[Pkg-phototools-devel] Bug#697806: marked as done (openjpeg: obnoxious advertising clause can probably be dropped)
Your message dated Wed, 2 Apr 2014 09:08:23 +0200 with message-id ca+7wusz-p037l7dx43prcc71mj-usojjkrp5vkqv5jlqenc...@mail.gmail.com and subject line has caused the Debian Bug report #697806, regarding openjpeg: obnoxious advertising clause can probably be dropped to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 697806: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697806 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: openjpeg Version: 1.5.1-1 Severity: normal Hello and thanks for maintaining this package in Debian! The debian/copyright file states, in part: | Files: applications/common/opj_getopt.c | Copyright: © 1987, 1993-1994, The Regents of the University of California. | License: BSD-4 and then quotes the 4-clause BSD license with the so-called OAC (Obnoxious Advertising Clause, clause #3 in the 4-clause BSD license): | 3. All advertising materials mentioning features or use of this software | must display the following acknowledgement: | This product includes software developed by the University of | California, Berkeley and its contributors. This file is copyrighted by The Regents of the University of California. If it comes from some version of a BSD distribution, I think that the OAC may be dropped, thanks to the global re-licensing statement that may be found at ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change Please consider modifying the debian/copyright file accordingly. I think that this would clarify that the package is indeed GPL-compatible. Thanks for your time! P.S.: Please note that the machine readable format prescribes the names BSD-2-clause, BSD-3-clause, and BSD-4-clause (rather than BSD-2, BSD-3, and BSD-4)! Please fix the debian/copyright file... ---End Message--- ---BeginMessage--- Control: fixed -1 1.5.2-2 You're looking at the wrong place. closing.---End Message--- ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#743372: openjpeg: CVE-2014-0158: Heap-based buffer overflow in JPEG2000 image tile decoder
Source: openjpeg Severity: grave Tags: security upstream Hi, the following vulnerability was published for openjpeg. CVE-2014-0158[0]: Heap-based buffer overflow in JPEG2000 image tile decoder More information are on the Red Hat bugzilla[1]. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities Exposures) id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0158 https://security-tracker.debian.org/tracker/CVE-2014-0158 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1082925 Please adjust the affected versions in the BTS as needed. I only quickly checked unstable which seems to apply. Could you check if oldstable and stable are also affected by this problem? Regards, Salvatore ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] 2 Pkg-phototools-commits moderator request(s) waiting
The pkg-phototools-comm...@lists.alioth.debian.org mailing list has 2 request(s) waiting for your consideration at: http://lists.alioth.debian.org/cgi-bin/mailman/admindb/pkg-phototools-commits Please attend to this at your earliest convenience. This notice of pending requests, if any, will be sent out daily. Pending posts: From: ma...@moszumanska.debian.org on Tue Apr 1 13:45:11 2014 Subject: [openjpeg] branch master updated (14810ce - db2cba5) Cause: Post by non-member to a members-only list From: ma...@moszumanska.debian.org on Tue Apr 1 13:45:11 2014 Subject: [openjpeg] 01/01: prepare next upload: 1.5.2-2 Cause: Post by non-member to a members-only list ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#743372: marked as done (openjpeg: CVE-2014-0158: Heap-based buffer overflow in JPEG2000 image tile decoder)
Your message dated Wed, 2 Apr 2014 11:08:22 +0200 with message-id 20140402090822.GA11252@eldamar.local and subject line Re: Bug#743372: openjpeg: CVE-2014-0158: Heap-based buffer overflow in JPEG2000 image tile decoder has caused the Debian Bug report #743372, regarding openjpeg: CVE-2014-0158: Heap-based buffer overflow in JPEG2000 image tile decoder to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 743372: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743372 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: openjpeg Severity: grave Tags: security upstream Hi, the following vulnerability was published for openjpeg. CVE-2014-0158[0]: Heap-based buffer overflow in JPEG2000 image tile decoder More information are on the Red Hat bugzilla[1]. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities Exposures) id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0158 https://security-tracker.debian.org/tracker/CVE-2014-0158 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1082925 Please adjust the affected versions in the BTS as needed. I only quickly checked unstable which seems to apply. Could you check if oldstable and stable are also affected by this problem? Regards, Salvatore ---End Message--- ---BeginMessage--- On Wed, Apr 02, 2014 at 09:33:26AM +0200, Salvatore Bonaccorso wrote: [...] the following vulnerability was published for openjpeg. CVE-2014-0158[0]: Heap-based buffer overflow in JPEG2000 image tile decoder More information are on the Red Hat bugzilla[1]. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities Exposures) id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0158 https://security-tracker.debian.org/tracker/CVE-2014-0158 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1082925 Please adjust the affected versions in the BTS as needed. I only quickly checked unstable which seems to apply. Could you check if oldstable and stable are also affected by this problem? This is a dublicate of CVE-2013-1447, see [1]. [1] http://www.openwall.com/lists/oss-security/2014/04/02/2 Closing the bugreport, sorry for the noise. Regards, Salvatore---End Message--- ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] feh 2.10-1 MIGRATED to testing
FYI: The status of the feh source package in Debian's testing distribution has changed. Previous version: 2.9.3-1 Current version: 2.10-1 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See http://release.debian.org/testing-watch/ for more information. ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#697806: closed by Mathieu Malaterre ma...@debian.org ()
On Wed, 02 Apr 2014 07:12:17 + Debian Bug Tracking System wrote: [...] You're looking at the wrong place. closing. Dear Mathieu, this is getting a bit frustrating: could you please elaborate? If I am looking at the wrong place, where should I look at? Why the upstream modification of the applications/common/opj_getopt.c file [1] does not seem to appear on the git repository for the Debian package [2]? [1] https://code.google.com/p/openjpeg/source/diff?spec=svn2750r=2750format=sidepath=/branches/openjpeg-1.5/applications/common/opj_getopt.c [2] http://anonscm.debian.org/gitweb/?p=pkg-phototools/openjpeg.git;a=blob;f=applications/common/opj_getopt.c;h=252d83596ae6d7d1c51a382860acc2107e086c04;hb=db2cba581e873122f739f3bf47629fd531d80963 I tried to look at the patches [3], but I failed to find one that removes the OAC from the above-mentioned file... [3] http://anonscm.debian.org/gitweb/?p=pkg-phototools/openjpeg.git;a=tree;f=debian/patches;h=fc6a5066efc98a79c07c5706e164a48e23761fc3;hb=db2cba581e873122f739f3bf47629fd531d80963 I am afraid that I will never understand, if you keep replying with short sentences like the one quoted above... :-( Could you please be a little more explicit? Thanks for your time and patience. -- http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt New GnuPG key, see the transition document! . Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE pgp8nhsBE0BJx.pgp Description: PGP signature ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel