Report forwarded
to debian-bugs-dist@lists.debian.org, Colin Watson <cjwatson@debian.org>: Bug#854054; Package icoutils.
(Fri, 03 Feb 2017 13:30:03 GMT) (full text, mbox, link).
Acknowledgement sent
to "op7ic \\x00" <op7ica@gmail.com>:
New Bug report received and forwarded. Copy sent to Colin Watson <cjwatson@debian.org>.
(Fri, 03 Feb 2017 13:30:03 GMT) (full text, mbox, link).
Package: icoutils
Version: 0.31.1
---------- Forwarded message ----------
From: op7ic \x00 <op7ica@gmail.com>
Date: Wed, Feb 1, 2017 at 11:28 AM
Subject: Buffer Overflows and OOBs in icotool
To: frank.richter@gmail.com, oskar@osk.mine.nu
Please see attached reports.
Changed Bug title to 'icoutils: CVE-2017-6010' from 'Fwd: Buffer Overflows and OOBs in icotool'.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Thu, 16 Feb 2017 20:06:04 GMT) (full text, mbox, link).
Marked as found in versions icoutils/0.31.1-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Thu, 16 Feb 2017 20:06:07 GMT) (full text, mbox, link).
Changed Bug title to 'icoutils: CVE-2017-6010 CVE-2017-6011' from 'icoutils: CVE-2017-6010'.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Thu, 16 Feb 2017 20:09:02 GMT) (full text, mbox, link).
Added tag(s) upstream and security.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Thu, 16 Feb 2017 20:12:05 GMT) (full text, mbox, link).
Severity set to 'grave' from 'normal'
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Thu, 16 Feb 2017 20:12:09 GMT) (full text, mbox, link).
Reply sent
to Colin Watson <cjwatson@debian.org>:
You have taken responsibility.
(Tue, 07 Mar 2017 22:36:09 GMT) (full text, mbox, link).
Notification sent
to "op7ic \\x00" <op7ica@gmail.com>:
Bug acknowledged by developer.
(Tue, 07 Mar 2017 22:36:09 GMT) (full text, mbox, link).
Source: icoutils
Source-Version: 0.31.2-1
We believe that the bug you reported is fixed in the latest version of
icoutils, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 854054@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated icoutils package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 07 Mar 2017 22:18:53 +0000
Source: icoutils
Binary: icoutils
Architecture: source
Version: 0.31.2-1
Distribution: unstable
Urgency: high
Maintainer: Colin Watson <cjwatson@debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description:
icoutils - Create and extract MS Windows icons and cursors
Closes: 854050854054
Changes:
icoutils (0.31.2-1) unstable; urgency=high
.
* New upstream release.
- CVE-2017-6009, CVE-2017-6010, CVE-2017-6011: Various security fixes
from Martin Gieseking, issues found by Jerzy Kramarz (closes: #854050,
#854054).
Checksums-Sha1:
e0f88ce4c7d1ca5ab5885e052f397e249657cc81 1952 icoutils_0.31.2-1.dsc
49391e2187ea9850893e042b69444e6b4cc5f9aa 573585 icoutils_0.31.2.orig.tar.bz2
7b24e823b3cdbd6696ea3dd4a2fab01d2fa9aa09 4820 icoutils_0.31.2-1.debian.tar.xz
7d96f57070eea28e970a27f74acd2714ed445269 4990 icoutils_0.31.2-1_source.buildinfo
Checksums-Sha256:
4d88ff0e735f860393c949b4087edd247e7e1eabd16702869f48baf7fdacde76 1952 icoutils_0.31.2-1.dsc
14155eb22e7531ed449a822a3e94df511a36b75273fcece75a37794ed3e34be0 573585 icoutils_0.31.2.orig.tar.bz2
c2030c0e4a69d761a2230c2fea47983963b3207a440630f75ecfa1e0cef37980 4820 icoutils_0.31.2-1.debian.tar.xz
23abc7be485f9a9c474fe4ae467f028b886a73b6b0d05f5fa1ffb19ce47eb63b 4990 icoutils_0.31.2-1_source.buildinfo
Files:
f08e6dfe37106912540d187f606aab6c 1952 graphics optional icoutils_0.31.2-1.dsc
adf40f06b43c64b9ffcf2ead6ef3db17 573585 graphics optional icoutils_0.31.2.orig.tar.bz2
4c0c730762a42c003ecef9477358642d 4820 graphics optional icoutils_0.31.2-1.debian.tar.xz
ec493418e958a400e212a3e5477b6528 4990 graphics optional icoutils_0.31.2-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer
iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAli/Mg8ACgkQOTWH2X2G
UAva0Q/8D82uHV2gG3Gs7xe3L1zhY74DHoXNdDaIJjzKMeYGEWz/S2ruwLkvnKHC
USH/Zl9RnMSd6ZdKXepUWg5tV4yblVBwisnWjVWmQAQVBpWTYSh+lRgdcuZXrSww
Rca9HAa+q/PXGaYzZ8TXvuYUGR+WqV8JbmWXcPb7ix3ud/wjd0EsnGXDC201vx7e
ZZ+OZIxOBWWjtD47llVzUvDFNL+0Wjn3wmCtxVvQ921ACEq0eOE83JxgZjBjivB/
pOVSJo6bS/Nl99Svn2dG301qlhAMrem3GYMgdst1vsgYsfr4lWNNnJSogLszO/F8
sYXoOsNGQGOw+5QQfDGWIFoM/u7DMoO0T+fzCabMhuHQE8+pfpcG0SptmvdFdywI
t/QoPvC06HMBRypUcH+kG4aNMfwoX68CG0AIDLRQDhIN40AXM72w7XuxCC4RT3uu
oa433ecoL1yynHj3n+4NGWPwIlEmfNodKQ/bWrUwC5dfUmrm4cQGCDAU36KRueqF
T4jOixkQjJlxd98kZLUPFO1MjFQjfW3L9L4+IWU5U/llCZ35P/U2e6D1fCnIUBTR
d3EXw16lim0tFbBfdrskkcAfNtiUxUw3KvGbCfEqOBWzuT1/IFIK4jQhC5NzDohP
THw7PiP6Sxb5NfcVO+4wMcvqXvOFwz8Ek0/AzQhVFDvnJyd5DaA=
=9Ds8
-----END PGP SIGNATURE-----
Marked as fixed in versions 0.31.0-2+deb8u3.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Sun, 12 Mar 2017 17:36:03 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 10 Apr 2017 07:26:33 GMT) (full text, mbox, link).
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.