Your message dated Mon, 13 Nov 2006 09:17:15 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#398292: fixed in gv 1:3.6.2-2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: gv
Version: 1:3.6.2-1
Severity: grave
Tags: security
Justification: user security hole
A vulnerability has been found in gv. From
http://secunia.com/advisories/22787/ :
"Renaud Lifchitz has reported a vulnerability in GNU gv, which can be exploited
by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within the "ps_gettext()"
function in ps.c. This can be exploited to cause a stack-based buffer overflow
by e.g. tricking a user into opening a specially crafted PostScript file.
The vulnerability is reported in version 3.6.2. Other versions may also be
affected."
More information is at
http://sysdream.com/article.php?story_id=258§ion_id=78
--- End Message ---
--- Begin Message ---
Source: gv
Source-Version: 1:3.6.2-2
We believe that the bug you reported is fixed in the latest version of
gv, which is due to be installed in the Debian FTP archive:
gv_3.6.2-2.diff.gz
to pool/main/g/gv/gv_3.6.2-2.diff.gz
gv_3.6.2-2.dsc
to pool/main/g/gv/gv_3.6.2-2.dsc
gv_3.6.2-2_amd64.deb
to pool/main/g/gv/gv_3.6.2-2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christoph Berg <[EMAIL PROTECTED]> (supplier of updated gv package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 13 Nov 2006 15:39:11 +0100
Source: gv
Binary: gv
Architecture: source amd64
Version: 1:3.6.2-2
Distribution: unstable
Urgency: high
Maintainer: Christoph Berg <[EMAIL PROTECTED]>
Changed-By: Christoph Berg <[EMAIL PROTECTED]>
Description:
gv - PostScript and PDF viewer for X
Closes: 398292
Changes:
gv (1:3.6.2-2) unstable; urgency=high
.
* Apply patch by Werner Fink to fix ps_gettext() buffer overflow
vulnerability (Closes: #398292, CVE-2006-5864).
* Put @dircategory before @direntry so that it still works as debhelper
doesn't parse INFO-DIR-SECTION anymore (See: #337215, Blame: texinfo).
Files:
d7812df010eaede7871df95efbfc5c0b 567 text optional gv_3.6.2-2.dsc
09d4dadd1e0cb6bd07dfc4764c781038 12425 text optional gv_3.6.2-2.diff.gz
2f89df4a1aa68a3e93b5039c89aad5a4 181326 text optional gv_3.6.2-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFWKUXxa93SlhRC1oRAkhfAKC3UfHSiU6Mzkq9Ay4YSn8aF6x6dACeIYDa
KyjERcR4/25Unl8lBWerzBE=
=MaTk
-----END PGP SIGNATURE-----
--- End Message ---
