xzgv: exploitable buffer overflow with crafted JPEG images [CVE-2006-1060]

Debian Bug report logs - #362288
xzgv: exploitable buffer overflow with crafted JPEG images [CVE-2006-1060]

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Martin Pitt <martin.pitt@canonical.com>

To: Debian BTS Submit <submit@bugs.debian.org>

Subject: xzgv: exploitable buffer overflow with crafted JPEG images [CVE-2006-1060]

Date: Thu, 13 Apr 2006 09:50:18 +0200

[Message part 1 (text/plain, inline)]

Package: xzgv
Version: 0.8-5
Severity: grave
Tags: security patch

Hi,

recently an exploitable buffer overflow was discovered in xzgv, please
see here for some details and some further URLs:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1060

Please mention the CVE number in the changelog when you fix this to
ease tracking.

I attach a test case jpg, and the patch from upstream.

Thank you!

Martin
-- 
Martin Pitt        http://www.piware.de
Ubuntu Developer   http://www.ubuntu.com
Debian Developer   http://www.debian.org

In a world without walls and fences, who needs Windows and Gates?

[xzgv-0.8-patched-cmyk-ycck-fix.diff (text/plain, attachment)]

[xzgv.CVE-2006-1060.jpg (image/jpeg, attachment)]

[signature.asc (application/pgp-signature, inline)]

Message #10 received at 362288-submitter@bugs.debian.org (full text, mbox, reply):

From: "Adam D. Barratt" <debian-bts@adam-barratt.org.uk>

To: 362288-submitter@bugs.debian.org

Subject: Debian bug #362288

Date: Thu, 26 Oct 2006 22:15:41 +0100

Hi,

You should have recently received (or will soon receive) an e-mail
telling you that I've closed Debian bug #362288 in the xzgv 
package, which you reported.

Due to the fact that the package was uploaded by someone who does not
normally do so, the bug was marked as "fixed" rather than closed.

Debian's bug tracking system now allows for this information to be
recorded in a more useful manner, enabling these bugs to be closed.

Due to the volume of bugs affected by this change, we are unfortunately
not sending individualized explanations for each bug. If you have
questions about the fix for your particular bug or about this email,
please contact me directly or follow up to the bug report in the Debian
BTS.

[It's possible you may receive multiple messages stating that the bug
was fixed in several different versions of the package. There are two
common reasons for this:

  - the bug was fixed in one version but subsequently found to exist
    in a later version

  - the bug existed in multiple distributions (for instance, "unstable"
    and "stable") and was thus fixed in a separate upload to each
    distribution
]

Regards,

Adam

Message #21 received at 362288-done@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>

To: 362288-done@bugs.debian.org

Subject: Closing old security bug with versioning

Date: Mon, 11 Aug 2008 19:28:23 +0200

Version: 0.8-5.1

Message #26 received at 362288-done@bugs.debian.org (full text, mbox, reply):

From: Thijs Kinkhorst <thijs@debian.org>

To: 362288-done@bugs.debian.org

Subject: Closing old security bug with versioning 2

Date: Wed, 13 Aug 2008 10:04:00 +0200

Version: 0.9+svn34-1

Also closed in this version that is actually in the changelog.

Send a report that this bug log contains spam.