Debian Bug report logs -
#903858
CVE-2018-14072 / CVE-2018-14073
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Sun, 15 Jul 2018 21:27:02 UTC
Severity: normal
Tags: fixed-upstream, security, upstream
Found in version libsixel/1.8.1-1
Fixed in version libsixel/1.8.2-1
Done: NOKUBI Takatsugu <knok@daionet.gr.jp>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, NOKUBI Takatsugu <knok@daionet.gr.jp>:
Bug#903858; Package src:libsixel.
(Sun, 15 Jul 2018 21:27:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, NOKUBI Takatsugu <knok@daionet.gr.jp>.
(Sun, 15 Jul 2018 21:27:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: libsixel
Severity: normal
Tags: security
Please see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14073
These don't warrant a DSA security update, if you want you could
address them via a stretch point release (or we rather ignore
it for stable entirely, as the impact seems negligable)
Cheers,
Moritz
Marked as found in versions libsixel/1.8.1-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Mon, 16 Jul 2018 04:33:02 GMT) (full text, mbox, link).
Added tag(s) upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Mon, 16 Jul 2018 04:33:03 GMT) (full text, mbox, link).
Added tag(s) fixed-upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Sun, 22 Jul 2018 12:03:08 GMT) (full text, mbox, link).
Reply sent
to NOKUBI Takatsugu <knok@daionet.gr.jp>:
You have taken responsibility.
(Mon, 23 Jul 2018 08:42:04 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Mon, 23 Jul 2018 08:42:04 GMT) (full text, mbox, link).
Message #16 received at 903858-close@bugs.debian.org (full text, mbox, reply):
Source: libsixel
Source-Version: 1.8.2-1
We believe that the bug you reported is fixed in the latest version of
libsixel, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 903858@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
NOKUBI Takatsugu <knok@daionet.gr.jp> (supplier of updated libsixel package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 23 Jul 2018 16:29:35 +0900
Source: libsixel
Binary: libsixel-dev libsixel1 libsixel-bin libsixel-examples
Architecture: source amd64 all
Version: 1.8.2-1
Distribution: unstable
Urgency: medium
Maintainer: NOKUBI Takatsugu <knok@daionet.gr.jp>
Changed-By: NOKUBI Takatsugu <knok@daionet.gr.jp>
Description:
libsixel-bin - DEC SIXEL graphics codec implementation (binary)
libsixel-dev - DEC SIXEL graphics codec implementation (develop)
libsixel-examples - DEC SIXEL graphics codec implementation (examples)
libsixel1 - DEC SIXEL graphics codec implementation (runtime)
Closes: 903858
Changes:
libsixel (1.8.2-1) unstable; urgency=medium
.
* New upstream, security fix (closes: #903858)
* d/control: update decian policy from 4.1.3 to 4.1.5
change license short name from MIT to Expat
Checksums-Sha1:
9cc50ed70a94a1e0e4bbe9b0919650f85a13a3f4 1948 libsixel_1.8.2-1.dsc
f0a150461904d4217617009249c63150182588f7 4778776 libsixel_1.8.2.orig.tar.gz
3d69f96df6f3f64b888c760043d782857ad41937 4188 libsixel_1.8.2-1.debian.tar.xz
bc12197dcf47f59c80a7b042cc812ea24f3b3b7b 10700 libsixel-bin-dbgsym_1.8.2-1_amd64.deb
1e546d5523b86ecafa726215a4773f3bddb3b7de 55248 libsixel-bin_1.8.2-1_amd64.deb
c61d0085e1a0719d815fe62a4772bb33b7d93413 161452 libsixel-dev_1.8.2-1_amd64.deb
