Debian Bug report logs - #721236
CVE-2013-1438: exactimage: multiple vulnerabilities

version graph

Package: exactimage; Maintainer for exactimage is Sven Eckelmann <sven@narfation.org>; Source for exactimage is src:exactimage.

Reported by: Raphael Geissert <geissert@debian.org>

Date: Thu, 29 Aug 2013 10:03:01 UTC

Severity: important

Tags: security

Fixed in versions exactimage/0.8.9-1, exactimage/0.8.5-5+deb7u2, exactimage/0.8.1-3+deb6u2

Done: Sven Eckelmann <sven@narfation.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Shotwell Maintainers <pkg-shotwell-maint@lists.alioth.debian.org>:
Bug#721231; Package src:libraw. (Thu, 29 Aug 2013 10:03:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Raphael Geissert <geissert@debian.org>:
New Bug report received and forwarded. Copy sent to Debian Shotwell Maintainers <pkg-shotwell-maint@lists.alioth.debian.org>. (Thu, 29 Aug 2013 10:03:06 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Raphael Geissert <geissert@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2013-1438: dcraw world: multiple vulnerabilities
Date: Thu, 29 Aug 2013 11:59:11 +0200
Source: libraw
Severity: important
Tags: security
Control: clone -1 -2 -3 -4 -5 -6 -7 -8 -9
Control: retitle -1 CVE-2013-1438: libraw: multiple vulnerabilities
Control: retitle -2 CVE-2013-1438: dcraw: multiple vulnerabilities
Control reassign -2 dcraw
Control: retitle -3 CVE-2013-1438: darktable: multiple vulnerabilities
Control reassign -3 darktable
Control: retitle -4 CVE-2013-1438: ufraw: multiple vulnerabilities
Control reassign -4 ufraw
Control: retitle -5 CVE-2013-1438: xbmc: multiple vulnerabilities
Control reassign -5 src:xbmc
Control: retitle -6 CVE-2013-1438: exactimage: multiple vulnerabilities
Control reassign -6 exactimage
Control: retitle -7 CVE-2013-1438: rawstudio: multiple vulnerabilities
Control reassign -7 rawstudio
Control: retitle -8 CVE-2013-1438: rawtherapee: multiple vulnerabilities
Control reassign -8 rawtherapee
Control: retitle -9 CVE-2013-1438: libkdcraw: multiple vulnerabilities
Control reassign -9 libkdcraw

Hi,

I found a few vulnerabilities in dcraw and are all covered by the
CVE-2013-1438 id:
"Specially crafted photo files may trigger a division by zero, an
infinite loop, or a null pointer dereference."

Alex Tutubalin, libraw upstream, has patched the vulnerabilities in
libraw and the patches should apply as-is to the vast majority of
embedders. For the details
 http://www.openwall.com/lists/oss-security/2013/08/29/3

Please include the CVE id when fixing these vulnerabilities and
consider fixing them in old/stable via a {O,}SPU by following standard
procedures for stable release updates.

P.S. yes, the above Control list is annoying, but so is having so many
copies of the same code base in the archive.

Thanks,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net



Bug 721231 cloned as bugs 721232, 721233, 721234, 721235, 721236, 721237, 721238, 721239 Request was from Raphael Geissert <geissert@debian.org> to submit@bugs.debian.org. (Thu, 29 Aug 2013 10:03:06 GMT) Full text and rfc822 format available.

Changed Bug title to 'CVE-2013-1438: exactimage: multiple vulnerabilities' from 'CVE-2013-1438: dcraw world: multiple vulnerabilities' Request was from Raphael Geissert <atomo64@gmail.com> to control@bugs.debian.org. (Thu, 29 Aug 2013 10:09:21 GMT) Full text and rfc822 format available.

Bug reassigned from package 'src:libraw' to 'exactimage'. Request was from Raphael Geissert <atomo64@gmail.com> to control@bugs.debian.org. (Thu, 29 Aug 2013 10:09:22 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#721236; Package exactimage. (Thu, 29 Aug 2013 14:18:12 GMT) Full text and rfc822 format available.

Acknowledgement sent to Sven Eckelmann <sven@narfation.org>:
Extra info received and forwarded to list. (Thu, 29 Aug 2013 14:18:12 GMT) Full text and rfc822 format available.

Message #16 received at 721236@bugs.debian.org (full text, mbox):

From: Sven Eckelmann <sven@narfation.org>
To: Raphael Geissert <geissert@debian.org>
Cc: 721236@bugs.debian.org, control@bugs.debian.org
Subject: Re: CVE-2013-1438: exactimage: multiple vulnerabilities
Date: Thu, 29 Aug 2013 16:15:52 +0200
[Message part 1 (text/plain, inline)]
tags 721236 + pending
thanks

On Thursday 29 August 2013 11:59:11 Raphael Geissert wrote:
> I found a few vulnerabilities in dcraw and are all covered by the
> CVE-2013-1438 id:
> "Specially crafted photo files may trigger a division by zero, an
> infinite loop, or a null pointer dereference."
> 
> Alex Tutubalin, libraw upstream, has patched the vulnerabilities in
> libraw and the patches should apply as-is to the vast majority of
> embedders. For the details
>  http://www.openwall.com/lists/oss-security/2013/08/29/3
> 
> Please include the CVE id when fixing these vulnerabilities and
> consider fixing them in old/stable via a {O,}SPU by following standard
> procedures for stable release updates.

Thanks for the bug report. exactimage is affected by CVE-2013-1438 and will be 
fixed soon in unstable. The differences to stable/oldstable are bigger and 
have to be checked before an upload is prepared.

Kind regards,
	Sven
[signature.asc (application/pgp-signature, inline)]

Added tag(s) pending. Request was from Sven Eckelmann <sven@narfation.org> to control@bugs.debian.org. (Thu, 29 Aug 2013 14:18:15 GMT) Full text and rfc822 format available.

Reply sent to Sven Eckelmann <sven@narfation.org>:
You have taken responsibility. (Thu, 29 Aug 2013 15:24:05 GMT) Full text and rfc822 format available.

Notification sent to Raphael Geissert <geissert@debian.org>:
Bug acknowledged by developer. (Thu, 29 Aug 2013 15:24:05 GMT) Full text and rfc822 format available.

Message #23 received at 721236-close@bugs.debian.org (full text, mbox):

From: Sven Eckelmann <sven@narfation.org>
To: 721236-close@bugs.debian.org
Subject: Bug#721236: fixed in exactimage 0.8.9-1
Date: Thu, 29 Aug 2013 15:21:22 +0000
Source: exactimage
Source-Version: 0.8.9-1

We believe that the bug you reported is fixed in the latest version of
exactimage, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 721236@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sven Eckelmann <sven@narfation.org> (supplier of updated exactimage package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 29 Aug 2013 16:17:32 +0200
Source: exactimage
Binary: exactimage edisplay exactimage-dbg libexactimage-perl php5-exactimage python-exactimage
Architecture: source amd64
Version: 0.8.9-1
Distribution: unstable
Urgency: high
Maintainer: Sven Eckelmann <sven@narfation.org>
Changed-By: Sven Eckelmann <sven@narfation.org>
Description: 
 edisplay   - fast image manipulation programs (image viewer)
 exactimage - fast image manipulation programs
 exactimage-dbg - fast image manipulation library (debug symbols)
 libexactimage-perl - fast image manipulation library (Perl bindings)
 php5-exactimage - fast image manipulation library (PHP bindings)
 python-exactimage - fast image manipulation library (Python bindings)
Closes: 721236
Changes: 
 exactimage (0.8.9-1) unstable; urgency=high
 .
   * New Upstream Version
   * Fix CVE-2013-1438: multiple denial of service vulnerabilities
     (Closes: #721236)
   * debian/rules:
     - Enable section garbage collection to reduce size caused by partial linked
       static library
     - Provide override_dh_auto_clean/test to avoid problems with stricter
       debhelper clean/test behavior since 9.20130720
   * debian/patches:
     - Add gcc_48_dcraw_infinite_loop.patch, Avoid infinite loops generated by
       GCC 4.8 caused by undefined behaviour
     - Remove upstream merged tga_memcpy_signature.patch and spelling_error.patch
     - Add CVE-2013-1438, Fix CVE-2013-1438
Checksums-Sha1: 
 dc4892c08822e368f550423e675146f881526c1b 2473 exactimage_0.8.9-1.dsc
 d5cb671386d4ca8203f68f6caf01199b05467032 334305 exactimage_0.8.9.orig.tar.gz
 9a17f280a7d60570c28cc20ba73bf534de76a68c 33058 exactimage_0.8.9-1.debian.tar.gz
 5b2e8877d23ba332b8fa44212e189d3431a8607f 809386 exactimage_0.8.9-1_amd64.deb
 82bad364911325a04116851ffe35b3b21ed7bd19 348144 edisplay_0.8.9-1_amd64.deb
 ee421f8396e4be480b35da892de7bdf50eca6bba 22415142 exactimage-dbg_0.8.9-1_amd64.deb
 f16457cc157239b472b90ae8d1fb5c8f08a4938f 612288 libexactimage-perl_0.8.9-1_amd64.deb
 8c8682d45b5c59401081c36d8214fbe4fcdaf466 600982 php5-exactimage_0.8.9-1_amd64.deb
 634ca09a1ef60bcd374c6f6efe7a1323ea0de39d 602046 python-exactimage_0.8.9-1_amd64.deb
Checksums-Sha256: 
 ea827bc78bee50a580c5a2ccbe280b2405c4bb08589540e5d3b2efb59d5d0e76 2473 exactimage_0.8.9-1.dsc
 d2ac52a7fc3057bad5ad6cd8a9f084362da5b6f340ac3714cb5fd6162dbd2a7d 334305 exactimage_0.8.9.orig.tar.gz
 c0324a3d7fd33a6e5cd3ef5f578bf7261a408853f295aba73d48ac211d000ef3 33058 exactimage_0.8.9-1.debian.tar.gz
 da3a9edf472b6e9604a34015493426c9ad40f0dacddfedb82bb656f43bae9663 809386 exactimage_0.8.9-1_amd64.deb
 0263843de672bce19a14efa58923d4b4304bd11001b0eb9f3506055f3d7a56a6 348144 edisplay_0.8.9-1_amd64.deb
 70f7738aa84a3348189d7f04d707776b904ff642f23c265dae666e45cbe363a3 22415142 exactimage-dbg_0.8.9-1_amd64.deb
 5b61b256303fa1c62c2a245adfb13d84a9ce486e518be9710c631c4ddfab9378 612288 libexactimage-perl_0.8.9-1_amd64.deb
 95dbffaa7333807fc627de4ea1d94dcc82f6a26be3aa0342753c2758af1029d8 600982 php5-exactimage_0.8.9-1_amd64.deb
 084a7ac548962bb002be20f21d59f77fd1649de01dd01dc6206187bb8f075eb6 602046 python-exactimage_0.8.9-1_amd64.deb
Files: 
 6dbe7dc229d587855b471a868448b377 2473 graphics optional exactimage_0.8.9-1.dsc
 56d297cbaa9fb0755714316bf420b1bf 334305 graphics optional exactimage_0.8.9.orig.tar.gz
 6f5c4e2628b0538c063602928718e741 33058 graphics optional exactimage_0.8.9-1.debian.tar.gz
 7e4848f50ba147ef737a7324816f3459 809386 graphics optional exactimage_0.8.9-1_amd64.deb
 1f1c7cd19816ba7c52e00e6be361b640 348144 graphics optional edisplay_0.8.9-1_amd64.deb
 9eaca8358701b35e01385f9b1cad11cb 22415142 debug extra exactimage-dbg_0.8.9-1_amd64.deb
 01224f36c55f55f10fc7cc4e01364252 612288 perl optional libexactimage-perl_0.8.9-1_amd64.deb
 287386f12e5febe2b516177b6ad03d06 600982 php optional php5-exactimage_0.8.9-1_amd64.deb
 7d44f0ca0ebbb5eb7e8265b374060561 602046 python optional python-exactimage_0.8.9-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBCgAGBQJSH1rIAAoJEF2HCgfBJntGuQYQAL2iz2lzbgyqNew9WqUcqfKA
YiedcexMOuR+hBz+JdpgBDrSmx7pqyCljJ6H9ZmDjPLVUhKLdABceU8EItlY1vDc
kF3J2Giy6CVHqiVv6JZfTeh9Hu5xe+XHH9XfOkfOT+ufEGjIsQeHchF0upDUa0Xc
muYKaBAP72QN5fkEiPVatKezzWCobGqEPZYlp5/lcGMLU5z6s2Nz1SQT57rsIT5a
hCHISUcTHg6CS2eFlNnypVZ7B5FULTQ6jI3F7t8oBJ5JsMMNiR/6L8OTBxFv7Tkw
nU48fLYCrf4/pGW0mTwHSJ16PdpiejXAaozNFPDQmMTI5urX3pNsAIai5hiCGHUq
xMGI52K1lQgGeZt95RW1FJ2Issek+sJuigMsuiNj1cD2VqfLBTgClNi7MjAAsAat
jwciYNUf4TPsC9gWZLznnak+fD9aFlUy6q5w2IMI6i1yvybsL8dP30MZu4mjnbeS
EFzoy4t0wdyIOsdayCRjeoy5D0X+t31bdy6C6Hk5WwEiVZjS7urbxtLDf7c8bVPW
88lzpr2dv8FIp41l6qGmso7i7gDFZxG5WN3h7oQ1xyxyKNbMU5GNz/fXFgG82X96
3Hf55DkWhZjTIyVjSqCnuh6yOgGTz24BQ/l012tAFF7Qsm+I6HHRERpIxOH4igR4
SrenyIRVcPMad3etgz99
=bW5S
-----END PGP SIGNATURE-----




Reply sent to Sven Eckelmann <sven@narfation.org>:
You have taken responsibility. (Sun, 01 Sep 2013 21:21:14 GMT) Full text and rfc822 format available.

Notification sent to Raphael Geissert <geissert@debian.org>:
Bug acknowledged by developer. (Sun, 01 Sep 2013 21:21:14 GMT) Full text and rfc822 format available.

Message #28 received at 721236-close@bugs.debian.org (full text, mbox):

From: Sven Eckelmann <sven@narfation.org>
To: 721236-close@bugs.debian.org
Subject: Bug#721236: fixed in exactimage 0.8.5-5+deb7u2
Date: Sun, 01 Sep 2013 21:17:06 +0000
Source: exactimage
Source-Version: 0.8.5-5+deb7u2

We believe that the bug you reported is fixed in the latest version of
exactimage, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 721236@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sven Eckelmann <sven@narfation.org> (supplier of updated exactimage package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 29 Aug 2013 17:16:53 +0200
Source: exactimage
Binary: exactimage edisplay exactimage-dbg libexactimage-perl php5-exactimage python-exactimage
Architecture: source amd64
Version: 0.8.5-5+deb7u2
Distribution: stable-security
Urgency: high
Maintainer: Daniel Stender <daniel@danielstender.com>
Changed-By: Sven Eckelmann <sven@narfation.org>
Description: 
 edisplay   - fast image manipulation programs (image viewer)
 exactimage - fast image manipulation programs
 exactimage-dbg - fast image manipulation library (debug symbols)
 libexactimage-perl - fast image manipulation library (Perl bindings)
 php5-exactimage - fast image manipulation library (PHP bindings)
 python-exactimage - fast image manipulation library (Python bindings)
Closes: 721236
Changes: 
 exactimage (0.8.5-5+deb7u2) stable-security; urgency=high
 .
   * Add debian/patches/CVE-2013-1438.patch,
     Fix CVE-2013-1438: multiple denial of service vulnerabilities
     (Closes: #721236)
Checksums-Sha1: 
 7a5ab00096f590f62c283f98e9f4bfef2bcc0143 2102 exactimage_0.8.5-5+deb7u2.dsc
 d2aefa31c2989def9d182ee7b13d547511756d05 283873 exactimage_0.8.5.orig.tar.bz2
 903c7f72a50bc0d8ed7c8f2a89d6f7c81d954670 29506 exactimage_0.8.5-5+deb7u2.debian.tar.gz
 108917de7880cd2116f597a0c80af4a4453bcac3 4282506 exactimage_0.8.5-5+deb7u2_amd64.deb
 bce3f1c2da2dcbeda130f253e60a2c3be6826756 616158 edisplay_0.8.5-5+deb7u2_amd64.deb
 3505a207145f8ce42a233603f106cbea8703b16f 24285236 exactimage-dbg_0.8.5-5+deb7u2_amd64.deb
 a044042c6cf3bef1041298d862942924243e690a 727046 libexactimage-perl_0.8.5-5+deb7u2_amd64.deb
 995f04b63000aacf6b92d6bf4ec83a913f830c63 709818 php5-exactimage_0.8.5-5+deb7u2_amd64.deb
 dc0ca94e2f87f77f92e3d86a2ffc0ed14a9ad530 1408148 python-exactimage_0.8.5-5+deb7u2_amd64.deb
Checksums-Sha256: 
 839775db6abca3d0ab6c573e2c6045c0d87702be0b6cc2ec11d1e95e7facd1c2 2102 exactimage_0.8.5-5+deb7u2.dsc
 c5f3bdb28bfffc916bab75cd99817b92cd1364cdec870be80f0de153d43318a8 283873 exactimage_0.8.5.orig.tar.bz2
 1c18e2f0e79207caf709f5a9ae46553f462097541224f32640ede2958fb21969 29506 exactimage_0.8.5-5+deb7u2.debian.tar.gz
 afc7ac40b9425631fc0760f3b0255d0183c3f7c59e0ee4c922dfc39bb5b90496 4282506 exactimage_0.8.5-5+deb7u2_amd64.deb
 665c8922b4aebbbe89a142b6489efd170314d5e6dc3b89c5c5f148487390fe34 616158 edisplay_0.8.5-5+deb7u2_amd64.deb
 054212abfec612453eae95cae11d8fc5e64905634d1781208d7bd12635e95a3d 24285236 exactimage-dbg_0.8.5-5+deb7u2_amd64.deb
 fa2e60f1d67f17c050301050a6a6ea639dfa12916e53e0274680b4171492203d 727046 libexactimage-perl_0.8.5-5+deb7u2_amd64.deb
 7f9620f45b4148da6d2c4201df14cc81e2c3bb205b59e194b56ba987dc32c139 709818 php5-exactimage_0.8.5-5+deb7u2_amd64.deb
 9454adea77fd10f2e5e04ef3e3530020a15e638d158f55e66ed65ac9036dc132 1408148 python-exactimage_0.8.5-5+deb7u2_amd64.deb
Files: 
 070b3a459f190f9d755a0d4f62c253de 2102 graphics optional exactimage_0.8.5-5+deb7u2.dsc
 54c5dc9afd86ec573e7e2e9a80f45c71 283873 graphics optional exactimage_0.8.5.orig.tar.bz2
 6e5cc13414dbd1cabae8070920b7addd 29506 graphics optional exactimage_0.8.5-5+deb7u2.debian.tar.gz
 9d7f75ce4e651a7f5d58cbf449bd267e 4282506 graphics optional exactimage_0.8.5-5+deb7u2_amd64.deb
 a6c6e990caff8428cd7d09b1d7a825c2 616158 graphics optional edisplay_0.8.5-5+deb7u2_amd64.deb
 80374862c4b35967e062721c3e102c8e 24285236 debug extra exactimage-dbg_0.8.5-5+deb7u2_amd64.deb
 b22763321043587e41c1af7157be8016 727046 perl optional libexactimage-perl_0.8.5-5+deb7u2_amd64.deb
 d8d0c61c49476164c193ed5f22db60eb 709818 php optional php5-exactimage_0.8.5-5+deb7u2_amd64.deb
 bb9ca89b606a359aaf6d89613dc77a6f 1408148 python optional python-exactimage_0.8.5-5+deb7u2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJSIg6KAAoJEL97/wQC1SS+v7YIAIchqSGGWX9Pt6oVYxOIUu3a
glFsHxcQYTzWPUSZOg6JGA5P2RinI5ZIm0nLTucqzE9BK8/6pXQwD3gZ6AopjYjT
OcveK74peud9HIL78VGJydjsd4NrSHmNqPcank9o9M+x9epm06K5DdCI6dOumBN+
nHeYZqpkAxsu/I2TB7ea3WtXf8jty4mhSYXdQZf9TpqPeVREYd56EIFRI8wqVOQc
mnNEtnH1i4+yCY2L/HyQG5HgMvBx5TMldSiH6ofWFeymwwoZLSfqib8ZQ02VU/IP
wL7Qtc07smtOyYDqKdt4KEuqWw6ooTCMa4gCdSA4I2fehEOVJ4QKAPTsOVmm9fE=
=r0jQ
-----END PGP SIGNATURE-----




Reply sent to Sven Eckelmann <sven@narfation.org>:
You have taken responsibility. (Sun, 01 Sep 2013 21:54:13 GMT) Full text and rfc822 format available.

Notification sent to Raphael Geissert <geissert@debian.org>:
Bug acknowledged by developer. (Sun, 01 Sep 2013 21:54:13 GMT) Full text and rfc822 format available.

Message #33 received at 721236-close@bugs.debian.org (full text, mbox):

From: Sven Eckelmann <sven@narfation.org>
To: 721236-close@bugs.debian.org
Subject: Bug#721236: fixed in exactimage 0.8.1-3+deb6u2
Date: Sun, 01 Sep 2013 21:50:50 +0000
Source: exactimage
Source-Version: 0.8.1-3+deb6u2

We believe that the bug you reported is fixed in the latest version of
exactimage, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 721236@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sven Eckelmann <sven@narfation.org> (supplier of updated exactimage package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 29 Aug 2013 17:16:53 +0200
Source: exactimage
Binary: exactimage exactimage-dbg libexactimage-perl exactimage-perl php5-exactimage python-exactimage
Architecture: source amd64 all
Version: 0.8.1-3+deb6u2
Distribution: oldstable-security
Urgency: high
Maintainer: Jakub Wilk <jwilk@debian.org>
Changed-By: Sven Eckelmann <sven@narfation.org>
Description: 
 exactimage - fast image manipulation programs
 exactimage-dbg - fast image manipulation library (debug symbols)
 exactimage-perl - transitional dummy package
 libexactimage-perl - fast image manipulation library (Perl bindings)
 php5-exactimage - fast image manipulation library (PHP bindings)
 python-exactimage - fast image manipulation library (Python bindings)
Closes: 721236
Changes: 
 exactimage (0.8.1-3+deb6u2) oldstable-security; urgency=high
 .
   * Add debian/patches/CVE-2013-1438.patch,
     Fix CVE-2013-1438: multiple denial of service vulnerabilities
     (Closes: #721236)
Checksums-Sha1: 
 4b2aca2eefe297d6ff58aa584ce30b8563795874 1892 exactimage_0.8.1-3+deb6u2.dsc
 2aa8398d52b62cee5f62356fb81b0d1b8e7f6137 283660 exactimage_0.8.1.orig.tar.bz2
 7b191351f3989d647c22b57ba059f5ddd9551450 17909 exactimage_0.8.1-3+deb6u2.debian.tar.gz
 333395c4cf95427a1bfa818bf4d69623b459d1e9 3911120 exactimage_0.8.1-3+deb6u2_amd64.deb
 6031e0da0b5188787db9658516846551f6606a4d 15737744 exactimage-dbg_0.8.1-3+deb6u2_amd64.deb
 e59229eb900f620a5a21268e22aad89d31189f54 672314 libexactimage-perl_0.8.1-3+deb6u2_amd64.deb
 cf88dc3e38a2d87b997da27d857311ef4b9c3136 6686 exactimage-perl_0.8.1-3+deb6u2_all.deb
 35d5db10ecd72b73b859831c5c25e1b1e09d6076 652006 php5-exactimage_0.8.1-3+deb6u2_amd64.deb
 46b0407996fb8c86c88fd8fb402be712c0be0b81 1286364 python-exactimage_0.8.1-3+deb6u2_amd64.deb
Checksums-Sha256: 
 581829851ecd08c68fcc116b614400478ee38c8d01ec6bcefd536025f5be0674 1892 exactimage_0.8.1-3+deb6u2.dsc
 926a09c897489705ba42daeb01fc4a3c327a8194dc65431f630d50684390e28b 283660 exactimage_0.8.1.orig.tar.bz2
 e7882c53ef0b4d70890e9c9a70e602b93e70aaa0207b8442579b91647260f471 17909 exactimage_0.8.1-3+deb6u2.debian.tar.gz
 ffb26c1803cbccc2906ea7962f621ec35e60a2fad82e3efa1910594d372c2399 3911120 exactimage_0.8.1-3+deb6u2_amd64.deb
 b9e288681a36f8efe977678c2bb7c1491e4ef50d41a217f6d831bfd9b8fb9c9d 15737744 exactimage-dbg_0.8.1-3+deb6u2_amd64.deb
 26b7d7f7d5d1baa24a60d04d2625be926c95c106450eca72b0a3c85e7175d978 672314 libexactimage-perl_0.8.1-3+deb6u2_amd64.deb
 b317aa41431797b458fabb03bcfa959e592e8505e6f68b33be6525e464559443 6686 exactimage-perl_0.8.1-3+deb6u2_all.deb
 3753ecb811b81e129ce97c43ce1c9ed05ba8251b2cf2246490aa4bd9c88a8fe9 652006 php5-exactimage_0.8.1-3+deb6u2_amd64.deb
 3b5c656c41258778ab44f65ce36c2e7d9685599ff70d176d8bfb318d4c2677ab 1286364 python-exactimage_0.8.1-3+deb6u2_amd64.deb
Files: 
 d51a2fa9d6f74d2af00170a1d8357ec4 1892 graphics optional exactimage_0.8.1-3+deb6u2.dsc
 f6c5a068a21a90c314ba557f0a601352 283660 graphics optional exactimage_0.8.1.orig.tar.bz2
 c722527f808151fd453cbdda4e99c0b4 17909 graphics optional exactimage_0.8.1-3+deb6u2.debian.tar.gz
 667bdee6715e1ccba2820a230ba23269 3911120 graphics optional exactimage_0.8.1-3+deb6u2_amd64.deb
 c8e616e4e63ed7a0b9dbb620e08fc398 15737744 debug extra exactimage-dbg_0.8.1-3+deb6u2_amd64.deb
 70d31a9db5c96d37f6dfac4ccb4f199b 672314 perl optional libexactimage-perl_0.8.1-3+deb6u2_amd64.deb
 ea1bd710a1529b53bde00c506e1cd320 6686 perl optional exactimage-perl_0.8.1-3+deb6u2_all.deb
 a15299e7d85e96589769ddcaf6f332f6 652006 php optional php5-exactimage_0.8.1-3+deb6u2_amd64.deb
 b1a9ff5a6c81d9f52557848e415c1174 1286364 python optional python-exactimage_0.8.1-3+deb6u2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJSIg6IAAoJEL97/wQC1SS++ckH/RAb1oKFXs/ndzZXBpB6PpdE
aFfyB9fjV9YksCXEN6w0Vo/MfOzfF2c97sjfUy+xNMQjwoAd5gZr7bUU1Y2DU3XK
r9tPucIxKz8glw27feyEbJ8dtY9MtxY31awLQ5aLuV3stlmEtSVDWF9vye/ucHd1
aClB/htAVX7xPJDczkM2ZKX9VAigzHTQ7T0QtmlDcX0ziP8I+58wngN+p0Hi0/1E
5KvaIjruQ7kI7pMKHn6xk69xNNOxe6EMWxaSMe+YPME5AnD19AAk2WdXK+59qO+j
hOFMI0tJ6g89FwmfegA/plpNAThslET12BhjGDw5yZGKDcgIOS6sqlsuy/L8vpA=
=EAK8
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 30 Sep 2013 07:30:30 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 16 08:10:41 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.