Your message dated Mon, 08 Apr 2013 04:03:08 +0000
with message-id <e1up3is-00049k...@franck.debian.org>
and subject line Bug#704573: fixed in libwebp 0.1.3-3+nmu1
has caused the Debian Bug report #704573,
regarding libwebp: cve-2012-5127
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
704573: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704573
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libwebp
Severity: serious
Version: 0.1.3-3
Tags: security
Hi,
the following vulnerability was published for libwebp.
CVE-2012-5127[0]:
| Integer overflow in Google Chrome before 23.0.1271.64 allows remote
| attackers to cause a denial of service (out-of-bounds read) or
| possibly have unspecified other impact via a crafted WebP image.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5127
http://security-tracker.debian.org/tracker/CVE-2012-5127
--- End Message ---
--- Begin Message ---
Source: libwebp
Source-Version: 0.1.3-3+nmu1
We believe that the bug you reported is fixed in the latest version of
libwebp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 704...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Gilbert <mgilb...@debian.org> (supplier of updated libwebp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 03 Apr 2013 02:54:20 +0000
Source: libwebp
Binary: libwebp-dev libwebp2 webp
Architecture: source amd64
Version: 0.1.3-3+nmu1
Distribution: unstable
Urgency: high
Maintainer: Jeff Breidenbach <j...@debian.org>
Changed-By: Michael Gilbert <mgilb...@debian.org>
Description:
libwebp-dev - Lossy compression of digital photographic images.
libwebp2 - Lossy compression of digital photographic images.
webp - Lossy compression of digital photographic images.
Closes: 704573
Changes:
libwebp (0.1.3-3+nmu1) unstable; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix cve-2012-5127: integer overflows in src/dec/webp.c (closes: #704573).
Checksums-Sha1:
ed83641241d320bc3dfc0afac39f63d810955549 2547 libwebp_0.1.3-3+nmu1.dsc
ed3e209c51c5954f52a509077a322c32a34cc7cd 3552
libwebp_0.1.3-3+nmu1.debian.tar.gz
c9772f9085c62cce09e9249bfe63ecd3698cf66b 149714
libwebp-dev_0.1.3-3+nmu1_amd64.deb
cc650d4f837223cad69c8d634829f408f0281d91 113976 libwebp2_0.1.3-3+nmu1_amd64.deb
d738053b39511633cce3329900c800e815043532 28498 webp_0.1.3-3+nmu1_amd64.deb
Checksums-Sha256:
ad0d61554cfd51903ead08a4708d26a717dfbb798b726cf9cd5977b01c643d58 2547
libwebp_0.1.3-3+nmu1.dsc
992fafcfd1eff4c71922e0e59707a7cc1d24f493ac73cb0a25b140562b3e4b57 3552
libwebp_0.1.3-3+nmu1.debian.tar.gz
9c837512864884f5afbb2ea36e7eb21758ffecf0763b8996c0264671a79704af 149714
libwebp-dev_0.1.3-3+nmu1_amd64.deb
f9467c3fa89086ed9f79e412ad54d407ac6bb941b5475775bf1bb16b68a1ac16 113976
libwebp2_0.1.3-3+nmu1_amd64.deb
9951fe6508ea3f18f03da37f81ba2634317f2d5ab80cf508d043e571d27e58dd 28498
webp_0.1.3-3+nmu1_amd64.deb
Files:
31bd74268e6d7d8159142ec8e65ab5ac 2547 libs extra libwebp_0.1.3-3+nmu1.dsc
bcf0e4990bc0af04d9f3282fd6e7a557 3552 libs extra
libwebp_0.1.3-3+nmu1.debian.tar.gz
0e7498b0b1ece7c8e7cc2f3ef11bc491 149714 libdevel extra
libwebp-dev_0.1.3-3+nmu1_amd64.deb
7c17b7c7310ae9b6989983cd90bbf417 113976 libs extra
libwebp2_0.1.3-3+nmu1_amd64.deb
e93fdd32bc9c6b0c219a46de09411e48 28498 graphics extra
webp_0.1.3-3+nmu1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQQcBAEBCAAGBQJRW6KmAAoJELjWss0C1vRzji4f/2C5/HYo0cODRLvOmBDmjAel
/c2qJ3E9s46h27/29+wqsaEURQj7LsYXnd9kT3ZB9TBtF4633+7wsC9+B+r6cc5E
YcoNgcMVVB15P/Sm3YbUwEUOo2+3tgRIi0486f9a3//S3g9jmiFWWaVmDjNHjs5W
N36d7IHyuLjLVTU0x9HLmfJq7YYRHWt4sxxWaA8sbk0A5iXzEKSFrP9YXJQMs2Fa
ZiWEyIJEg27AR7r2Dqq9j2Bo9fFls9uBdHdJMOdHFKUeQmC5aybJfs4u1i2L1Nv5
j8abq3sDO8SqmYN+OEvBE2nOdpE8U5nejHMq2TQt1+1CyQRAcrv5Wpv8CHb67ORc
S5b5i4QP/mzjf45g+vX7DPqY6gGKIiIc+B7QrpqrwmYA8x6ly2ESjCezq5K4Lk/b
gYYKd6uRy67Ny2eGxUW1AlA0nNA5nxYX99vxCwwtwwDcjCXWWO75Dp17ThxvocwY
MDIOR+ZIdYZ7tHUbTh3svEoRTko4ECkrA/h2KXn4Eh7Shf/be2vU8M5Jt0lX6KaZ
e7Poxm6qLF3HSeCGMUh+lE7+ONMaA8K/nIRCzZYBKSVgv+5h45zVF43BJ9WBJll/
mNwCKfrHOPCkGgRjWhgMEX72pqsAXIyS2RBYPt+jRRkLRcPd0ya/O3DtSYk4Vwzz
iy5dXQUC706ZhY0zK9AfgvYWF0yJpYB0cVDI5cPkh4BxRa7/1/D395zeV7lN5NE2
rRyJagsz/LMnIKc4Sk62qvXSifgTQ33ESSj2afXOHaSS2hsbhjg6vWmjK7kydjKF
RGTA8J3xNzlYxOvnBsBdEsdAXR3j/pGJxFlqcloTzjEVbfVnElIEdUagN1xXmT6w
pUlFD1/wLVQ3ZWHcS5iDulHaDe4mfCQsO9Igt/KgAHA6n8Q0Ffw3kxw6+Mknyj/R
JdASmaiUNYQ5ehI502iYdujqXBvjKFLyuUQ8efhW9jtv4Xv2DuC/saBciqdCgCJx
MiiUrktNHiNyIdGxp3nN7KygLzis+EPp9964zG856Y9MflU6ZuLSkxwUe1FJEkPL
1zv1Q4uN7ZRJoVaaPQ26bICx0l3hMu0az8U+4HApmemF/0qSNy+i9NZtnoXeiMnW
mNxYD+5njaZScb6JthMA27AiCVfLxsdhVCuUfO46CcVFt0KnCIbWMl28v4Wf1/2M
0NMaQ6Q5EeEodLTsi0+0Z1mcesnpn0e/hqzqA1CVK+bPdsnrgabauQ6PJojQjEXp
5n8G1pmi0id6Cg6qofqtZLrzMunUwNRVcTrBRGS2ilUHJWh3WPyux2oEXm7zhv95
PIWWto7xQFLfSiSjGnr7/yEwxcX8Mfqg+QhQrFILTK854A0zlifHQc0lj20PCZI=
=PSKf
-----END PGP SIGNATURE-----
--- End Message ---
