Your message dated Fri, 22 Feb 2019 08:35:20 +0000 with message-id <e1gx6ii-000hj7...@fasolo.debian.org> and subject line Bug#874109: fixed in pngcrush 1.8.13-0.1 has caused the Debian Bug report #874109, regarding pngcrush: CVE-2015-7700 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 874109: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874109 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: pngcrush Version: 1.7.65-0.1 Severity: important Tags: security upstream patch Hi, the following vulnerability was published for pngcrush. CVE-2015-7700[0]: | Double-free vulnerability in the sPLT chunk structure and png.c in | pngcrush before 1.7.87 allows attackers to have unspecified impact via | unknown vectors. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-7700 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7700 [1] http://sourceforge.net/p/pmt/code/ci/e8ae5a842e86324f0bee91f4d98245fddb8ea5dd Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: pngcrush Source-Version: 1.8.13-0.1 We believe that the bug you reported is fixed in the latest version of pngcrush, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 874...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Tille <ti...@debian.org> (supplier of updated pngcrush package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 22 Feb 2019 09:07:23 +0100 Source: pngcrush Binary: pngcrush Architecture: source Version: 1.8.13-0.1 Distribution: unstable Urgency: medium Maintainer: Margarita Manterola <ma...@debian.org> Changed-By: Andreas Tille <ti...@debian.org> Description: pngcrush - optimizes PNG (Portable Network Graphics) files Closes: 874109 Changes: pngcrush (1.8.13-0.1) unstable; urgency=medium . * Non-maintainer upload. * New upstream version * Decide for latest upstream but found in upstream changelog: Version 1.7.87 (built with libpng-1.6.18 and zlib-1.2.8) Fixed a double-free bug (CVE-2015-7700). There was a "free" of the sPLT chunk structure in pngcrush and then again in png.c (Bug report by Brian Carpenter). Closes: #874109 * Standards-Version: 4.3.0 * Remove custom compression settings in debian/source/options * hardening=+all Checksums-Sha1: 36c3c08299bd7206a47e3944c5c6df4b030f9a1f 1991 pngcrush_1.8.13-0.1.dsc 20654cd63a90afa9fec947cd7547edd3cf9ea975 66104 pngcrush_1.8.13.orig.tar.xz 1e4fb2720e66910d847bd5714a2e6a40e12a9214 14300 pngcrush_1.8.13-0.1.debian.tar.xz Checksums-Sha256: 4fa7134d80352bd445b5075853a608197f0a9046962ffca2939cb7103d8e5b6a 1991 pngcrush_1.8.13-0.1.dsc 3b4eac8c5c69fe0894ad63534acedf6375b420f7038f7fc003346dd352618350 66104 pngcrush_1.8.13.orig.tar.xz 211b1b20798bdb38d2c407200e6008753f3a4cb5145138bab29b607bafdbdc42 14300 pngcrush_1.8.13-0.1.debian.tar.xz Files: 0ef800f538212411bee5c9334dbd50cf 1991 graphics optional pngcrush_1.8.13-0.1.dsc 3ef6abefa978dc021bd3dd41c602e822 66104 graphics optional pngcrush_1.8.13.orig.tar.xz e4c18146fe56f16e48b22d01329a114c 14300 graphics optional pngcrush_1.8.13-0.1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQJFBAEBCAAvFiEE8fAHMgoDVUHwpmPKV4oElNHGRtEFAlxvrlkRHHRpbGxlQGRl Ymlhbi5vcmcACgkQV4oElNHGRtHWMQ//cLssmUJE/ocKJSmqbvAd6/ahHp2E6rSq 5ELSrgLCcDnbm5htJJxNjGRh8girECmJyeXYumcprI5lzdjYvslv6QQgUbNw6Xao gs+SdddKSK8DeZAgTdSGUb+VrvKzhxE+cflD5ZdEBvuIbq04yUuYbubz+Qu+aABF 5Nq0UUDYjxo35+if5I6ozxRpxY+MQb2NaC964aZ2+kRBXQIurNnRdr/4jxojB82s Ue7fN5L0WaUg7uSar0QBmte6d4pfd+UxRvmGt4fidts+pvsos0277UGovMXr9y1K TgYGwZ3xTpASLOZWZrUCwWTTZPuRsYEDtTB4hWaVubr/h3rwDijQduOTSvJdkHF8 S+HaDcl8W28lMNqAQv7BRld1JwT3CCRMR3HNjVcCJA5KKhIIntMeLrVdS5b3iPDc XeHvPJ7ZhL4K9tYI5ga1R47rdok3NwlFiWYHiLyDqI99UJdZICgZMEnIFuCfjeJq MZtU/urc+Vwohi7JdyMpX3GYFbv4POesNP7kwcXmGLBkKOkUkQWPTyqe3+N4zw7w fvzxTuKaa74lgdC+82fEG7VroF+XrWx/PQHcyL2CHkQ1upPyqC6qRs0Mrd9x3qJf Q5iAnQaGwb96rb1jqYWeoSGXjCO/6EjKNLdOTLeY+z3902bzWT06WLnGVmClRIXc kBzDnSjanp4= =tme3 -----END PGP SIGNATURE-----
--- End Message ---
