Debian Bug report logs -
#523472
argyll: CVE-2009-0792 integer overflows
Reported by: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>
Date: Fri, 10 Apr 2009 14:24:02 UTC
Severity: important
Tags: security
Fixed in version argyll/1.0.3-3
Done: Roland Mas <lolando@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Roland Mas <lolando@debian.org>
:
Bug#523472
; Package argyll
.
(Fri, 10 Apr 2009 14:24:06 GMT) (full text, mbox, link).
Acknowledgement sent
to "Michael S. Gilbert" <michael.s.gilbert@gmail.com>
:
New Bug report received and forwarded. Copy sent to Roland Mas <lolando@debian.org>
.
(Fri, 10 Apr 2009 14:24:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
package: argyll
severity: important
tags: security
Hi,
CVE-2009-0792 has been issued for argyll. The details are:
Multiple integer overflows and multiple insufficient upper-bounds
checks on certain variable sizes were originally discovered in the
Ghostscript's International Color Consortium Format Library (icclib).
It was found, the original patch, addressing this issue was
incomplete.
For more details, see the fedora security announcement [1].
Please be sure to include the CVE number in your changelog if you
upload a fix.
Regards,
Mike
[1] http://lwn.net/Articles/328044/
Reply sent
to Roland Mas <lolando@debian.org>
:
You have taken responsibility.
(Fri, 10 Apr 2009 16:48:08 GMT) (full text, mbox, link).
Notification sent
to "Michael S. Gilbert" <michael.s.gilbert@gmail.com>
:
Bug acknowledged by developer.
(Fri, 10 Apr 2009 16:48:08 GMT) (full text, mbox, link).
Message #10 received at 523472-close@bugs.debian.org (full text, mbox, reply):
Source: argyll
Source-Version: 1.0.3-3
We believe that the bug you reported is fixed in the latest version of
argyll, which is due to be installed in the Debian FTP archive:
argyll_1.0.3-3.diff.gz
to pool/main/a/argyll/argyll_1.0.3-3.diff.gz
argyll_1.0.3-3.dsc
to pool/main/a/argyll/argyll_1.0.3-3.dsc
argyll_1.0.3-3_i386.deb
to pool/main/a/argyll/argyll_1.0.3-3_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 523472@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Roland Mas <lolando@debian.org> (supplier of updated argyll package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 10 Apr 2009 17:53:55 +0200
Source: argyll
Binary: argyll
Architecture: source i386
Version: 1.0.3-3
Distribution: unstable
Urgency: low
Maintainer: Roland Mas <lolando@debian.org>
Changed-By: Roland Mas <lolando@debian.org>
Description:
argyll - Color Management System, calibrator and profiler
Closes: 523472
Changes:
argyll (1.0.3-3) unstable; urgency=low
.
* Another patch for icclib, this time from Jan Lieskovsky, fixing some
more vulnerabilities described in CVE-2009-0792 (closes: #523472).
Checksums-Sha1:
74335daa670a6fe7c3c49192aec7b77cf03adff2 1205 argyll_1.0.3-3.dsc
2990206fcced98280b514abcc461ae8ca622b523 22632 argyll_1.0.3-3.diff.gz
6918d3341bfdbff5bbe611b5779476b040235468 9757854 argyll_1.0.3-3_i386.deb
Checksums-Sha256:
c9b04a4ae3f0ab240621126255135ef543c06c1d6a1c3547e6f0791fc0bc243c 1205 argyll_1.0.3-3.dsc
a596018e55bd5a4f2b384b6bb6b49cf6dacaafea1f13ffd7fc9cc41714ba423e 22632 argyll_1.0.3-3.diff.gz
fe76b33395bcdb6b60f01043ad22a4ffe8e15faad2fdc503fe6a3ec16240554e 9757854 argyll_1.0.3-3_i386.deb
Files:
30392f78b00a3da4722a5cce47744d9a 1205 graphics optional argyll_1.0.3-3.dsc
18d795460670de3acc6b0fae830b99aa 22632 graphics optional argyll_1.0.3-3.diff.gz
351adbd55a6aa377a54e127ff5ad36d7 9757854 graphics optional argyll_1.0.3-3_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJ326rDqdWtRRIQ/URAqQgAKCdIhgfoESKiet0Grtu0osa27rHlQCfR2ex
GIw6pOnz3XHx1p/TveUW2cU=
=seDF
-----END PGP SIGNATURE-----
Bug 523472 cloned as bug 524802.
Request was from "Michael S. Gilbert" <michael.s.gilbert@gmail.com>
to control@bugs.debian.org
.
(Mon, 20 Apr 2009 01:39:02 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Mon, 18 May 2009 07:42:39 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:29:04 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.