-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Tue, 3 Feb 2009 22:06:49 +0000 Source: devil Binary: libdevil1c2 libdevil-dev Architecture: source i386 Version: 1.6.7-5+etch1 Distribution: stable-security Urgency: high Maintainer: Marcelo E. Magallon <mmagallo@debian.org> Changed-By: Steffen Joeris <white@debian.org> Description: libdevil-dev - Cross-platform image loading and manipulation toolkit libdevil1c2 - DevIL image manipulation toolkit runtime support Closes: 511844 512122 Changes: devil (1.6.7-5+etch1) stable-security; urgency=high . * Non-maintainer upload by the security team * Fix buffer overflows in the iGetHdrHeader() function that allow arbitrary code execution via a crafted Radiance RGBE file (Closes: #511844, #512122) Fixes: CVE-2008-5262 Files: 00a9a200619160d990ed2a2deeb4238d 784 devel optional devil_1.6.7-5+etch1.dsc 0d0c3842196d85c4e24bedabcd84f626 3013312 devel optional devil_1.6.7.orig.tar.gz 414a516d9fef38921dbd538d78adcac0 8379 devel optional devil_1.6.7-5+etch1.diff.gz 1f1bfc9efdd189ea5b430a50ca281cca 286098 devel optional libdevil-dev_1.6.7-5+etch1_i386.deb aca0fc8776489aba07f6a6a103fb52f9 252798 libs optional libdevil1c2_1.6.7-5+etch1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkmI7zQACgkQ62zWxYk/rQfV1gCeLmOSvrAJKvFHeFrGJiSFjn5T xLAAnR0sFQqDR77eA4CKkZZLYd2stHGE =x/2E -----END PGP SIGNATURE----- Accepted: devil_1.6.7-5+etch1.diff.gz to pool/main/d/devil/devil_1.6.7-5+etch1.diff.gz devil_1.6.7-5+etch1.dsc to pool/main/d/devil/devil_1.6.7-5+etch1.dsc libdevil-dev_1.6.7-5+etch1_i386.deb to pool/main/d/devil/libdevil-dev_1.6.7-5+etch1_i386.deb libdevil1c2_1.6.7-5+etch1_i386.deb to pool/main/d/devil/libdevil1c2_1.6.7-5+etch1_i386.deb
