Your message dated Sat, 24 Apr 2021 13:18:31 +0000 with message-id <E1laIB5-0009nz-G9@fasolo.debian.org> and subject line Bug#972617: fixed in jhead 1:3.04-6 has caused the Debian Bug report #972617, regarding heap-buffer-overflow on jhead-3.04/jpgfile.c:285 ReadJpegSections to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 972617: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972617 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: heap-buffer-overflow on jhead-3.04/jpgfile.c:285 ReadJpegSections
- From: Fstark <f734222792@gmail.com>
- Date: Wed, 21 Oct 2020 18:13:22 +0800
- Message-id: <CAEFBov2wyke=QCx=maMGNr38q2+NBfC5Fp+H52uQEQFsK-xwqg@mail.gmail.com>
Attachment: poc (2)
Description: Binary data
--- End Message ---
--- Begin Message ---
- To: 972617-close@bugs.debian.org
- Subject: Bug#972617: fixed in jhead 1:3.04-6
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sat, 24 Apr 2021 13:18:31 +0000
- Message-id: <E1laIB5-0009nz-G9@fasolo.debian.org>
- Reply-to: Stephen Kitt <skitt@debian.org>
Source: jhead Source-Version: 1:3.04-6 Done: Stephen Kitt <skitt@debian.org> We believe that the bug you reported is fixed in the latest version of jhead, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 972617@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Stephen Kitt <skitt@debian.org> (supplier of updated jhead package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 24 Apr 2021 14:59:38 +0200 Source: jhead Architecture: source Version: 1:3.04-6 Distribution: unstable Urgency: medium Maintainer: Debian QA Group <packages@qa.debian.org> Changed-By: Stephen Kitt <skitt@debian.org> Closes: 968999 972617 986923 Changes: jhead (1:3.04-6) unstable; urgency=medium . * QA upload (Salzburg BSP). * CVE-2021-3496: check access boundaries in ProcessCanonMakerNoteDir(). Closes: #986923. * Check IPTC lengths. Closes: #968999. * Allocate extra room when reading JPEG sections to avoid overflows. Closes: #972617. Checksums-Sha1: 0ae3d7282a6f16af02cd3b8cd09f020bdfd1d6cb 1795 jhead_3.04-6.dsc 106826aa215ee31a20106276ed2d8ee2710e772a 8228 jhead_3.04-6.debian.tar.xz ceb4569096b7c3693d793974ccf2b18f68a906be 5924 jhead_3.04-6_source.buildinfo Checksums-Sha256: 3d786d1e0d28c01d0f4150760da133c3edf22b898c36d65e3cf5e3911350d2a0 1795 jhead_3.04-6.dsc 5d7a3616bdcff435a94e5c38f96773390a3cbcca2ce092dcfe401fb8e08776fd 8228 jhead_3.04-6.debian.tar.xz a0c7d766d46cab476926d6b386e854ecd2bd0155de0a6584ce548697b21a3eaf 5924 jhead_3.04-6_source.buildinfo Files: 4dcb30a76ae37f0e84bf54260ef6f4fb 1795 graphics optional jhead_3.04-6.dsc 1a2a449376706030f3e0cac8705a3fb5 8228 graphics optional jhead_3.04-6.debian.tar.xz 3d3ac49429bf3ac85143c773ded4c0ac 5924 graphics optional jhead_3.04-6_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEnPVX/hPLkMoq7x0ggNMC9Yhtg5wFAmCEFk8ACgkQgNMC9Yht g5w8wRAAjraN5QuHOnynFQA+579WIGCAX7KuI17ziwZh6PwiVwVTQMu6st5JXAA2 BSe+Capu5ko4nH/Hh0I7qjbLoHPUUDODaldxBhM1GuYjluqnPNwNGWpSc0iKGMgr kKc/LkCHjvXSG7POH2xcdqJsPXJC8jkNmMiT6+FVqLFj1yGpfyv3v8alHkL/S5cj fJqe0eS+4RAEF455oowtyImPr27INevG33Ea8C/2+aDH7dHE696CTsR7vw/o4Bmd cdG3vwwa/8jSjNvSVAl1TK7LbpNx6ITClUUZZRK15UuYsojxQvd8FBAWp6fmG35V mX986Z/tOIqhXDY0hf0vHSwWJOsPmM2rRgeH3p2mzw0KLt1PU5AcWN6lny2UwNRr N9eWlOWkZwp5qU5vmztbC8pf06P6KfA539C5x6vOpYBvLRsWQTMoOoV/WToWu4l3 lY1qbRQbscckqzMXUJwmnn/SGtlfsugOxBkRhqWJFbrXLjeh5ql1Rp1Cff5y+N3k 6NSmAbAqTu50Wo1koJrxjMhLlv4H0WYCgcfAcX5DiqaWdiS+zbv2YeAXt0YnxWOt QihN2VwvzB+eBMFd6OiSE7fvBk5JTq9CycTpBlwCA4Dk7UkQOMaiKC4/61aWelnh JJhFGhMK5x0PmzgR/N7uOcjFUz2NO9qNWEQlz9xNUSbDcg7Dex4= =/Q+3 -----END PGP SIGNATURE-----
--- End Message ---