Debian Bug report logs -
#854978
netpbm-free: CVE-2017-2581 CVE-2017-2580 CVE-2017-2579
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Andreas Barth <aba@not.so.argh.org>
:
Bug#854978
; Package netpbm-free
.
(Sun, 12 Feb 2017 19:27:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Markus Koschany <apo@debian.org>
:
New Bug report received and forwarded. Copy sent to Andreas Barth <aba@not.so.argh.org>
.
(Sun, 12 Feb 2017 19:27:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: netpbm-free
Severity: important
Tags: security
Hi,
the following vulnerabilities were published for netpbm-free.
CVE-2017-2581[0]:
CVE-2017-2580[1]:
CVE-2017-2579[2]:
I couldn't find more details about these issues and if they affect
Debian's fork of netpbm. The functions mentioned on seclists.org [3]
don't seem to exist but we can't completely rule out that the package is
still affected. Perhaps you are in a better position to determine
whether netpbm-free is vulnerable or not.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-2581
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2581
[1] https://security-tracker.debian.org/tracker/CVE-2017-2580
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2580
[2] https://security-tracker.debian.org/tracker/CVE-2017-2579
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2579
Please adjust the affected versions in the BTS as needed.
[3] http://seclists.org/oss-sec/2017/q1/317
Regards,
Markus
[signature.asc (application/pgp-signature, attachment)]
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:35:03 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.