Bug#1023427: marked as done (pixman: CVE-2022-44638)
Your message dated Sat, 19 Nov 2022 18:17:08 +0000
with message-id <E1owSOq-005BfC-3X@fasolo.debian.org>
and subject line Bug#1023427: fixed in pixman 0.40.0-1.1~deb11u1
has caused the Debian Bug report #1023427,
regarding pixman: CVE-2022-44638
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
1023427: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023427
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Source: pixman
Version: 0.40.0-1
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://gitlab.freedesktop.org/pixman/pixman/-/issues/63
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Hi,
The following vulnerability was published for pixman.
CVE-2022-44638[0]:
| In libpixman in Pixman before 0.42.2, there is an out-of-bounds write
| (aka heap-based buffer overflow) in rasterize_edges_8 due to an
| integer overflow in pixman_sample_floor_y.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-44638
https://www.cve.org/CVERecord?id=CVE-2022-44638
[1] https://gitlab.freedesktop.org/pixman/pixman/-/issues/63
[2] https://gitlab.freedesktop.org/pixman/pixman/-/commit/a1f88e842e0216a5b4df1ab023caebe33c101395
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: pixman
Source-Version: 0.40.0-1.1~deb11u1
Done: Salvatore Bonaccorso <carnil@debian.org>
We believe that the bug you reported is fixed in the latest version of
pixman, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1023427@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated pixman package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 08 Nov 2022 23:11:38 +0100
Source: pixman
Architecture: source
Version: 0.40.0-1.1~deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 1023427
Changes:
pixman (0.40.0-1.1~deb11u1) bullseye-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Rebuild for bullseye-security.
.
pixman (0.40.0-1.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Avoid integer overflow leading to out-of-bounds write (CVE-2022-44638)
(Closes: #1023427)
Checksums-Sha1:
572749f56d7840232818b8a0e1b7048620f86047 2216 pixman_0.40.0-1.1~deb11u1.dsc
d7baa6377b6f48e29db011c669788bb1268d08ad 913976 pixman_0.40.0.orig.tar.gz
7d56f75acf14486cbf351e8b4c08333ce8baf38c 320106 pixman_0.40.0-1.1~deb11u1.diff.gz
ac8916b66df58f30bb654044c7d36eb6c7b7f83d 7263 pixman_0.40.0-1.1~deb11u1_amd64.buildinfo
Checksums-Sha256:
f7a628fbfcb5dae5178daab6e0225be55dbf6ffd8efa60429d1d3dd59584d334 2216 pixman_0.40.0-1.1~deb11u1.dsc
6d200dec3740d9ec4ec8d1180e25779c00bc749f94278c8b9021f5534db223fc 913976 pixman_0.40.0.orig.tar.gz
11dad4be11db34aab221a324b78a5f7a88ac96596f5ac39d4fe3b634325b00b7 320106 pixman_0.40.0-1.1~deb11u1.diff.gz
928f99e55e77417431d734a12deb33f669868ff2bd3c5d29b1d06f394a4b325f 7263 pixman_0.40.0-1.1~deb11u1_amd64.buildinfo
Files:
662ec6cf34d02e5db10546d4e01683a1 2216 devel optional pixman_0.40.0-1.1~deb11u1.dsc
73858c0862dd9896fb5f62ae267084a4 913976 devel optional pixman_0.40.0.orig.tar.gz
0428ae45a422f0a6f13195f8d95bf886 320106 devel optional pixman_0.40.0-1.1~deb11u1.diff.gz
182ba22c63418db3c4b3ea818e30d603 7263 devel optional pixman_0.40.0-1.1~deb11u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmNq11tfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EVEcQAJBvDL6tey54L6/KdbNgeshqQiwfm76z
crfF99wxWcL13Qx3WbstblhC8TTb+0FIh/vuwOwgLAXYOpWMWrWpPv2bDFiFfcd2
hlpFG9Moz0ZgexRZHny6LgWfzjxKiKr3hQCWmVu36Ub3CTVH2RgzqfYt6oYVVdnu
njf0yW4i4EeUzcZdUAImNhbtY2+ZHJYzIE6JSusIYav8BNV9kOVur6Y7HDhSd1J4
yaGmL/qZkGSf41N0LyKycQ5kVRLEyNvc1/VudHd4yW2HjKNcwPPJ1DE2Nsv774YK
lb+ZDpAEkvw5B3TLU5KIY4csm0PdqUO31ig1Fc/NKAqqgJVmrRnhmvSSopTa9TsT
WOmM3u5YlsT6rZZYyzwmci1OL/ckL1oqjjjfWLwZPS/mz/mGxe1vQmVfgoj7t8nL
DeShGViJMINTwoXjHC6zXi4BEeEmeRgQ0gYeaews/7WKi4U2L6sYQxFySWE531D0
DMfh7+X6LynnYkrG0iX2REM5/P9/XjPu+YdI/uWPH3TespWzyk8Y/POKWBc/L/HW
cEs7SwK6Yb9gSKr6+dLIonDnFOQD8EvehScHMc7emDtdftjWqrngIjrt+z9e8Y8l
K6Rw+1nPQ6tKRfyoB8m3hxwqfUOz/V00bSlApPEAitwRKJyNAZo443ujAa3M8vJm
xCWjgdszuiPi
=uHOU
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: