Debian Bug report logs -
#929597
CVE-2019-12211 CVE-2019-12212 CVE-2019-12213 CVE-2019-12214
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian Science Maintainers <debian-science-maintainers@lists.alioth.debian.org>:
Bug#929597; Package src:freeimage.
(Sun, 26 May 2019 19:27:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian Science Maintainers <debian-science-maintainers@lists.alioth.debian.org>.
(Sun, 26 May 2019 19:27:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: freeimage
Severity: grave
Tags: security
Please see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12211
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12212
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12214
Cheers,
Moritz
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Science Maintainers <debian-science-maintainers@lists.alioth.debian.org>:
Bug#929597; Package src:freeimage.
(Sun, 26 May 2019 20:03:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Anton Gladky <gladk@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Science Maintainers <debian-science-maintainers@lists.alioth.debian.org>.
(Sun, 26 May 2019 20:03:05 GMT) (full text, mbox, link).
Message #10 received at 929597@bugs.debian.org (full text, mbox, reply):
Hi Moritz,
thanks for the reporting. As far as I see, there is still
no available fix from upstream.
Cheers
Anton
Am So., 26. Mai 2019 um 21:27 Uhr schrieb Moritz Muehlenhoff <jmm@debian.org>:
>
> Source: freeimage
> Severity: grave
> Tags: security
>
> Please see
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12211
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12212
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12213
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12214
>
> Cheers,
> Moritz
>
> --
> debian-science-maintainers mailing list
> debian-science-maintainers@alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
Marked as found in versions freeimage/3.18.0+ds2-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Mon, 27 May 2019 11:03:05 GMT) (full text, mbox, link).
Added tag(s) upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Mon, 27 May 2019 11:03:07 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Science Maintainers <debian-science-maintainers@lists.alioth.debian.org>:
Bug#929597; Package src:freeimage.
(Mon, 27 May 2019 21:03:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Anton Gladky <gladk@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Science Maintainers <debian-science-maintainers@lists.alioth.debian.org>.
(Mon, 27 May 2019 21:03:03 GMT) (full text, mbox, link).
Message #21 received at 929597@bugs.debian.org (full text, mbox, reply):
CVE-2019-12214 does not affect buster and stretch.
Jessie should be double checked because an older
version is used there.
Anton
Am So., 26. Mai 2019 um 22:01 Uhr schrieb Anton Gladky <gladk@debian.org>:
>
> Hi Moritz,
>
> thanks for the reporting. As far as I see, there is still
> no available fix from upstream.
>
> Cheers
>
> Anton
>
> Am So., 26. Mai 2019 um 21:27 Uhr schrieb Moritz Muehlenhoff <jmm@debian.org>:
> >
> > Source: freeimage
> > Severity: grave
> > Tags: security
> >
> > Please see
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12211
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12212
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12213
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12214
> >
> > Cheers,
> > Moritz
> >
> > --
> > debian-science-maintainers mailing list
> > debian-science-maintainers@alioth-lists.debian.net
> > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Science Maintainers <debian-science-maintainers@lists.alioth.debian.org>:
Bug#929597; Package src:freeimage.
(Mon, 03 Jun 2019 18:27:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Anton Gladky <gladk@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Science Maintainers <debian-science-maintainers@lists.alioth.debian.org>.
(Mon, 03 Jun 2019 18:27:03 GMT) (full text, mbox, link).
Message #26 received at 929597@bugs.debian.org (full text, mbox, reply):
There is no upstream fix still available.
I am planning to decrease the severity of
the ticket to normal and track it as a simple
security issue.
Anton
Am Mo., 27. Mai 2019 um 23:01 Uhr schrieb Anton Gladky <gladk@debian.org>:
>
> CVE-2019-12214 does not affect buster and stretch.
> Jessie should be double checked because an older
> version is used there.
