Your message dated Tue, 27 Mar 2018 22:23:35 +0000 with message-id <e1f0x0b-0001we...@fasolo.debian.org> and subject line Bug#893431: fixed in libevt 20180317-1 has caused the Debian Bug report #893431, regarding libevt: CVE-2018-8754 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 893431: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893431 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libevt Version: 20170120-1 Severity: important Tags: patch security upstream Hi, the following vulnerability was published for libevt. CVE-2018-8754[0]: | The libevt_record_values_read_event() function in | libevt_record_values.c in libevt before 2018-03-17 does not properly | check for out-of-bounds values of user SID data size, strings size, or | data size. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-8754 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8754 [1] https://github.com/libyal/libevt/commit/444ca3ce7853538c577e0ec3f6146d2d65780734 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libevt Source-Version: 20180317-1 We believe that the bug you reported is fixed in the latest version of libevt, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 893...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hilko Bengen <ben...@debian.org> (supplier of updated libevt package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 27 Mar 2018 20:57:24 +0200 Source: libevt Binary: libevt-dev libevt1 libevt-utils python-libevt python3-libevt Architecture: source Version: 20180317-1 Distribution: unstable Urgency: medium Maintainer: Debian Security Tools <team+pkg-secur...@tracker.debian.org> Changed-By: Hilko Bengen <ben...@debian.org> Description: libevt-dev - Windows Event Log (EVT) format access library -- development file libevt-utils - Windows Event Log (EVT) format access library -- Utilities libevt1 - Windows Event Log (EVT) format access library python-libevt - Windows Event Log (EVT) format access library -- Python 2 binding python3-libevt - Windows Event Log (EVT) format access library -- Python 3 binding Closes: 893431 Changes: libevt (20180317-1) unstable; urgency=medium . [ Raphaƫl Hertzog ] * Update team maintainer address to Debian Security Tools <team+pkg-secur...@tracker.debian.org> * Update Vcs-Git and Vcs-Browser for the move to salsa.debian.org . [ Hilko Bengen ] * New upstream version 20180317 - Includes fix for CVE-2018-8754 (Closes: #893431) * Update .symbols Checksums-Sha1: ab43dad946fd85b70c0d435cb8971c74ece551a9 2195 libevt_20180317-1.dsc b5611c8438a00ee735c97928ef2493c764df50c2 1862295 libevt_20180317.orig.tar.gz a52b244604c70a8689ef47129d99da63ca252d91 3072 libevt_20180317-1.debian.tar.xz 577875bae77294eca924a033e74ce8c0802d3dbc 7072 libevt_20180317-1_source.buildinfo Checksums-Sha256: 624ebb4c4b084e5f4c4d068837372909f36d7636b1da7b8ea1c21f8b3d01360d 2195 libevt_20180317-1.dsc c9a6e4fee80e1a30d27d98f1590e82e470c1f999c679aa5b6c55e40e24da9f91 1862295 libevt_20180317.orig.tar.gz c95966f59ff763f9c4a78598952573e0d3638881484d5f94d4f8af4d66efc1e3 3072 libevt_20180317-1.debian.tar.xz b2a8b006c62527f570e47e2759aa8a2552b642aada8f64ed0687364e8581a15a 7072 libevt_20180317-1_source.buildinfo Files: 3eeb53d228570c11ac3e5dccb377b079 2195 libs optional libevt_20180317-1.dsc 457ffb9014c7358202ba18399c6b402e 1862295 libs optional libevt_20180317.orig.tar.gz 53686160acf6656d774a435cec80ede5 3072 libs optional libevt_20180317-1.debian.tar.xz eaad5546c4bc521ff2103ed127f2717a 7072 libs optional libevt_20180317-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEErnMQVUQqHZbPTUx4dbcQY1whOn4FAlq6lcMACgkQdbcQY1wh On4H3g/+PeEbfU0GJV2alNbKB+NvXEx261CI9nyNBVeY09fLPfzu0Z0XhMOglUJF 66RFZg+JD8mnouj0yu9qIINBpjlox2E0LCAGm1/cyhbd4pekkSCZABMsd3aFn37w pxnxiBd8u8eu2yu5LdSsrJwwUla9vPtleVx2ERu0I3X6DV5fVtSsCgn5nSkJl70e iwbPSV4Z6VeptynCy9pamsygtXJAqemOLkll9BUECkXr97Qvs0qh4DIvZ1YT2UXa 0Xo0Url66Z+XXECZzyAnGGo9/piIZN6pbwz4psI9BWd84M/sOhJO7UNNx5DlbdaU KgSTktQId6e7lx8OlIDl+hPgk246p6jUPPEZqUk8wXcr0/4CtumLcgftPxPHhHU0 ZMENAkCoRbdSlgOYD59EnQuj+zbZLTiixB4InONxA9L4iHyu8Fe8Id7qD+x0YpeY YrT1fQU5amqeEkO7sAxyIDbPu0Bnki+C1SdnSd8FiUFrHwTqdqgb8ltcNwZb8RtM f9+bCZ6h22lbNEdNUAdXXr1o6KDxetCmF7PPzeyndHQ36daY/yndoctRcupWOmcd wavmXL7W5Q9lvLq9/eVV86KtIeTw7tlXZT4/MdR2snGM1hNNXs2VDCZ1ch/Bv6dm eJXdf9/EvSyDiiQ2b726RmvcZrhC9J8BfZ7pC34mN7ZP9e2a5t4= =2N9I -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
