Your message dated Tue, 19 Sep 2017 00:05:25 +0000 with message-id <e1du62x-000dvt...@fasolo.debian.org> and subject line Bug#873726: fixed in sleuthkit 4.4.2-2 has caused the Debian Bug report #873726, regarding sleuthkit: CVE-2017-13755 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 873726: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873726 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: sleuthkit Version: 4.4.2-1 Severity: important Tags: security upstream Forwarded: https://github.com/sleuthkit/sleuthkit/issues/913 Hi, the following vulnerability was published for sleuthkit. CVE-2017-13755[0]: | In The Sleuth Kit (TSK) 4.4.2, opening a crafted ISO 9660 image | triggers an out-of-bounds read in iso9660_proc_dir() in | tsk/fs/iso9660_dent.c in libtskfs.a, as demonstrated by fls. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-13755 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13755 [1] https://github.com/sleuthkit/sleuthkit/issues/913 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: sleuthkit Source-Version: 4.4.2-2 We believe that the bug you reported is fixed in the latest version of sleuthkit, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 873...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Joao Eriberto Mota Filho <eribe...@debian.org> (supplier of updated sleuthkit package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 18 Sep 2017 19:46:37 -0300 Source: sleuthkit Binary: sleuthkit libtsk13 libtsk-dev Architecture: source Version: 4.4.2-2 Distribution: experimental Urgency: medium Maintainer: Debian Forensics <forensics-devel@lists.alioth.debian.org> Changed-By: Joao Eriberto Mota Filho <eribe...@debian.org> Description: libtsk-dev - library for forensics analysis (development files) libtsk13 - library for forensics analysis on volume and filesystem data sleuthkit - tools for forensics analysis on volume and filesystem data Closes: 873724 873725 873726 Changes: sleuthkit (4.4.2-2) experimental; urgency=medium . * Added new patches to solve CVE's: - 70_fix-CVE-2017-13760.patch, for CVE-2017-13760. (Closes: #873724) - 80_fix-CVE-2017-13756.patch, for CVE-2017-13756. (Closes: #873725) - 90_fix-CVE-2017-13755.patch, for CVE-2017-13755. (Closes: #873726) Checksums-Sha1: a799ebe51f633f33f6a2aa7dd4bb93d4d00a8f0c 2108 sleuthkit_4.4.2-2.dsc 5e1da7ead409dbd922b316dbfb04aa12f2675228 37100 sleuthkit_4.4.2-2.debian.tar.xz 6c3d6d61a50865e2bd328279e0200948e1bf6288 5918 sleuthkit_4.4.2-2_source.buildinfo Checksums-Sha256: 67af112f79ee8579455c198794ef467b857d4e0d1696d6fd5e387de5ba03bdc9 2108 sleuthkit_4.4.2-2.dsc ab92446dcc40dbc20a4e7ef0cf9f015f5ca320f13f9228ea9e030f308c1638a5 37100 sleuthkit_4.4.2-2.debian.tar.xz c8cc8a9e311cd980d59e0b1ac2d9142d6ce53ff6c6888eae6cfdd0607597cee8 5918 sleuthkit_4.4.2-2_source.buildinfo Files: f9ee6abaaefcefb6f24758fcf5cec9c4 2108 admin optional sleuthkit_4.4.2-2.dsc 96a1d214f8ff7b28dede840464143e6e 37100 admin optional sleuthkit_4.4.2-2.debian.tar.xz 0c5d454ab3da088c313bbfd6778cd604 5918 admin optional sleuthkit_4.4.2-2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEENX3LDuyVoBrrofDS3mO5xwTr6e8FAlnAWRUACgkQ3mO5xwTr 6e9xYA//XqfpZWHNrox27VaM//HRnsfgVvoD6fi/cwLkRQxhJOvAALUQOSa2ImRP uiejXxHRXx57900o2/K4ZfC0tLQ0vU0LWEuAkw3DIFLOkCUhA31BBSWyCFmUzdHa qMEMtOVcgdMBjL34HBLQo8I1AhJMvi+kji7sDRbH401k4hdl1orZKljYhWkc24kB OyyXgdkrK7RIkppmxzvBRiXzR+X4595uQJ0f4Hoh2DyS1rvEf70aWj36LgWIbrYF X+lvYpiDAXEDKRdg7R20334VY5ibUXko9BdXwlIT+1ugTZC4WmhiYI5kJwXeF7kB sRVryiJzx9vw6svV2n0Wm5iXGDYClGYY1jVGfBZlXnxF0OpZcVsVnvOYaGwd5iKD k0E/m8ZRu9OEUtiJ0ZhgmcOrTAaC3Jq/JRScYrHDOCfLRwl86yVIAoveZYV2eD3i T9oqVhBAf8bbMIgdoShHpmGChYNGoaP1hiqg7HtjjyB1983v9u1ZaAs6wTncpRDB 0whKf0HH0bB6EkeUsjxIU3MJYIMJIDdM4tYNzADT/fsUgTYNAOOmDWHkm8cfeaqR JChn+F4msZD9/TdHcKeQfM3vJtgjuG7SV5VOiRS59HFhwvdsPg6iHDO+NCgm3h0X 7v/KViAqnt2HDDCg22gPfIhTE2wGPYD/PIRXpAZ++LA4BBQa1DA= =hW10 -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
