Your message dated Sun, 12 Nov 2006 06:50:02 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#395382: fixed in giflib 4.1.4-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: giflib3g
Version: 3.0-11
Severity: grave
Justification: user security hole
Hello,
It appears that all versions of giflib in Debian (3.0-11 in Sarge,
3.0-12 in Etch/Sid) are vulnerable to CVE-2005-2974 and CVE-2005-3350,
which were fixed for giflib and libungif in version 4.1.4 upstream.
See:
http://packages.debian.org/changelogs/pool/main/libu/libungif4/current/changelog#year2005
I will submit a diff against 3.0-12 for a proposed NMU to this bug as
soon as the BTS gives me a bug number back.
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-3-k7
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
regards,
--
Kevin B. McCarty <[EMAIL PROTECTED]> Physics Department
WWW: http://www.princeton.edu/~kmccarty/ Princeton University
GPG: public key ID 4F83C751 Princeton, NJ 08544
--- End Message ---
--- Begin Message ---
Source: giflib
Source-Version: 4.1.4-1
We believe that the bug you reported is fixed in the latest version of
giflib, which is due to be installed in the Debian FTP archive:
giflib-dbg_4.1.4-1_i386.deb
to pool/main/g/giflib/giflib-dbg_4.1.4-1_i386.deb
giflib-tools_4.1.4-1_i386.deb
to pool/main/g/giflib/giflib-tools_4.1.4-1_i386.deb
giflib_4.1.4-1.diff.gz
to pool/main/g/giflib/giflib_4.1.4-1.diff.gz
giflib_4.1.4-1.dsc
to pool/main/g/giflib/giflib_4.1.4-1.dsc
giflib_4.1.4.orig.tar.gz
to pool/main/g/giflib/giflib_4.1.4.orig.tar.gz
libgif-dev_4.1.4-1_i386.deb
to pool/main/g/giflib/libgif-dev_4.1.4-1_i386.deb
libgif4_4.1.4-1_i386.deb
to pool/main/g/giflib/libgif4_4.1.4-1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Daniel Baumann <[EMAIL PROTECTED]> (supplier of updated giflib package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 2 Nov 2006 20:39:00 +0100
Source: giflib
Binary: giflib-dbg giflib-tools libgif-dev libgif4
Architecture: source i386
Version: 4.1.4-1
Distribution: unstable
Urgency: low
Maintainer: Daniel Baumann <[EMAIL PROTECTED]>
Changed-By: Daniel Baumann <[EMAIL PROTECTED]>
Description:
giflib-dbg - library for GIF images (debug)
giflib-tools - library for GIF images (utilities)
libgif-dev - library for GIF images (development)
libgif4 - library for GIF images (library)
Closes: 328665 395382 395388
Changes:
giflib (4.1.4-1) unstable; urgency=low
.
* Took over package from Pawel.
* New upstream release (Closes: #395388):
- This is giflib 4.x, replacing giflib 3.x. No package in the archive has
to
be transitioned. After etch, giflib will replace libungif (all alleged
patents
are expired all over the world).
- doesn't contain gif2x11 (Closes: #328665)
- isn't affected by CVE-2005-2974 and CVE-2005-3350 (Closes: #395382).
* Redone debian directory based on current debhelper templates, additionally:
- added watch file.
- added debug package.
Files:
e2303bfba65c12e2ce75211049e18c66 609 libs optional giflib_4.1.4-1.dsc
950943daa71350a558c3edf41c3f0f9f 605811 libs optional giflib_4.1.4.orig.tar.gz
a6617ccf072b4e84d5b5865d70959378 18597 libs optional giflib_4.1.4-1.diff.gz
ab2581d3a1a807ce9b95071709b9a6e0 157758 libdevel extra
giflib-dbg_4.1.4-1_i386.deb
0575eb334daa917b717b361e04ea92c0 160222 utils optional
giflib-tools_4.1.4-1_i386.deb
78c1da240682fd385e1186c66ab41135 36686 libs optional libgif4_4.1.4-1_i386.deb
c83a183a968873ed1245b87ebe17d3e8 40634 libdevel optional
libgif-dev_4.1.4-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFSlfj+C5cwEsrK54RAjQiAKCQNfmFy74Wk6yiYJBIIUYqAT98tACeNT5u
LQpLINhK43D0vWbT6rns1QQ=
=fjo4
-----END PGP SIGNATURE-----
--- End Message ---
