Your message dated Sat, 21 Jun 2008 05:32:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#486328: fixed in exiv2 0.17.1-1
has caused the Debian Bug report #486328,
regarding CVE-2008-2696: DoS via metadata in images
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
486328: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=486328
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: exiv2
Severity: grave
Tags: security, patch
Justification: user security hole
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for exiv2.
CVE-2008-2696[0]:
Exiv2 0.16 allows user-assisted remote attackers to cause a denial of
service (divide-by-zero and application crash) via a zero value in Nikon
lens information in the metadata of an image, related to "pretty
printing" and the RationalValue::toLong function.
See upstream patch at:
http://dev.robotbattle.com/cgi-bin/viewvc.cgi/exiv2/trunk/src/nikonmn.cpp?r1=1473&r2=1499
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2696
http://security-tracker.debian.net/tracker/CVE-2008-2696
--- End Message ---
--- Begin Message ---
Source: exiv2
Source-Version: 0.17.1-1
We believe that the bug you reported is fixed in the latest version of
exiv2, which is due to be installed in the Debian FTP archive:
exiv2_0.17.1-1.diff.gz
to pool/main/e/exiv2/exiv2_0.17.1-1.diff.gz
exiv2_0.17.1-1.dsc
to pool/main/e/exiv2/exiv2_0.17.1-1.dsc
exiv2_0.17.1-1_powerpc.deb
to pool/main/e/exiv2/exiv2_0.17.1-1_powerpc.deb
exiv2_0.17.1.orig.tar.gz
to pool/main/e/exiv2/exiv2_0.17.1.orig.tar.gz
libexiv2-4_0.17.1-1_powerpc.deb
to pool/main/e/exiv2/libexiv2-4_0.17.1-1_powerpc.deb
libexiv2-dev_0.17.1-1_powerpc.deb
to pool/main/e/exiv2/libexiv2-dev_0.17.1-1_powerpc.deb
libexiv2-doc_0.17.1-1_all.deb
to pool/main/e/exiv2/libexiv2-doc_0.17.1-1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mark Purcell <[EMAIL PROTECTED]> (supplier of updated exiv2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 21 Jun 2008 08:23:53 +1000
Source: exiv2
Binary: exiv2 libexiv2-4 libexiv2-dev libexiv2-doc
Architecture: source all powerpc
Version: 0.17.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian KDE Extras Team <pkg-kde-extras@lists.alioth.debian.org>
Changed-By: Mark Purcell <[EMAIL PROTECTED]>
Description:
exiv2 - EXIF/IPTC metadata manipulation tool
libexiv2-4 - EXIF/IPTC metadata manipulation library
libexiv2-dev - EXIF/IPTC metadata manipulation library - development files
libexiv2-doc - EXIF/IPTC metadata manipulation library - HTML documentation
Closes: 485670 486328
Changes:
exiv2 (0.17.1-1) unstable; urgency=medium
.
* New upstream release
- Library transition cleared on debian-release/ d-d-a
* Version 0.17 also fixes:
- CVE-2008-2696: DoS via metadata in images (Closes: #486328)
- crashes when fed with wrong file (Closes: #485670)
* Urgency medium for CVE fix
* debian/patches/gcc4.3.diff unecessary for gcc-4.3
* Add /usr/share/bug/exiv2/presubj message for reportbug(1)
Checksums-Sha1:
0a9165530debd9308d3b440a6b82a75a099f853c 1368 exiv2_0.17.1-1.dsc
7872fde6181dd0958c8d855bea35b95094ac06c7 1807220 exiv2_0.17.1.orig.tar.gz
a318dd7ed4024bf7afd7a3887b87a81e227986e0 8948 exiv2_0.17.1-1.diff.gz
b214961db8bfa123b5c2826fc3743dd764a4e3a2 3606268 libexiv2-doc_0.17.1-1_all.deb
a1bf9b20014535132dfd18a290826dc421798fb8 96298 exiv2_0.17.1-1_powerpc.deb
f80c6d7cd3aa04078a833ce4b9c01b29509489a4 658406 libexiv2-4_0.17.1-1_powerpc.deb
fdb2a5775b8c76a0c8c37a9972677ff7e168c066 1373722
libexiv2-dev_0.17.1-1_powerpc.deb
Checksums-Sha256:
674319b1fd2f7b0cf1e55617483f4e24ceb375f6c6bddbb1f94b82e440a9f935 1368
exiv2_0.17.1-1.dsc
6b5516159a1068e6253c787e391288e1b170bc702553c7121c4b693b293704cb 1807220
exiv2_0.17.1.orig.tar.gz
5d05da45a36cbd2f9c898a010164b8c3cc4622d73211e6b7c8d7e22da2dda1c2 8948
exiv2_0.17.1-1.diff.gz
a154fd4f5764723341c9fcb8d2808e54125e5ed3503bf2ebe26c83d58e5f0240 3606268
libexiv2-doc_0.17.1-1_all.deb
b9fa85f8fa236021721a7a08a88d5ce035393e4fe5e6e75f2cae976beb09a7af 96298
exiv2_0.17.1-1_powerpc.deb
1105edf1c4a6567c0651938a444bbad4c7712efc892e7d621b85c2f0b3218728 658406
libexiv2-4_0.17.1-1_powerpc.deb
122c6d6245f8c860d851b72b312f707ef049f03bae4690e51b4d65ecb6789253 1373722
libexiv2-dev_0.17.1-1_powerpc.deb
Files:
6f59a29ae32dc1d90a393b2fcd2be82d 1368 graphics optional exiv2_0.17.1-1.dsc
52a602f4f0d9e89b7084ac795b7547ac 1807220 graphics optional
exiv2_0.17.1.orig.tar.gz
4f8298dac3e9c3b4657f412597f7993e 8948 graphics optional exiv2_0.17.1-1.diff.gz
6111945daf9b0e40ef562b5c623b667f 3606268 doc optional
libexiv2-doc_0.17.1-1_all.deb
d352fdc790fb8c860875b96a268c01a5 96298 graphics optional
exiv2_0.17.1-1_powerpc.deb
001d9638486baff7cd2511eb450fb24a 658406 libs optional
libexiv2-4_0.17.1-1_powerpc.deb
6eafbb9a92fdc936f1a3be1ffb848841 1373722 libdevel optional
libexiv2-dev_0.17.1-1_powerpc.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkhci4gACgkQoCzanz0IthKsCgCgm0uW/yMpqV6E00LQ1xQ17+1a
pLUAni9dgd68LglRRJasyQepNcJ484pH
=eXWa
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
pkg-kde-extras mailing list
pkg-kde-extras@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-kde-extras
