Bug#840555: marked as done (guile-2.0: CVE-2016-8606)

Debian Bug Tracking System Sun, 23 Oct 2016 16:15:40 -0700

Your message dated Sun, 23 Oct 2016 23:00:36 +0000
with message-id <[email protected]>
and subject line Bug#840555: fixed in guile-2.0 2.0.13+1-1
has caused the Debian Bug report #840555,
regarding guile-2.0: CVE-2016-8606
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
840555: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840555
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Source: guile-2.0
Version: 2.0.11+1-9
Severity: important
Tags: security upstream patch

Hi,

the following vulnerability was published for guile-2.0.

CVE-2016-8606[0]:
REPL server vulnerable to HTTP inter-protocol attacks

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-8606
[1] http://seclists.org/oss-sec/2016/q4/100
[2] 
http://git.savannah.gnu.org/cgit/guile.git/commit/?h=stable-2.0&id=08c021916dbd3a235a9f9cc33df4c418c0724e03

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: guile-2.0
Source-Version: 2.0.13+1-1

We believe that the bug you reported is fixed in the latest version of
guile-2.0, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Rob Browning <[email protected]> (supplier of updated guile-2.0 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 22 Oct 2016 16:21:42 -0500
Source: guile-2.0
Binary: guile-2.0 guile-2.0-dev guile-2.0-doc guile-2.0-libs
Architecture: source amd64 all
Version: 2.0.13+1-1
Distribution: unstable
Urgency: medium
Maintainer: Rob Browning <[email protected]>
Changed-By: Rob Browning <[email protected]>
Description:
 guile-2.0  - GNU extension language and Scheme interpreter
 guile-2.0-dev - Development files for Guile 2.0
 guile-2.0-doc - Documentation for Guile 2.0
 guile-2.0-libs - Core Guile libraries
Closes: 840555
Changes:
 guile-2.0 (2.0.13+1-1) unstable; urgency=medium
 .
   * Merge upstream version 2.0.13.
     Remove patches that are no longer needed:
       0002-Recognize-more-ARM-targets.patch
       0003-Recognize-m68k-s390x-and-sh4-as-compilation-targets.patch
       0004-Do-not-assume-that-64-bit-integers-will-be-64-bit-al.patch
       0005-VM-Use-register-a3-for-IP_REG-on-m68k.patch
       0006-build-Use-libtoolize-in-autogen.sh.patch
       0007-VM-ASM_MUL-for-ARM-Add-earlyclobber-constraint-to-th.patch
       0008-VM-Allow-the-C-compiler-to-choose-FP_REG-on-ARM.patch
       0009-web-Keep-the-default-size-for-the-client-s-in-kernel.patch
       0010-Fix-shrinking-of-contiguous-bytevectors-as-from-get-.patch
       0011-Fix-bit-count-bug.patch
       0012-Handle-p-in-format-warnings.patch
       0013-Document-prefix-option-in-use-module-clauses.patch
       0014-Fix-SCM_SMOB_OBJECT-_-_0_-_1_-_2_-_3_-LOC.patch
       0015-peval-Handle-optional-argument-inits-that-refer-to-p.patch
     (Closes: 840555 840556)
 .
   * Update debian/copyright for 2.0.13
Checksums-Sha1:
 8dea2bc83e7d7a355083597658f5001672116f45 2118 guile-2.0_2.0.13+1-1.dsc
 afc61899f4c8273a06d36248df2121416df17c98 3444256 guile-2.0_2.0.13+1.orig.tar.xz
 0e4de973882c08e5a49ae8bdc6d0ceeb0e3d7806 18420 
guile-2.0_2.0.13+1-1.debian.tar.xz
 2ee8ef90ddbeb61a84b207af460df478adf9fa90 699408 
guile-2.0-dev_2.0.13+1-1_amd64.deb
 65768f6304f8f2488897d31beb317eae081420c0 872080 
guile-2.0-doc_2.0.13+1-1_all.deb
 742857aae09c62cb0f5574ff06e5170f060d724b 965442 
guile-2.0-libs-dbgsym_2.0.13+1-1_amd64.deb
 ee56a0a5a2ba13fe90a4861a9cd4c7fbbe5e45b3 2229966 
guile-2.0-libs_2.0.13+1-1_amd64.deb
 e6d68f60c20dedc13c1d1878a47884c62c2cb713 17560 guile-2.0_2.0.13+1-1_amd64.deb
Checksums-Sha256:
 1134cb13ca5076421a3863a0b9eb728f9771b56948e98ee0c872ed252003ee6f 2118 
guile-2.0_2.0.13+1-1.dsc
 ecf63aa152cf962752325c2dcd6af1bd575441b984fde847a280ea852ff9eddd 3444256 
guile-2.0_2.0.13+1.orig.tar.xz
 33fb9d860887554b83323ca4fe53bc4e5a751a843b29a2fd65427d2a30eafe7c 18420 
guile-2.0_2.0.13+1-1.debian.tar.xz
 b3770ec9676b1104ca6a208355f1648a5832a4253447bf10e384a15caa3d9425 699408 
guile-2.0-dev_2.0.13+1-1_amd64.deb
 a928170f3564ccf607e45217f5c7582d5ff303a53eb01d4d178f75cdbe7df943 872080 
guile-2.0-doc_2.0.13+1-1_all.deb
 67f27b90f4f5da022bed98e999c699eaaa1b1d763b7c17bcdaa78c427e1a3c85 965442 
guile-2.0-libs-dbgsym_2.0.13+1-1_amd64.deb
 62b2d092c574e078ab33b43c15d5ede6e0caf211de88cc2ee02c40fb628a78f7 2229966 
guile-2.0-libs_2.0.13+1-1_amd64.deb
 c72de049958040fb4fd6fc69bf716f81d3fbdea9350591ebf6d0ac40ccc1a6c2 17560 
guile-2.0_2.0.13+1-1_amd64.deb
Files:
 e20346248a34391da4bb5ac8ec423b99 2118 interpreters optional 
guile-2.0_2.0.13+1-1.dsc
 c87d12709c257f5bb59aabc8a05e3ee1 3444256 interpreters optional 
guile-2.0_2.0.13+1.orig.tar.xz
 21dd8f0d13bb476d58001dad185a298d 18420 interpreters optional 
guile-2.0_2.0.13+1-1.debian.tar.xz
 e2e8d025210eae5c839d21189d6e1bee 699408 lisp optional 
guile-2.0-dev_2.0.13+1-1_amd64.deb
 e971b75b0d477bff0b220ee64bcdb399 872080 doc optional 
guile-2.0-doc_2.0.13+1-1_all.deb
 e4728889ea99a46d050047963917a3d0 965442 debug extra 
guile-2.0-libs-dbgsym_2.0.13+1-1_amd64.deb
 6ba4becc6b2797267a386d4423bb007b 2229966 lisp optional 
guile-2.0-libs_2.0.13+1-1_amd64.deb
 e48b583fa8025bd7c2424cc232e5059d 17560 lisp optional 
guile-2.0_2.0.13+1-1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIyBAEBCAAcBQJYC+uOFRxybGJAZGVmYXVsdHZhbHVlLm9yZwAKCRDu8RbFWlpC
8R1vD/9aD9kVPQXjTCAfFM72mcbbZjXLmO8zYE/tLBTyvMLne6E9NnZqS35/Ujx5
8uo/DkooSyRwYXNjW42gHgbVx+UapWuTgoARPHcKqtKTGy1Lp07ehA+mlNQRqzBh
FlNS3NGFkaEh0E9P/LcBTnkuwhJMp3VNpV1BTmfebnJcxp/QTkivKOpGauUFgbjX
ABrUM6klq0If6LCaZqkhoj0L2pKiSlHtxqq0RbZPOn+ZQk7ARBR4jzU3d0ysUk/s
elmSLlgPqNeokINmdP7ZPyFKhuDh7LP5htYb28W54ZoovL0GJwFRp1/pi7zuSb+6
dwR7Y/5TZUrQ+UfGumkTcF+Nf22FGfEjmGbbc7hqSxXLN3uTZC2MlXTO3g4RkKHD
Th1hTErHYnPWpbPEDnuPbtza7higfzeQz29Of94o9f3+KEodnsrQqrJ3hFW39gQJ
hE0p7RvMNpPaoYtg6AuC2ymqMaKj8jHukRD+qxf3IktzmoJrRlJX08zDPkY6AHxw
3pZsrE1Z2td3aOTYoQy2gmVrmBXyztjll+88W651QbuZDB6PNpONULGHX8dOYeuV
/SpnaSniFsxrDopFhbCNbaKaOe7+8WRKUD7NulTKaWW3HLmydy8oSZST3EjArKtC
bb4pgipqcWuLG5+ZCFc5qOJqGREFtdeyy1idcO2OugIBbJar/g==
=poLw
-----END PGP SIGNATURE-----

--- End Message ---

Bug#840555: marked as done (guile-2.0: CVE-2016-8606)

Reply via email to