Bug#778397: marked as done (Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability)

Debian Bug Tracking System Sun, 15 Feb 2015 07:37:17 -0800

Your message dated Sun, 15 Feb 2015 15:35:05 +0000
with message-id <[email protected]>
and subject line Bug#778397: fixed in librcsb-core-wrapper 1.005-3
has caused the Debian Bug report #778397,
regarding Henry Spencer regular expressions (regex) library contains a heap 
overflow vulnerability
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
778397: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778397
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: librcsb-core-wrapper
Severity: important
Tags: security patch

The security team received a report from the CERT Coordination Center that the 
Henry Spencer regular expressions (regex) library contains a heap overflow 
vulnerability. It looks like this package includes the affected code at that's 
the reason of this bug report.

The patch is available here:
http://gitweb.dragonflybsd.org/dragonfly.git/blobdiff/4d133046c59a851141519d03553a70e903b3eefc..2841837793bd095a82f477e9c370cfe6cfb3862c:/lib/libc/regex/regcomp.c

Please, can you confirm if the binary packages are affected? Are stable and 
testing affected?

More information, here:
http://www.kb.cert.org/vuls/id/695940
https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/

A CVE id has been requested already and the report will be updated with it 
eventually.

Cheers, luciano

--- End Message ---

--- Begin Message ---

Source: librcsb-core-wrapper
Source-Version: 1.005-3

We believe that the bug you reported is fixed in the latest version of
librcsb-core-wrapper, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Tille <[email protected]> (supplier of updated librcsb-core-wrapper 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 14 Feb 2015 17:56:49 +0100
Source: librcsb-core-wrapper
Binary: librcsb-core-wrapper0 librcsb-core-wrapper0-dev 
librcsb-core-wrapper-doc librcsb-core-wrapper0-dbg python-corepywrap 
python-corepywrap-dbg
Architecture: source amd64 all
Version: 1.005-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Med Packaging Team 
<[email protected]>
Changed-By: Andreas Tille <[email protected]>
Description:
 librcsb-core-wrapper-doc - documentation for librcsb-core-wrapper0
 librcsb-core-wrapper0 - C++ library providing OO API to information in mmCIF 
format
 librcsb-core-wrapper0-dbg - debugging symbols for librcsb-core-wrapper0
 librcsb-core-wrapper0-dev - development files for librcsb-core-wrapper0
 python-corepywrap - library that exports C++ mmCIF accessors to Python
 python-corepywrap-dbg - library that exports C++ mmCIF accessors to Python 
(debug version
Closes: 778397
Changes:
 librcsb-core-wrapper (1.005-3) unstable; urgency=medium
 .
   * Patch for Henry Spencer regular expressions (regex) library contains
     a heap overflow vulnerability
     Closes: #778397
Checksums-Sha1:
 5240f9038280d7b27b5ab461c11839944a314ac1 2630 librcsb-core-wrapper_1.005-3.dsc
 fc21a52f48e3fc766f2bf446a665396626acea1c 18976 
librcsb-core-wrapper_1.005-3.debian.tar.xz
 5ce5df339435a9ed444da5df44d13ef1b3db086e 301588 
librcsb-core-wrapper0_1.005-3_amd64.deb
 5f032d3326c08ef3f4c4d855e3abef11ba4c5e68 360108 
librcsb-core-wrapper0-dev_1.005-3_amd64.deb
 aeda98006fdf31ffef3e6632ca257ef01972980d 10028354 
librcsb-core-wrapper-doc_1.005-3_all.deb
 bd0ded7b3c3d39d45c496878bd9096bde17710f7 8072100 
librcsb-core-wrapper0-dbg_1.005-3_amd64.deb
 fb99dc1390f96d34fd6dcb5642425b80462cf6fd 204152 
python-corepywrap_1.005-3_amd64.deb
 64ec8ef1fff8c7bc0e07594661cf8b1e41bb1ee5 213360 
python-corepywrap-dbg_1.005-3_amd64.deb
Checksums-Sha256:
 0e8998a67b1884cd61029c82eac4c8bc3d2ea5a1d2313102dffd7790d45aa19e 2630 
librcsb-core-wrapper_1.005-3.dsc
 2a6fbd414be050df2f60f1978863b6316a06e84a9db365f35e7503463f6f3dd8 18976 
librcsb-core-wrapper_1.005-3.debian.tar.xz
 e51160053ffa9348d316e1a37620a64f37b94fa0c38f989715eda99f38d79586 301588 
librcsb-core-wrapper0_1.005-3_amd64.deb
 4e9e255923e1e652af84237434c7140f20ca65f291cc8cdca183dd72041af1cb 360108 
librcsb-core-wrapper0-dev_1.005-3_amd64.deb
 1168e38bffd9f4686bd87c44410a9a3577f498821b71ed565ef73746c53f8f97 10028354 
librcsb-core-wrapper-doc_1.005-3_all.deb
 440ee2308bfe2d8b1b5a32f786ffa968dae121463d449eda11c3ce578ee3e942 8072100 
librcsb-core-wrapper0-dbg_1.005-3_amd64.deb
 d63eea89c025011a0762f9bd1fe38d04e500cc4a558f66c8b863dc95bebd7821 204152 
python-corepywrap_1.005-3_amd64.deb
 aa2818f9161d3a7e1559625ecc7c44b645e046e93a10d11b4140b6d3e7f5d8ab 213360 
python-corepywrap-dbg_1.005-3_amd64.deb
Files:
 aed844750c8f459df03143cbb657c45b 2630 libs optional 
librcsb-core-wrapper_1.005-3.dsc
 89a0d01d98855e70bcab2ea98b6edd56 18976 libs optional 
librcsb-core-wrapper_1.005-3.debian.tar.xz
 85af7ef9fe031b8a0eb55a88938784be 301588 libs optional 
librcsb-core-wrapper0_1.005-3_amd64.deb
 8d238afb1ee2e334aaee6df7d89430db 360108 libdevel optional 
librcsb-core-wrapper0-dev_1.005-3_amd64.deb
 e3438bb86992ddd0317cc52197a73248 10028354 doc optional 
librcsb-core-wrapper-doc_1.005-3_all.deb
 6c889f894e9dd9bc11f14b90e03c1f25 8072100 debug extra 
librcsb-core-wrapper0-dbg_1.005-3_amd64.deb
 578d5371e5b9aa3ee41c29665f746d66 204152 python extra 
python-corepywrap_1.005-3_amd64.deb
 527da0559004c399c82f7cf87fc262fa 213360 debug extra 
python-corepywrap-dbg_1.005-3_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJU34T1AAoJEFeKBJTRxkbRwn8P/0b+EZuEpIycnYgkwgQ8OvEk
9+5O95ZwlyCiSWB/LWOaO5SO2bkwFDE14R6gIlW3NuMUnWfutYWXyFS2Fac1GRBc
L6/o4JGm07BYFirljczR3Ox9nP6jw7dtsSXxtFo5S4/xXs0Y2WHIpidnV8opP9PE
XWyvxiwcbXlL9XpyqdXRfTYC16ku+hKzBB3GScCqLxQG6bkPvkZI0vpnXtHrjiTw
yqO7CL/KuJJou3oGdOdWpdnQ+UCTc0NK4mlCBuvs2ME9+0tJbgOfhMymkhcaAVUF
nP+vMSvnxEvHuRfjwIC3bwXqmUf9vbVSkKuGaSGXIU8w2MVs4BiIggW9t2PFH4nl
j8OrsIJs1Shy+QR9s+jaiMlTT9iORqj5moenUfNAC1jNC8EFa2EIM/3cMOLf/wIi
Id54T4YpRNg6GhbEuwLgD4Aklnw93QVcwiJ/tegcy2E3cf9MlDmjaKPW/avumWE7
5bJEnpJsHtJ1Xi+/W4ytw2Vfo6p6Y/MoEzEUvbcEjFMWsPgL5q1OoUthCwJENqJD
L+iTtMUjDridqf+NG1v2kGjr7XeXpc3wLAINAk6cwfmFbkcJg02pfpAhnTGzq9/g
oZktruKey9k4wXhAg6jmdejpuykzgo+yt1CnlY2RXg/RQLUczL0uLvl3rzR503//
8JaYf1vOIqmq/BAusDQO
=xWs/
-----END PGP SIGNATURE-----

--- End Message ---

Bug#778397: marked as done (Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability)

Reply via email to