Your message dated Tue, 11 Oct 2016 19:20:47 +0000 with message-id <e1bu2bx-0007uh...@franck.debian.org> and subject line Bug#839827: fixed in freeimage 3.17.0+ds1-3 has caused the Debian Bug report #839827, regarding freeimage: CVE-2016-5684 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 839827: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839827 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: freeimage Version: 3.17.0+ds1-2 Severity: grave Tags: security upstream Justification: user security hole Hi, the following vulnerability was published for freeimage. CVE-2016-5684[0]: XMP Image Handling Code Execution Vulnerability If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-5684 Please adjust the affected versions in the BTS as needed. Only sid has been checked source wise in this case. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: freeimage Source-Version: 3.17.0+ds1-3 We believe that the bug you reported is fixed in the latest version of freeimage, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 839...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Ghislain Antony Vaillant <ghisv...@gmail.com> (supplier of updated freeimage package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 10 Oct 2016 15:12:26 +0100 Source: freeimage Binary: libfreeimage-dev libfreeimage3 libfreeimage3-dbg libfreeimageplus-dev libfreeimageplus-doc libfreeimageplus3 libfreeimageplus3-dbg Architecture: source Version: 3.17.0+ds1-3 Distribution: unstable Urgency: critical Maintainer: Debian Science Maintainers <debian-science-maintain...@lists.alioth.debian.org> Changed-By: Ghislain Antony Vaillant <ghisv...@gmail.com> Description: libfreeimage-dev - Support library for graphics image formats (development files) libfreeimage3 - Support library for graphics image formats (library) libfreeimage3-dbg - Support library for graphics image formats (debugging symbols) libfreeimageplus-dev - C++ wrappers for FreeImage (development files) libfreeimageplus-doc - C++ wrappers for FreeImage (documentation) libfreeimageplus3 - C++ wrappers for freeimage (library) libfreeimageplus3-dbg - C++ wrappers for FreeImage (debugging symbols) Closes: 839827 Changes: freeimage (3.17.0+ds1-3) unstable; urgency=critical . [ Ghislain Antony Vaillant ] * Fix CVE-2016-5864: apply patch from wheezy-security. Thanks to Salvatore Bonaccorso, Balint Reczey and Chris Lamb (Closes: #839827) * d/gbp.conf: use master as packaging branch. * Bump standards version to 3.9.8, no changes required. * Upgrade to debhelper 10. - Bump compat version to 10. - Bump versioned depends of debhelper to 10. - Drop explicit usage of `--with autoreconf` from dh command. - Drop explicit usage of `--parallel` from dh command. * Use DEB_BUILD_MAINT_OPTIONS for hardening. * Disable PIE hardening feature. . [ Anton Gladky ] * Change the urgency to critical. Checksums-Sha1: 88711d92a06d6a989b24472eb8bc3e15ae5e8e9c 2675 freeimage_3.17.0+ds1-3.dsc d7afc36f02cc5a4be21a2471f684ad44749e5444 22936 freeimage_3.17.0+ds1-3.debian.tar.xz Checksums-Sha256: 13504bfc404f9f7806a11820734d42f790a31f8d475dff433470b1c5892156c6 2675 freeimage_3.17.0+ds1-3.dsc ec4e0328dea5989a7c5e8b54fa4a81be214cc7d7bd4febfe4a516ebaf27349ce 22936 freeimage_3.17.0+ds1-3.debian.tar.xz Files: aa7f6df0440daf387c979295e3ce7c07 2675 libs optional freeimage_3.17.0+ds1-3.dsc 29c869efc7a73cdef6d132959163e8f7 22936 libs optional freeimage_3.17.0+ds1-3.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJX/TMcAAoJENPhc4PPp/8G78UQAJPSrpi9Kb4CjXUh0EuBzmk1 8VXoCSKx61Bw1Y68nvLhbcvmIJT8jzmLxZXYnVhn1B9p+Q97ZSoFz/89ITzhQNH7 NrcU0wCS9upXx3th5ThJBkhqqdl3orQDiTlhRvViBiUTcwRc/YuZutp6/FqwCc8T Eoi3YksNV5ShyAHYT3E521KzYeb/HQ6wJGEptzJmL0fgxLeVQZ4/hCSv6U5TX6O7 rmE8TBPARckIU7l5P4v1KHds5T2joiE20OEFzNTo+ZylvtjHHUEFs758D+tFekef 9hREardF8G1ou+OcJKfIqsjb1pPBMCAX1QzyaX+S89hWwpvMnca4z561s/gIyJlY 15qncvq5lsfgnm8lhnHFGsxQFRJ7DrMvjesagk5nKxYx+HPD8j5YDYbMza8povXO eEVFZCVbizrjRS7DHiig0Fgs0Pg8Tbyjdg6M6kCW4LxQsRhs9vBML2QV08+7n2Fj L9EDnRw708F3rCW9xYZcuY4u0rujDtdwor9ycK4+4z7Uyhx3zhVb/qSu3NtwQgGl CxXemU95JtmMqIsAivnw+wCJe9WwxtwRGH8+DLaVdWoTW1IoypOIz/jMtGRtnCxZ Pq0lC5jm4esIL/QHAZ+GjD9tXPWNDOAuO6XnPzMhFn28A5wJ1X0SBuWC4i/9WtyQ vTRAGp00ZuJlEl1pfyf4 =yCag -----END PGP SIGNATURE-----
--- End Message ---
