Debian Bug report logs -
#351639
netpbm: [CVE-2005-3632, CVE-2005-3662] multiple buffer overflows in pnmtopng
Reported by: Martin Pitt <mpitt@debian.org>
Date: Mon, 6 Feb 2006 11:48:02 UTC
Severity: critical
Tags: confirmed, fixed, patch, security
Found in version netpbm/2:10.0-10
Fixed in version 2:10.0-10.1
Done: "Adam D. Barratt" <debian-bts@adam-barratt.org.uk>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Andreas Barth <aba@not.so.argh.org>:
Bug#351639; Package netpbm.
(full text, mbox, link).
Acknowledgement sent to Martin Pitt <mpitt@debian.org>:
New Bug report received and forwarded. Copy sent to Andreas Barth <aba@not.so.argh.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: netpbm
Version: 2:10.0-10
Severity: critical
Tags: security patch confirmed
Hi!
Over 3 months ago, DSA-904-1 announced that these two vulnerabilities
would be fixed in -11, but unstable is still vulnerable to these
issues. Please pull the fixes from sarge-security.
http://www.debian.org/security/2005/dsa-904
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3632
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3662
Please mention the CVE numbers in the changelog when you fix this.
Thank you,
Martin
--
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntu.com
Debian Developer http://www.debian.org
In a world without walls and fences, who needs Windows and Gates?
[signature.asc (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Andreas Barth <aba@not.so.argh.org>:
Bug#351639; Package netpbm.
(full text, mbox, link).
Acknowledgement sent to Martin Pitt <martin.pitt@ubuntu.com>:
Extra info received and forwarded to list. Copy sent to Andreas Barth <aba@not.so.argh.org>.
(full text, mbox, link).
Message #10 received at 351639@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi!
You can get the Ubuntu patch from
http://patches.ubuntu.com/patches/netpbm-free.CVE-2006-3662_3632.diff
Thanks,
Martin
--
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntu.com
Debian Developer http://www.debian.org
In a world without walls and fences, who needs Windows and Gates?
[signature.asc (application/pgp-signature, inline)]
Tags added: fixed
Request was from Florian Weimer <fw@deneb.enyo.de>
to control@bugs.debian.org.
(full text, mbox, link).
Bug marked as fixed in version 2:10.0-10.1, send any further explanations to Martin Pitt <mpitt@debian.org>
Request was from "Adam D. Barratt" <debian-bts@adam-barratt.org.uk>
to control@bugs.debian.org.
(full text, mbox, link).
Message sent on to Martin Pitt <mpitt@debian.org>:
Bug#351639.
(full text, mbox, link).
Message #17 received at 351639-submitter@bugs.debian.org (full text, mbox, reply):
Hi,
You should have recently received (or will soon receive) an e-mail
telling you that I've closed Debian bug #351639 in the netpbm
package, which you reported.
Due to the fact that the package was uploaded by someone who does not
normally do so, the bug was marked as "fixed" rather than closed.
Debian's bug tracking system now allows for this information to be
recorded in a more useful manner, enabling these bugs to be closed.
Due to the volume of bugs affected by this change, we are unfortunately
not sending individualized explanations for each bug. If you have
questions about the fix for your particular bug or about this email,
please contact me directly or follow up to the bug report in the Debian
BTS.
[It's possible you may receive multiple messages stating that the bug
was fixed in several different versions of the package. There are two
common reasons for this:
- the bug was fixed in one version but subsequently found to exist
in a later version
- the bug existed in multiple distributions (for instance, "unstable"
and "stable") and was thus fixed in a separate upload to each
distribution
]
Regards,
Adam
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 25 Jun 2007 07:27:19 GMT) (full text, mbox, link).
Bug unarchived.
Request was from Stefano Zacchiroli <zack@debian.org>
to control@bugs.debian.org.
(Sun, 10 Apr 2011 08:47:44 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 09 May 2011 07:40:29 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:33:24 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon