Your message dated Thu, 15 Mar 2018 00:49:12 +0000 with message-id <e1ewh4y-000h6j...@fasolo.debian.org> and subject line Bug#892599: fixed in afflib 3.7.16-3 has caused the Debian Bug report #892599, regarding afflib: CVE-2018-8050 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 892599: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892599 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: afflib Version: 3.7.5-1 Severity: important Tags: patch security upstream Hi, the following vulnerability was published for afflib. CVE-2018-8050[0]: | The af_get_page() function in lib/afflib_pages.cpp in AFFLIB (aka | AFFLIBv3) through 3.7.16 allows remote attackers to cause a denial of | service (segmentation fault) via a corrupt AFF image that triggers an | unexpected pagesize value. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-8050 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8050 [1] https://github.com/sshock/AFFLIBv3/commit/435a2ca802358a3debb6d164d2c33049131df81c Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: afflib Source-Version: 3.7.16-3 We believe that the bug you reported is fixed in the latest version of afflib, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 892...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Raphaël Hertzog <hert...@debian.org> (supplier of updated afflib package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 15 Mar 2018 01:13:49 +0100 Source: afflib Binary: libafflib0v5 libafflib-dev afflib-tools Architecture: source Version: 3.7.16-3 Distribution: unstable Urgency: medium Maintainer: Debian Security Tools <team+pkg-secur...@tracker.debian.org> Changed-By: Raphaël Hertzog <hert...@debian.org> Description: afflib-tools - Advanced Forensics Format Library (utilities) libafflib-dev - Advanced Forensics Format Library (development files) libafflib0v5 - Advanced Forensics Format Library Closes: 892599 Changes: afflib (3.7.16-3) unstable; urgency=medium . * Team upload. * Update team maintainer address to Debian Security Tools <team+pkg-secur...@tracker.debian.org> * Update Vcs-Git and Vcs-Browser for the move to salsa.debian.org * Fix CVE-2018-8050: DoS via a corrupt AFF image (Closes: #892599) * Switch debhelper compat to 11. * Drop dh-autoreconf build dependency (implicit via debhelper). * Bump Standards-Version to 4.1.3. * Update symbols file. Checksums-Sha1: 736b981fe74b289fada8c4075ef7f99a5e6431bc 1825 afflib_3.7.16-3.dsc 44d050441bdfd442ca120ac6ae52013c3748e52a 25904 afflib_3.7.16-3.debian.tar.xz 253452774c11bc9fec37e044cfc6f2a2c563aaa1 5544 afflib_3.7.16-3_source.buildinfo Checksums-Sha256: 97bcd4694c5d570f3272321e594e8bbcc9f7f97d11d01ac050e7d7e0d1d008a8 1825 afflib_3.7.16-3.dsc f8456715331aa2c913e2293dda867a46a28aaf581da49dfec87b89e485591a66 25904 afflib_3.7.16-3.debian.tar.xz f79a9ac42581b937f8fa8c4dd23d968ebdc1601d60f3b58d7fcc2b52c8412bd4 5544 afflib_3.7.16-3_source.buildinfo Files: ea4bacbced7eb4ec31587a3476d0215e 1825 libs optional afflib_3.7.16-3.dsc 9a275142793da42641a477a20ebcb2a0 25904 libs optional afflib_3.7.16-3.debian.tar.xz a64e967846bd4d1f80e2ae6e4f5aa1ee 5544 libs optional afflib_3.7.16-3_source.buildinfo -----BEGIN PGP SIGNATURE----- Comment: Signed by Raphael Hertzog iQEzBAEBCgAdFiEE1823g1EQnhJ1LsbSA4gdq+vCmrkFAlqpv6UACgkQA4gdq+vC mrnApQgAifjFJL7CRuJmAt0kh5mGTc1RdW2aiVRQOutvZsWdB0jOPHQpv/L/AYB4 M2MUupl5rLuC6Ek/xdVqiDMjm3NuAKxNk2BecaL6YkHxANZEczOSTuxvYBd8nT7b foJH49eh6YvF8tYbTRtDgX151gL5uCl/iWDwv68ayavvAEMgZuY6b+BuF8nPqf+8 I4haYIDApnN1IDEvSHPxwdM0Sd3JdritIVlx6rXTZKma6H3wE30Y/g/yYa2cfluD gOpw4dy1keXNKZQH13GMrHpUGqFl1T4zCksAR+SmNnoFRqxKYJ8So0Kq7EfEunBc dcqJUM4LGGC6kMa59TlNRU2tNGsVSg== =diU9 -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
