Your message dated Wed, 12 Nov 2008 21:47:06 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#505399: fixed in optipng 0.6.1.1-1 has caused the Debian Bug report #505399, regarding SA32651: OptiPNG BMP Reader Buffer Overflow Vulnerability to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 505399: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505399 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems
--- Begin Message ---Package: optipng Severity: grave Tags: security Hi, The following SA (Secunia Advisory) id was published for Nagios. SA32651[1]: > A vulnerability has been reported in OptiPNG, which potentially can be > exploited by malicious people to compromise a user's system. > > The vulnerability is caused due to a boundary error in the BMP reader and > can be exploited to cause a buffer overflow by tricking a user into > processing a specially crafted file. > > Successful exploitation may allow execution of arbitrary code. > > The vulnerability is reported in versions prior to 0.6.2. If you fix the vulnerability please also make sure to include the SA id (or the CVE id when one is assigned) in the changelog entry. [1]http://secunia.com/Advisories/32651/ Cheers, -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.netsignature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---Source: optipng Source-Version: 0.6.1.1-1 We believe that the bug you reported is fixed in the latest version of optipng, which is due to be installed in the Debian FTP archive: optipng_0.6.1.1-1.diff.gz to pool/main/o/optipng/optipng_0.6.1.1-1.diff.gz optipng_0.6.1.1-1.dsc to pool/main/o/optipng/optipng_0.6.1.1-1.dsc optipng_0.6.1.1-1_i386.deb to pool/main/o/optipng/optipng_0.6.1.1-1_i386.deb optipng_0.6.1.1.orig.tar.gz to pool/main/o/optipng/optipng_0.6.1.1.orig.tar.gz A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Nelson A. de Oliveira <[EMAIL PROTECTED]> (supplier of updated optipng package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Wed, 12 Nov 2008 08:40:50 -0200 Source: optipng Binary: optipng Architecture: source i386 Version: 0.6.1.1-1 Distribution: unstable Urgency: high Maintainer: Nelson A. de Oliveira <[EMAIL PROTECTED]> Changed-By: Nelson A. de Oliveira <[EMAIL PROTECTED]> Description: optipng - advanced PNG (Portable Network Graphics) optimizer Closes: 505399 Changes: optipng (0.6.1.1-1) unstable; urgency=high . * New upstream release (kindly provided by Cosmin TruĊ£a, fixing only the security issue found in version 0.6.1): - fix array overflow in the BMP reader (Closes: #505399). This is Secunia Advisory SA32651. * Fix broken link /usr/share/doc/optipng/changelog.gz. Checksums-Sha1: 09739b6ffc981f08d04479994551831003303854 1037 optipng_0.6.1.1-1.dsc e70d6ac0400dd41fc71d7125e70f75efa0be10bc 108428 optipng_0.6.1.1.orig.tar.gz ed7129cfee439b7426dfc26431584867850f9e16 3275 optipng_0.6.1.1-1.diff.gz a2114ab433bcf221117de362c6f95ff1c3ea3a99 76276 optipng_0.6.1.1-1_i386.deb Checksums-Sha256: 31debcb91d7372fbae9ffbb92680cf1c1cceb991238afa10f1e855b311d88a73 1037 optipng_0.6.1.1-1.dsc ac837556fb617c9e2a570b8b968b505d07ebc1bee46e5314156add922b53b1fa 108428 optipng_0.6.1.1.orig.tar.gz 0c6c8195fa770ac7e5f668266e542f0027966026e0451ff6a6234c2f2a980eb0 3275 optipng_0.6.1.1-1.diff.gz 4e78f56268dfcbb59647ded41bdeec2c3293889988c0042772af01cb6596d4aa 76276 optipng_0.6.1.1-1_i386.deb Files: 3cad0afd4e9b96662707756077071e1b 1037 graphics optional optipng_0.6.1.1-1.dsc 92b94f3c19452ad73efd4a728196e087 108428 graphics optional optipng_0.6.1.1.orig.tar.gz ec35eb332fbda2027e50e3286bec7c0e 3275 graphics optional optipng_0.6.1.1-1.diff.gz efccdded681fdf6616dabb6e00f4524c 76276 graphics optional optipng_0.6.1.1-1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkkbTQoACgkQAQwuptkwlkQO6wCdFgTa3hDy/znW0aECFtF36Wls 4X0AoITf8u7h9YSBH5f0KqzowqQLBS3v =iOmN -----END PGP SIGNATURE-----
--- End Message ---