Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

imlib2: CVE-2008-6079 multiple vulnerabilities

Related Vulnerabilities: CVE-2008-6079  

Source

Debian Bug report logs - #576469
imlib2: CVE-2008-6079 multiple vulnerabilities

version graph

Package: imlib2; Maintainer for imlib2 is Markus Koschany <apo@debian.org>;

Reported by: Michael Gilbert <michael.s.gilbert@gmail.com>

Date: Sun, 4 Apr 2010 22:21:01 UTC

Severity: grave

Tags: security

Found in version 1.4.0-1.2

Fixed in versions 1.4.0-1.2+lenny1, 1.4.2-1

Done: Nico Golde <nion@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, ljlane@debian.org (Laurence J. Lane):
Bug#576469; Package imlib2. (Sun, 04 Apr 2010 22:21:04 GMT) (full text, mbox, link).

Acknowledgement sent to Michael Gilbert <michael.s.gilbert@gmail.com>:
New Bug report received and forwarded. Copy sent to ljlane@debian.org (Laurence J. Lane). (Sun, 04 Apr 2010 22:21:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Michael Gilbert <michael.s.gilbert@gmail.com>
To: submit@bugs.debian.org
Subject: imlib2: CVE-2008-6079 multiple vulnerabilities
Date: Sun, 4 Apr 2010 18:19:05 -0400
Package: imlib2
Version: 1.4.0-1.2
Severity: important
Tags: security

Hi,

the following CVE (Common Vulnerabilities & Exposures) id was
published for imlib2, which is claimed fixed by upstream 1.4.2, which
is already in unstable. lenny is very likely affected, but I can't find
any actionable info, so you will need to touch base upstream to figure
this out.

CVE-2008-6079[0]:
| Multiple unspecified vulnerabilities in imlib2 before 1.4.2 have
| unknown impact and attack vectors.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6079
    http://security-tracker.debian.org/tracker/CVE-2008-6079

Severity set to 'grave' from 'important' Request was from Nico Golde <nion@debian.org> to control@bugs.debian.org. (Mon, 05 Apr 2010 13:27:04 GMT) (full text, mbox, link).

Reply sent to Nico Golde <nion@debian.org>:
You have taken responsibility. (Mon, 05 Apr 2010 13:33:08 GMT) (full text, mbox, link).

Notification sent to Michael Gilbert <michael.s.gilbert@gmail.com>:
Bug acknowledged by developer. (Mon, 05 Apr 2010 13:33:09 GMT) (full text, mbox, link).

Message #12 received at 576469-done@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>
To: Michael Gilbert <michael.s.gilbert@gmail.com>, 576469-done@bugs.debian.org
Subject: Re: Bug#576469: imlib2: CVE-2008-6079 multiple vulnerabilities
Date: Mon, 5 Apr 2010 15:23:19 +0200
[Message part 1 (text/plain, inline)]
Version: 1.4.2-1

Hey,
* Michael Gilbert <michael.s.gilbert@gmail.com> [2010-04-05 00:34]:
> Package: imlib2
> Version: 1.4.0-1.2
> Severity: important

raised the severity

> the following CVE (Common Vulnerabilities & Exposures) id was
> published for imlib2, which is claimed fixed by upstream 1.4.2, which
> is already in unstable. lenny is very likely affected, but I can't find
> any actionable info, so you will need to touch base upstream to figure
> this out.

This is indeed fixed in 1.4.2. For lenny, yes it is affected and actually I 
already identified and backported the fixes to the lenny version. This is 
about multiple buffer overflows (heap and stack based) in various loaders. The 
stable update will come today or tomorrow.

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.

[Message part 2 (application/pgp-signature, inline)]

Reply sent to Nico Golde <nion@debian.org>:
You have taken responsibility. (Mon, 05 Apr 2010 14:42:04 GMT) (full text, mbox, link).

Notification sent to Michael Gilbert <michael.s.gilbert@gmail.com>:
Bug acknowledged by developer. (Mon, 05 Apr 2010 14:42:04 GMT) (full text, mbox, link).

Message #17 received at 576469-done@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>
To: 576469-done@bugs.debian.org
Date: Mon, 5 Apr 2010 16:37:51 +0200
[Message part 1 (text/plain, inline)]
Version: 1.4.0-1+lenny1

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.

[Message part 2 (application/pgp-signature, inline)]

Bug No longer marked as fixed in versions 1.4.0-1+lenny1. Request was from Nico Golde <nion@debian.org> to control@bugs.debian.org. (Mon, 05 Apr 2010 14:57:09 GMT) (full text, mbox, link).

Bug Marked as fixed in versions 1.4.0-1.2+lenny1. Request was from Nico Golde <nion@debian.org> to control@bugs.debian.org. (Mon, 05 Apr 2010 15:03:11 GMT) (full text, mbox, link).

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 27 Jun 2010 07:40:12 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 18:56:10 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started