netpbm-free: CVE-2017-2581 CVE-2017-2580 CVE-2017-2579

Debian Bug report logs - #854978
netpbm-free: CVE-2017-2581 CVE-2017-2580 CVE-2017-2579

Reply or subscribe to this bug.

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Markus Koschany <apo@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: netpbm-free: CVE-2017-2581 CVE-2017-2580 CVE-2017-2579

Date: Sun, 12 Feb 2017 20:23:26 +0100

[Message part 1 (text/plain, inline)]

Package: netpbm-free
Severity: important
Tags: security

Hi,

the following vulnerabilities were published for netpbm-free.

CVE-2017-2581[0]:

CVE-2017-2580[1]:

CVE-2017-2579[2]:

I couldn't find more details about these issues and if they affect
Debian's fork of netpbm. The functions mentioned on seclists.org [3]
don't seem to exist but we can't completely rule out that the package is
still affected. Perhaps you are in a better position to determine
whether netpbm-free is vulnerable or not.

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-2581
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2581
[1] https://security-tracker.debian.org/tracker/CVE-2017-2580
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2580
[2] https://security-tracker.debian.org/tracker/CVE-2017-2579
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2579
Please adjust the affected versions in the BTS as needed.

[3] http://seclists.org/oss-sec/2017/q1/317

Regards,

Markus

[signature.asc (application/pgp-signature, attachment)]

Send a report that this bug log contains spam.