3NoH6Eoim4/e28I exyLN9y3IzCR4lZaZ1Kcpo2bpP1GmF18Q05R1H50t2WUKUIiMGudNiH0B49AfYDq LQZUGtO9YBK70Mi5VwvdEFTva8LWvYPsY8Ay1x7toyhh05ekbUsr3pvab9KQ8wHe 4RXuMcTbR1rFoJXBs8NXy90teFbDa3cco5g0s/TFRscIYEYQmEdoy2igLFCcW0v/ B/vBCLSgRMxb7ZtnMq4hSUCss9tzx1Q/svuKMJkKKJttadwxhTghbnfUg24nvxYk jg+SsoI1DXHR4a9WAOtjuxH9N1DMQGW79FfVm8CWLYb4ek75cphppcOXXkNDil7T 5CT1t5mEkHbGM9DuaGT7WBzgZrsYaR0viv/zxyPd6hnZ7VScXPEa3rOdqoYcVALn uiVpDyZoH4Fixcv3nQ5/ =fgJf -----END PGP SIGNATURE-----
--- End Message ---