>
> Anton
>
> Am So., 26. Mai 2019 um 22:01 Uhr schrieb Anton Gladky <gladk@debian.org>:
> >
> > Hi Moritz,
> >
> > thanks for the reporting. As far as I see, there is still
> > no available fix from upstream.
> >
> > Cheers
> >
> > Anton
> >
> > Am So., 26. Mai 2019 um 21:27 Uhr schrieb Moritz Muehlenhoff <jmm@debian.org>:
> > >
> > > Source: freeimage
> > > Severity: grave
> > > Tags: security
> > >
> > > Please see
> > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12211
> > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12212
> > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12213
> > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12214
> > >
> > > Cheers,
> > > Moritz
> > >
> > > --
> > > debian-science-maintainers mailing list
> > > debian-science-maintainers@alioth-lists.debian.net
> > > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Science Maintainers <debian-science-maintainers@lists.alioth.debian.org>:
Bug#929597; Package src:freeimage.
(Tue, 04 Jun 2019 18:24:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Anton Gladky <gladk@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Science Maintainers <debian-science-maintainers@lists.alioth.debian.org>.
(Tue, 04 Jun 2019 18:24:03 GMT) (full text, mbox, link).
Message #31 received at 929597@bugs.debian.org (full text, mbox, reply):
severity 929597 important
thanks
The fix from upstream is still not available. I am not feeling
confident enough to provide a fix for this complex peace
of code without breaking it.
Also reducing the severity. If the security team decides to
keep it "grave" - feel free to revert it.
Regards
Anton
Am Mo., 3. Juni 2019 um 20:23 Uhr schrieb Anton Gladky <gladk@debian.org>:
>
> There is no upstream fix still available.
>
> I am planning to decrease the severity of
> the ticket to normal and track it as a simple
> security issue.
>
> Anton
>
> Am Mo., 27. Mai 2019 um 23:01 Uhr schrieb Anton Gladky <gladk@debian.org>:
> >
> > CVE-2019-12214 does not affect buster and stretch.
> > Jessie should be double checked because an older
> > version is used there.
> >
> > Anton
> >
> > Am So., 26. Mai 2019 um 22:01 Uhr schrieb Anton Gladky <gladk@debian.org>:
> > >
> > > Hi Moritz,
> > >
> > > thanks for the reporting. As far as I see, there is still
> > > no available fix from upstream.
> > >
> > > Cheers
> > >
> > > Anton
> > >
> > > Am So., 26. Mai 2019 um 21:27 Uhr schrieb Moritz Muehlenhoff <jmm@debian.org>:
> > > >
> > > > Source: freeimage
> > > > Severity: grave
> > > > Tags: security
> > > >
> > > > Please see
> > > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12211
> > > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12212
> > > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12213
> > > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12214
> > > >
> > > > Cheers,
> > > > Moritz
> > > >
> > > > --
> > > > debian-science-maintainers mailing list
> > > > debian-science-maintainers@alioth-lists.debian.net
> > > > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
Severity set to 'important' from 'grave'
Request was from Anton Gladky <gladk@debian.org>
to control@bugs.debian.org.
(Tue, 04 Jun 2019 18:24:04 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Science Maintainers <debian-science-maintainers@lists.alioth.debian.org>:
Bug#929597; Package src:freeimage.
(Tue, 04 Jun 2019 20:45:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Debian Science Maintainers <debian-science-maintainers@lists.alioth.debian.org>.
(Tue, 04 Jun 2019 20:45:03 GMT) (full text, mbox, link).
Message #38 received at 929597@bugs.debian.org (full text, mbox, reply):
On Tue, Jun 04, 2019 at 08:20:33PM +0200, Anton Gladky wrote:
> severity 929597 important
> thanks
>
> The fix from upstream is still not available. I am not feeling
> confident enough to provide a fix for this complex peace
> of code without breaking it.
>
> Also reducing the severity. If the security team decides to
> keep it "grave" - feel free to revert it.
Fine, but we still need to fix it once properly fixed upstream.
Cheers,
Moritz
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:49:37 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon