Your message dated Wed, 18 Feb 2015 21:20:16 +0000
with message-id <e1yoc2a-0002t9...@franck.debian.org>
and subject line Bug#768945: fixed in busybox 1:1.22.0-9+deb8u1
has caused the Debian Bug report #768945,
regarding busybox lzo implementation suffers from CVE-2014-4607 flaw
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
768945: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768945
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: busybox
Version: 1:1.22.0-5
Severity: serious
Tags: security patch upstream fixed-upstream
Busybox embeds mini-lzo library implementation which suffers
from CVE-2014-4607 -- integer overflow with memory corruption
potential and a risk of (remote) code execution, see
http://www.openwall.com/lists/oss-security/2014/06/26/20 for
details.
This flaw has been fixed in busybox upstream in commit
a9dc7c2f59dc5e92870d2d46316ea5c1f14740e3.
/mjt
--- End Message ---
--- Begin Message ---
Source: busybox
Source-Version: 1:1.22.0-9+deb8u1
We believe that the bug you reported is fixed in the latest version of
busybox, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 768...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mehdi Dogguy <me...@debian.org> (supplier of updated busybox package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 17 Feb 2015 18:29:33 +0100
Source: busybox
Binary: busybox busybox-static busybox-udeb busybox-syslogd udhcpc udhcpd
Architecture: source amd64 all
Version: 1:1.22.0-9+deb8u1
Distribution: jessie
Urgency: medium
Maintainer: Debian Install System Team <debian-boot@lists.debian.org>
Changed-By: Mehdi Dogguy <me...@debian.org>
Description:
busybox - Tiny utilities for small and embedded systems
busybox-static - Standalone rescue shell with tons of builtin utilities
busybox-syslogd - Provides syslogd and klogd using busybox
busybox-udeb - Tiny utilities for the debian-installer (udeb)
udhcpc - Provides the busybox DHCP client implementation
udhcpd - Provides the busybox DHCP server implementation
Closes: 768945
Changes:
busybox (1:1.22.0-9+deb8u1) jessie; urgency=medium
.
* Non-maintainer upload.
* lzop-add-overflow-check-CVE-2014-4607.patch (Closes: #768945)
Checksums-Sha1:
90923b14cd66e29dde458de8c9e045ffbd92f81a 2225 busybox_1.22.0-9+deb8u1.dsc
5b2a9a78153649e2de916b593a346781260e81a5 55332
busybox_1.22.0-9+deb8u1.debian.tar.xz
6179308501e9b63868ee9b3180aca6ed225d6739 391274
busybox_1.22.0-9+deb8u1_amd64.deb
b46db401c9735e0717f68c7e35c0e5b8284211d0 840630
busybox-static_1.22.0-9+deb8u1_amd64.deb
016f8ff3d25b4beb6f980fe00157a9f4aa1b4164 175090
busybox-udeb_1.22.0-9+deb8u1_amd64.udeb
0831ffaec31bbb4b5f2dd6cc8920ad97877c1ea9 23382
busybox-syslogd_1.22.0-9+deb8u1_all.deb
ea00f633101df4283e0b85c0368f91b3a8a2b0ae 21478 udhcpc_1.22.0-9+deb8u1_amd64.deb
257f1f2f0415e1cd8081a8a9f13d6f45ada9b046 24242 udhcpd_1.22.0-9+deb8u1_amd64.deb
Checksums-Sha256:
8499da25792de43f8a25a10ce4fa5ef4e08654a6d54089840f66d1d172f9afa3 2225
busybox_1.22.0-9+deb8u1.dsc
fbf24cd6d7b51003dbe06b897286feaccc94850a135a45e65ecdcb7a095974ef 55332
busybox_1.22.0-9+deb8u1.debian.tar.xz
0bd42544ed2a92c4d298431364de4c22ffa1db2517b8f8dc539f74a385956a99 391274
busybox_1.22.0-9+deb8u1_amd64.deb
83d809a22d765e52390c0bc352fe30e9d1ac7c82fd509e0d779d8289bfc8a53d 840630
busybox-static_1.22.0-9+deb8u1_amd64.deb
8fc4ecc2955d128106aedf8c4b64414636c840c7c384db139946eb649cb150db 175090
busybox-udeb_1.22.0-9+deb8u1_amd64.udeb
99a99d4241297fe97e8e97433bc965e729b95526f3ea8ee0f38512fa627d90e3 23382
busybox-syslogd_1.22.0-9+deb8u1_all.deb
ce05c5cd4179c1e36fd33592932cba006b0db3d2f906f295f89c92116b2d9cb0 21478
udhcpc_1.22.0-9+deb8u1_amd64.deb
94e38d4d084dc0b951e0fcb5f7b6b51752dd38182748d4c382409dce171ff2f7 24242
udhcpd_1.22.0-9+deb8u1_amd64.deb
Files:
6053856ca2acfae9d17f5aecb7a5dc9b 2225 utils optional
busybox_1.22.0-9+deb8u1.dsc
564888c8f8be761049247c88a4cad294 55332 utils optional
busybox_1.22.0-9+deb8u1.debian.tar.xz
7cadb8ed0c8219b147bc41f9f6cc5e00 391274 utils optional
busybox_1.22.0-9+deb8u1_amd64.deb
276477baa2cf3671287c52834d838458 840630 shells extra
busybox-static_1.22.0-9+deb8u1_amd64.deb
fb6b1d25ae1fa5d64e8ed1b10950999d 175090 debian-installer extra
busybox-udeb_1.22.0-9+deb8u1_amd64.udeb
b0b9b2888bc4609888d0db3f5be3a67d 23382 utils optional
busybox-syslogd_1.22.0-9+deb8u1_all.deb
29d12ad4bfb1b175ff50fcd5e19d22f3 21478 net optional
udhcpc_1.22.0-9+deb8u1_amd64.deb
0a809982a286d002cb73d3d33beba58d 24242 net optional
udhcpd_1.22.0-9+deb8u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJU5QAEAAoJEDO+GgqMLtj/KjYQAIHcGDEYPkbXG7YpLTg6rcAx
TPc8HE9AQ4qoKUzxCs4VOvB9IDB88zUbXGnOZPXCOJ4TTnmFz7mKIOMQw0COxk5E
GyO1rtdb8nnXpd6/iLhaiqSbNsUhy55hopwBRyqErZwFuh8HllGrLi5qr1dB/3Sm
96baeiiDgbaSplyzERrhdZWVzSE4q7JDTGbRrBbKyhqFItlVxumQkuj2yws5KrGT
T4rO1kMcZUBqicYUKZ/2hYH8HpsNZ0NPlc8HkhDfuou42qClcqAN7FmBWsG542P3
HORs1dDRTQg8uSaQUnRGzAkatwUOdnOjRf7BUKU4qwo2qjebEZ5eyJZEiv1bhdnc
4z6QwO0DM2YOIWKvjJHaXwTXRUyrHmlj82pon38iddh8OD7AUsRsb+JidtYu5upI
3crJep9sAypS3ZYcK7STpXFP5uAiQ3XMhA0uJVBWOsQEC41y0Ylnx5lkxOMJAmIQ
m7IBf8ZHxGtOQZ+KXCBqgUhuKGmGXHMIAPBYk2Ap2f4vdwyiUnAJGnfEQxgJ+jfb
HuJLqx4QUJYn0YaQp/k2mo55h2K4mh7tckOxKl7EKRmCjgraHFyF4qAKvyD9feEC
EoBjNmjLjeW1fH01XM3SzLiQZuajgG32hRGErDDz8LSFMMkGxAJESSa21fnoinON
CkyFJ0x3DYT+ZMd54gHA
=UBGk
-----END PGP SIGNATURE-----
--- End Message ---