Bug#1051738: marked as done (freeimage: CVE-2020-21428)
Your message dated Mon, 18 Dec 2023 18:32:34 + with message-id and subject line Bug#1051738: fixed in freeimage 3.18.0+ds2-6+deb11u1 has caused the Debian Bug report #1051738, regarding freeimage: CVE-2020-21428 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1051738: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051738 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: freeimage X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for freeimage. CVE-2020-21428[0]: | Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp | in FreeImage 3.18.0 allows remote attackers to run arbitrary code | and cause other impacts via crafted image file. https://sourceforge.net/p/freeimage/bugs/299/ This appears to be fixed in r1877 of the upstream Subversion repository If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-21428 https://www.cve.org/CVERecord?id=CVE-2020-21428 Please adjust the affected versions in the BTS as needed. --- End Message --- --- Begin Message --- Source: freeimage Source-Version: 3.18.0+ds2-6+deb11u1 Done: Moritz Mühlenhoff We believe that the bug you reported is fixed in the latest version of freeimage, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1051...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Moritz Mühlenhoff (supplier of updated freeimage package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 15 Dec 2023 20:11:17 +0100 Source: freeimage Architecture: source Version: 3.18.0+ds2-6+deb11u1 Distribution: bullseye-security Urgency: medium Maintainer: Debian Science Maintainers Changed-By: Moritz Mühlenhoff Closes: 1051737 1051738 1051889 Changes: freeimage (3.18.0+ds2-6+deb11u1) bullseye-security; urgency=medium . * CVE-2020-21427 (Closes: #1051737) * CVE-2020-21428 (Closes: #1051738) * CVE-2020-22524 (Closes: #1051889) Checksums-Sha1: 1e04a04fdd0d68e8fefe9daf3c2b246829dcf27e 2572 freeimage_3.18.0+ds2-6+deb11u1.dsc 5c5f67837bd03cb2be596eb66d6edae735a4370d 1281524 freeimage_3.18.0+ds2.orig.tar.xz dee1afb63e26e4488b654d60fdc60cf4d40e4856 27796 freeimage_3.18.0+ds2-6+deb11u1.debian.tar.xz 8e905e099f32b1053388abd44e85d9a575dee53d 9366 freeimage_3.18.0+ds2-6+deb11u1_amd64.buildinfo Checksums-Sha256: f983ea41debd44869c57f1794cd818d03e2c3bb1937f9480ec55ec9426175ece 2572 freeimage_3.18.0+ds2-6+deb11u1.dsc 4425d04d4691084260848d67eb79949ea7c129d85c73a72066ba609fd3f3aa39 1281524 freeimage_3.18.0+ds2.orig.tar.xz 6f374291f14e45972c7a207bdf5331d8ae3c51b780385c7685ec70e925df2078 27796 freeimage_3.18.0+ds2-6+deb11u1.debian.tar.xz 2e579f39b0c8508a22f64cc2c45aae2387754a6d86f060cc2e7c094992841067 9366 freeimage_3.18.0+ds2-6+deb11u1_amd64.buildinfo Files: abbc1dc7ed84a9b3a7257418f950b351 2572 libs optional freeimage_3.18.0+ds2-6+deb11u1.dsc bf8d7f34b419266773255855aadfd808 1281524 libs optional freeimage_3.18.0+ds2.orig.tar.xz 1789567e7e6eb75d459f3d3e8c007fa9 27796 libs optional freeimage_3.18.0+ds2-6+deb11u1.debian.tar.xz 48c7d7669004c5c42fa752f82ed72f90 9366 libs optional freeimage_3.18.0+ds2-6+deb11u1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmV8p6oACgkQEMKTtsN8 TjaW3w//WGzCZIYlLHHJFo1FfIi6sMso3nLMrGjgbcWCggLaAeff6hPFhJdOOinH 0D9gUzMpN/3THLzV3q5DkXydqotGrL7GyhzZkkXfmj9y6z3MG174BBsuAqhEUpNw 06VESaqYbADUMxIWJ2iEHVp2zb4tGf376FqjJF/MLhEWiGN0sT+aR72UC5HcQAH+ YMYGyzRV6X+L1OneVlehogjretO4YboCESKm7OEMAG7R+Ijz1PEsGI0UO3RZSecm N2nz7gELAwwHS2Kib+EAXWStK+CN5yI4TQ2MehKOLQW8s3AsrOvG3NWlqPEekIC0 xJqWh3PlohXGDHhxFTsPAWProW8Fi+TB3yiKJkXP5xXJnICAAJNGjgZ2D/C2Qi3f eqcKskSvKspKAKGHdlN9T5neZgIVFGdzvU4/ethP56UcJe6ghtglYRs7+cI5IPQP 3MiKN2bIEJQqIxPF3We0NecsVpkGkpbG8a9TQ/S2i25jQIy7a9UTc7Iffsj6vond rSFcq/LaEhJNYVfuVuMR3REyN17VVv/1ctW5NdZ4+N3d8jv6SexjMZSdF1u9267Q +drAH73HU/UJVXyJlkTmmSZC8RrmzrutEm7JEJSzAn6ZaP0kNItOWO69xA7BSuQq
Bug#1051738: marked as done (freeimage: CVE-2020-21428)
Your message dated Mon, 18 Dec 2023 18:32:09 + with message-id and subject line Bug#1051738: fixed in freeimage 3.18.0+ds2-9+deb12u1 has caused the Debian Bug report #1051738, regarding freeimage: CVE-2020-21428 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1051738: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051738 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: freeimage X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for freeimage. CVE-2020-21428[0]: | Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp | in FreeImage 3.18.0 allows remote attackers to run arbitrary code | and cause other impacts via crafted image file. https://sourceforge.net/p/freeimage/bugs/299/ This appears to be fixed in r1877 of the upstream Subversion repository If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-21428 https://www.cve.org/CVERecord?id=CVE-2020-21428 Please adjust the affected versions in the BTS as needed. --- End Message --- --- Begin Message --- Source: freeimage Source-Version: 3.18.0+ds2-9+deb12u1 Done: Moritz Mühlenhoff We believe that the bug you reported is fixed in the latest version of freeimage, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1051...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Moritz Mühlenhoff (supplier of updated freeimage package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 15 Dec 2023 20:20:51 +0100 Source: freeimage Architecture: source Version: 3.18.0+ds2-9+deb12u1 Distribution: bookworm-security Urgency: medium Maintainer: Debian Science Maintainers Changed-By: Moritz Mühlenhoff Closes: 1051737 1051738 1051889 Changes: freeimage (3.18.0+ds2-9+deb12u1) bookworm-security; urgency=medium . * CVE-2020-21427 (Closes: #1051737) * CVE-2020-21428 (Closes: #1051738) * CVE-2020-22524 (Closes: #1051889) Checksums-Sha1: 3c6be411f4bde69a7c4075adaed9fa7049c868db 2573 freeimage_3.18.0+ds2-9+deb12u1.dsc 5c5f67837bd03cb2be596eb66d6edae735a4370d 1281524 freeimage_3.18.0+ds2.orig.tar.xz 588fcb4af91c1468559e45ec870a6488dce1abd4 29356 freeimage_3.18.0+ds2-9+deb12u1.debian.tar.xz 0ff4cd9aeb19a75642623b86f4668bdbc6eded04 9312 freeimage_3.18.0+ds2-9+deb12u1_amd64.buildinfo Checksums-Sha256: e80f525efd8118ab6d94bcf33cc6395074831681e629d6f7a4ee15a3c22c69bb 2573 freeimage_3.18.0+ds2-9+deb12u1.dsc 4425d04d4691084260848d67eb79949ea7c129d85c73a72066ba609fd3f3aa39 1281524 freeimage_3.18.0+ds2.orig.tar.xz ece2cfa2a7cc007e83119828766f429f6494f20bcee4793a9b2037c1d8d8 29356 freeimage_3.18.0+ds2-9+deb12u1.debian.tar.xz 7794f4ec10d9a675d5f57d64b0943c7fef1b4f3aa6180c5ba1e188d68cc6ce9f 9312 freeimage_3.18.0+ds2-9+deb12u1_amd64.buildinfo Files: 52a6334b252c81e07d82ac20871742b2 2573 libs optional freeimage_3.18.0+ds2-9+deb12u1.dsc bf8d7f34b419266773255855aadfd808 1281524 libs optional freeimage_3.18.0+ds2.orig.tar.xz a857785b3f7ce925c45f5def1a6be5e8 29356 libs optional freeimage_3.18.0+ds2-9+deb12u1.debian.tar.xz be8cca84ae35b23d8575512406e3c6bf 9312 libs optional freeimage_3.18.0+ds2-9+deb12u1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmV8qmYACgkQEMKTtsN8 Tja9tg/+K5+b+aSnW5fnQPIn1G88UFCNAcg6xBQ2/dgSVNoS9ziiAt3JqWnHCVCJ +PWcUhgXYSfBv5S/STgbNxIUP34RVGRDYBL1w/KLK69PjKqP+ss0aLPkiYSQxqmZ zN99NH+87bjdyFZOwzq+2i5Osc4Zokb3h7B41imSVadubyOGcvqCyCfFpI5K35FR vTsjhV6ol/zkU2gz4W9SxaWd7gqbDEo8LVmb+ZXvy2Rc69peMmOmWlSPXL8tlKKA zPaAMFYbnb1P42nEILD8Y1JNAlEKNTQzPUEPcbw55mNAA7Lz/Do60XLjKzjyD5G7 8h1iF0L4Z85vjyk17ydMAlpX2dHCYuulCq6x4fuiGuAHB/tifiiFDYks4NOFYXsS n2QuICOBFLmlCEysAoUL07AHxzGANfThgamm6Dzkdg2Pz8G+0D04IrQ5K3Eyx0tC sVU/3wSHVPZ+jshQNxnY0PX69r9uO208XsKtPla91cxhNVpfRtAwaaL5i4x/7PBF iYs+xwPL+8MRhdVeQC5IiVEWGbCZSWOtURhpKGaYYIEfKOWcv6PjkgWjQRhjAMDA RkHhwPzpHoDaYzft8RqKyLB/sKQW3hWEPBlcvWf6MVyhQv/XRxjcPgFUfsblB0f5