[Pkg-phototools-devel] Bug#854978: closed by Debian FTP Masters <ftpmaster at ftp-master.debian.org> (reply to Andreas Tille <tille at debian.org>) (Bug#854978: fixed in netpbm-free 2:10.97.00-1)
Salvatore Bonaccorso
carnil at debian.org
Sun Mar 13 20:33:01 GMT 2022
Hi Andreas,
On Sun, Mar 13, 2022 at 09:07:20PM +0100, Salvatore Bonaccorso wrote:
> Hi Andreas,
>
> On Sun, Mar 13, 2022 at 10:24:16AM +0000, Debian Bug Tracking System wrote:
> > netpbm-free (2:10.97.00-1) unstable; urgency=medium
> > .
> > * Team upload.
> > * New upstream version
> > - Closes: #977007, #386388, #847241
> > CVE-2017-2579, CVE-2017-2580 and CVE-2017-2581 before 10.61 thus
> > - Closes: #854978
>
> The before 10.61 is just because of the CVE description right? Note we
> cannot rely on the CVE description, because they might reflect a
> specific writing up in time and other aspects.
>
> Do we have an upstream revision indicating that those issues are
> really fixed?
For example, CVE-2017-2581 is probably
https://sourceforge.net/p/netpbm/code/2989/ ? (which would only be in
10.78.05). So one really needs to be careful with description
information and verify if those are true. If following the SuSE triage
then *possibly* for two issues the fix is revision 2821 upstream,
while for CVE-2017-2581 it would be the above.
Thanks for looking into the update!
Regards,
Salvatore
More information about the Pkg-phototools-devel
mailing list