Your message dated Mon, 18 Dec 2023 18:32:09 +0000
with message-id <e1rfipr-008ido...@fasolo.debian.org>
and subject line Bug#1051738: fixed in freeimage 3.18.0+ds2-9+deb12u1
has caused the Debian Bug report #1051738,
regarding freeimage: CVE-2020-21428
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1051738: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051738
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: freeimage
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for freeimage.
CVE-2020-21428[0]:
| Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp
| in FreeImage 3.18.0 allows remote attackers to run arbitrary code
| and cause other impacts via crafted image file.
https://sourceforge.net/p/freeimage/bugs/299/
This appears to be fixed in r1877 of the upstream Subversion repository
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-21428
https://www.cve.org/CVERecord?id=CVE-2020-21428
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: freeimage
Source-Version: 3.18.0+ds2-9+deb12u1
Done: Moritz Mühlenhoff <j...@debian.org>
We believe that the bug you reported is fixed in the latest version of
freeimage, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1051...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Mühlenhoff <j...@debian.org> (supplier of updated freeimage package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 15 Dec 2023 20:20:51 +0100
Source: freeimage
Architecture: source
Version: 3.18.0+ds2-9+deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: Debian Science Maintainers
<debian-science-maintain...@lists.alioth.debian.org>
Changed-By: Moritz Mühlenhoff <j...@debian.org>
Closes: 1051737 1051738 1051889
Changes:
freeimage (3.18.0+ds2-9+deb12u1) bookworm-security; urgency=medium
.
* CVE-2020-21427 (Closes: #1051737)
* CVE-2020-21428 (Closes: #1051738)
* CVE-2020-22524 (Closes: #1051889)
Checksums-Sha1:
3c6be411f4bde69a7c4075adaed9fa7049c868db 2573
freeimage_3.18.0+ds2-9+deb12u1.dsc
5c5f67837bd03cb2be596eb66d6edae735a4370d 1281524
freeimage_3.18.0+ds2.orig.tar.xz
588fcb4af91c1468559e45ec870a6488dce1abd4 29356
freeimage_3.18.0+ds2-9+deb12u1.debian.tar.xz
0ff4cd9aeb19a75642623b86f4668bdbc6eded04 9312
freeimage_3.18.0+ds2-9+deb12u1_amd64.buildinfo
Checksums-Sha256:
e80f525efd8118ab6d94bcf33cc6395074831681e629d6f7a4ee15a3c22c69bb 2573
freeimage_3.18.0+ds2-9+deb12u1.dsc
4425d04d4691084260848d67eb79949ea7c129d85c73a72066ba609fd3f3aa39 1281524
freeimage_3.18.0+ds2.orig.tar.xz
bbbbece2cfa2a7cc007e83119828766f429f6494f20bcee4793a9b2037c1d8d8 29356
freeimage_3.18.0+ds2-9+deb12u1.debian.tar.xz
7794f4ec10d9a675d5f57d64b0943c7fef1b4f3aa6180c5ba1e188d68cc6ce9f 9312
freeimage_3.18.0+ds2-9+deb12u1_amd64.buildinfo
Files:
52a6334b252c81e07d82ac20871742b2 2573 libs optional
freeimage_3.18.0+ds2-9+deb12u1.dsc
bf8d7f34b419266773255855aadfd808 1281524 libs optional
freeimage_3.18.0+ds2.orig.tar.xz
a857785b3f7ce925c45f5def1a6be5e8 29356 libs optional
freeimage_3.18.0+ds2-9+deb12u1.debian.tar.xz
be8cca84ae35b23d8575512406e3c6bf 9312 libs optional
freeimage_3.18.0+ds2-9+deb12u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmV8qmYACgkQEMKTtsN8
Tja9tg/+K5+b+aSnW5fnQPIn1G88UFCNAcg6xBQ2/dgSVNoS9ziiAt3JqWnHCVCJ
+PWcUhgXYSfBv5S/STgbNxIUP34RVGRDYBL1w/KLK69PjKqP+ss0aLPkiYSQxqmZ
zN99NH+87bjdyFZOwzq+2i5Osc4Zokb3h7B41imSVadubyOGcvqCyCfFpI5K35FR
vTsjhV6ol/zkU2gz4W9SxaWd7gqbDEo8LVmb+ZXvy2Rc69peMmOmWlSPXL8tlKKA
zPaAMFYbnb1P42nEILD8Y1JNAlEKNTQzPUEPcbw55mNAA7Lz/Do60XLjKzjyD5G7
8h1iF0L4Z85vjyk17ydMAlpX2dHCYuulCq6x4fuiGuAHB/tifiiFDYks4NOFYXsS
n2QuICOBFLmlCEysAoUL07AHxzGANfThgamm6Dzkdg2Pz8G+0D04IrQ5K3Eyx0tC
sVU/3wSHVPZ+jshQNxnY0PX69r9uO208XsKtPla91cxhNVpfRtAwaaL5i4x/7PBF
iYs+xwPL+8MRhdVeQC5IiVEWGbCZSWOtURhpKGaYYIEfKOWcv6PjkgWjQRhjAMDA
RkHhwPzpHoDaYzft8RqKyLB/sKQW3hWEPBlcvWf6MVyhQv/XRxjcPgFUfsblB0f5
r5T8V+WZ0dr6kt5q/8MGqXu5+oVy3JwToms1pM8M3Yuf/Zayb6Y=
=QB72
-----END PGP SIGNATURE-----
--- End Message ---