4f29144291fbdf16c93b928ede09c4df615df5f3 3711872 libsixel-examples_1.8.2-1_all.deb
e46208e28e2f5871a0320a8818372a29570cfad4 200804 libsixel1-dbgsym_1.8.2-1_amd64.deb
cb76ad818be9e430ade9f5911c4576ec11cc7873 130320 libsixel1_1.8.2-1_amd64.deb
801600ac46dbbdb9a5d9a939dcfcb720611315b0 7015 libsixel_1.8.2-1_amd64.buildinfo
Checksums-Sha256:
dd19e424caa7f8aeb9f1b9847ed037826f5f8dd3c34a22628f285115157e8832 1948 libsixel_1.8.2-1.dsc
c464d2a6fcf35e9e6bad1876729e853a8b9f6abfe97d9e3487c9bfac45cf2a5f 4778776 libsixel_1.8.2.orig.tar.gz
039e3326cf82abfe1cd5aeabf156140ca4d41b38954b5d99cd4f7da845c82396 4188 libsixel_1.8.2-1.debian.tar.xz
498231675d757462c1c37101e315dc8571690cfbe8a63be528cc9f220fa67dea 10700 libsixel-bin-dbgsym_1.8.2-1_amd64.deb
197ce90da4a5fa1facf2800e134061e0f5d6d54b8ef2a1b9a16a4c597f3b86c4 55248 libsixel-bin_1.8.2-1_amd64.deb
198173f15941249d5d9670b34efdb72cc70b5885e1f861a96d42ea7e375da778 161452 libsixel-dev_1.8.2-1_amd64.deb
d16547b343a6179afe4fa219558922f6840dcf0a2d4896e87d396306f30221b0 3711872 libsixel-examples_1.8.2-1_all.deb
9fdad5e8108811fbc01dc24e74aedaed1485237fe3e5f85420b8489c91bdd374 200804 libsixel1-dbgsym_1.8.2-1_amd64.deb
c8ba468cd51dbb57b0b0707693e97ba7d497ce86c0e7315e90ed3ae698db3970 130320 libsixel1_1.8.2-1_amd64.deb
868fd963dfe675afdf0d05eac739327fbb9b3d78fc80a146b30f039207f1d19a 7015 libsixel_1.8.2-1_amd64.buildinfo
Files:
1665df05af1b2b3002b5b819b072a351 1948 libs optional libsixel_1.8.2-1.dsc
cf321caac39d053eecd8291204d2ac31 4778776 libs optional libsixel_1.8.2.orig.tar.gz
a77d39dd7bf62a8172a68399dc56eef5 4188 libs optional libsixel_1.8.2-1.debian.tar.xz
28ac57f877a51d318be5bbc0afda0364 10700 debug optional libsixel-bin-dbgsym_1.8.2-1_amd64.deb
07711faf56957c43a25c81da986cf1c7 55248 libs optional libsixel-bin_1.8.2-1_amd64.deb
fde4183f3112656cf17cdf06698f77a4 161452 libdevel optional libsixel-dev_1.8.2-1_amd64.deb
c93bd2bbc6feb64f54552cc80e3bcd5a 3711872 devel optional libsixel-examples_1.8.2-1_all.deb
d2524cedf23c0346ef622b7d030b8a58 200804 debug optional libsixel1-dbgsym_1.8.2-1_amd64.deb
81214f9a9e3eb8ef1edeef6962ca03e8 130320 libs optional libsixel1_1.8.2-1_amd64.deb
74457f77cc312c4f842ba8566ce7cd09 7015 libs optional libsixel_1.8.2-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJHBAEBCAAxFiEEmUUrTdKL7qyKtckxsGZi7JwMFAQFAltVi7kTHGtub2tAZGFp
b25ldC5nci5qcAAKCRCwZmLsnAwUBMELD/95P8RzIwnoSuSluL2J6859UXEXtRd7
zyMCYdqMlrXgIi7CADdLh9FpSS+pVcxDE4xmhnUcsOBxjCR6zCX63FZEekOX/QAg
mu9AH2tDzDt5QxgUrfH6saANR1rXSjgpLTxPQrkIoDchkriRc2+cf2a680+0+FNX
qyP6UeWGRMjJHesw/6UMyXcWj0eOmwcNTZmA5BNEu8tAgRhCYtK0Qv1xcZEvzw/z
d20luX/wTALZeHX7WwEYd5rzRog5bHu2z8Taan3Hxyc9SRkALeCmaqWES6mCnnMg
SVKkDfDCr+pp9KYE5frMHhEMpVxgOkL1BHPe+xp6KbcpIbXCsFHhisK/4Llo2n/f
t1npo6Q5SoNx3MYPP4bpmjxJoc549BOPEJg4g12bKG4FxSKUMzK/ierjcUykeEQw
bElTLIQd1+2omwc/UE10aWQWa280OnwiPy1b49+4qHWPxfelRiHaIuvpbhZk+1yW
Tdd6D5wNXsOhZcFZgLROgL028dNCFTkFAisDMqa0ssJZ0c358itlE8nUdLcGCyIr
qjnlSXpLfapYoAZJfIPQ4y+AUpJUXw7CVkNVSnE+D0Hhxgyen2d2N/XZOKU2M21K
9EnVv/VNXlJU+v98OKkrZyni6BOblH7Mxw2LwC59MVQLEZtIszT3r3/NSfuxdbmO
FmqpL0BWwd5xnQ==
=1X0S
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 25 Aug 2018 07:28:46 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:09:38 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon