Your message dated Thu, 09 Mar 2017 23:20:45 +0000
with message-id <[email protected]>
and subject line Bug#856063: fixed in radare2 0.9.6-3.1+deb8u1
has caused the Debian Bug report #856063,
regarding radare2: CVE-2017-6197
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
856063: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856063
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: radare2
Severity: important
Tags: security
Hi,
the following vulnerability was published for radare2.
CVE-2017-6197[0]:
| The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1
| allow remote attackers to cause a denial of service (NULL pointer
| dereference and application crash) via a crafted binary file, as
| demonstrated by the r_read_le32 function.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-6197
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6197
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: radare2
Source-Version: 0.9.6-3.1+deb8u1
We believe that the bug you reported is fixed in the latest version of
radare2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sebastian Reichel <[email protected]> (supplier of updated radare2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 25 Feb 2017 14:48:03 +0100
Source: radare2
Binary: radare2 radare2-plugins libradare2-0.9.6 libradare2-dev
libradare2-0.9.6-dbg libradare2-common
Architecture: source amd64 all
Version: 0.9.6-3.1+deb8u1
Distribution: stable
Urgency: medium
Maintainer: David MartÃnez Moreno <[email protected]>
Changed-By: Sebastian Reichel <[email protected]>
Description:
libradare2-0.9.6 - libraries from the radare2 suite
libradare2-0.9.6-dbg - debug symbols for libraries from radare suite
libradare2-common - arch independent files from the radare2 suite
libradare2-dev - devel files from the radare2 suite
radare2 - free and advanced command line hexadecimal editor
radare2-plugins - plugins for radare2
Closes: 856063
Changes:
radare2 (0.9.6-3.1+deb8u1) stable; urgency=medium
.
* Add patches to fix security bug (Closes: #856063)
- CVE-2017-6197
The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1
allows remote attackers to cause a denial of service (NULL pointer
dereference and application crash) via a crafted binary file, as
demonstrated by the r_read_le32 function.
Checksums-Sha1:
05626328126f4c2d88809cf94f36ca4eca6d33be 2353 radare2_0.9.6-3.1+deb8u1.dsc
55dd8bc7071dbfb88e79dbc05f92d4e287f587f9 16692
radare2_0.9.6-3.1+deb8u1.debian.tar.xz
d5ddd8b32e3d2315eeb085d2f6a3ac1009364308 132508
radare2_0.9.6-3.1+deb8u1_amd64.deb
ab56489d037e470b86b11b6abd23336bec77f5a9 60918
radare2-plugins_0.9.6-3.1+deb8u1_amd64.deb
af1fe2f32160d8dfab60513e43547ad4d043d062 1415864
libradare2-0.9.6_0.9.6-3.1+deb8u1_amd64.deb
691aee62fd168be08fed09efc64b51fdac40eaf3 143664
libradare2-dev_0.9.6-3.1+deb8u1_amd64.deb
5a8a8c98e8c85d6ef68a0c71ceb11d9dc9256447 4143394
libradare2-0.9.6-dbg_0.9.6-3.1+deb8u1_amd64.deb
e906075a0f2cd396c7d462c069dd52589631a6b9 173126
libradare2-common_0.9.6-3.1+deb8u1_all.deb
Checksums-Sha256:
2a2c87393700d7e4d12bd96bddd289a4109124e14ce10d74938a01bb32f4ccd0 2353
radare2_0.9.6-3.1+deb8u1.dsc
c4e6efb1afd6d8cc68bc1da92ef36fad194abb6362b0624a9fbbb9b2e84bcded 16692
radare2_0.9.6-3.1+deb8u1.debian.tar.xz
1069e5657b14734f83d62540bee78b6c8ce0a6d7437a3c4cee74c035d7bb75c8 132508
radare2_0.9.6-3.1+deb8u1_amd64.deb
75b29091fd6e100f2eeca7da7b3f6322061b1cc6b1d98c18e20d6e123542ccb7 60918
radare2-plugins_0.9.6-3.1+deb8u1_amd64.deb
4fd7f61636b2d9206ecf1113fede5d6b495fd9dd24f9887e248914559a09f6b4 1415864
libradare2-0.9.6_0.9.6-3.1+deb8u1_amd64.deb
2d2b1ef2b0c40a7409b595ca2c8fd50ad25e0d575feb3e7663b7752bc5ce7068 143664
libradare2-dev_0.9.6-3.1+deb8u1_amd64.deb
a3451900d929824d98df31f1215d0decc0555fb10a2de6216a88d7e8b1bb0bc9 4143394
libradare2-0.9.6-dbg_0.9.6-3.1+deb8u1_amd64.deb
5844943cdb92f81587931edc5f60d6be060a753e9c926c07648d148530529451 173126
libradare2-common_0.9.6-3.1+deb8u1_all.deb
Files:
69b7aff4436be04f743c530028b810c2 2353 devel extra radare2_0.9.6-3.1+deb8u1.dsc
e691f32304dfe13c31fc62c96c96aa00 16692 devel extra
radare2_0.9.6-3.1+deb8u1.debian.tar.xz
77dfd0c30cf99d45134c46945413971f 132508 devel extra
radare2_0.9.6-3.1+deb8u1_amd64.deb
19225526466038c5bd31ff4a4c70890b 60918 libs extra
radare2-plugins_0.9.6-3.1+deb8u1_amd64.deb
a5a6574559a0d43b412429afa83fe017 1415864 libs extra
libradare2-0.9.6_0.9.6-3.1+deb8u1_amd64.deb
c3cfd7824ecf02947dd2be8d4a900687 143664 libdevel extra
libradare2-dev_0.9.6-3.1+deb8u1_amd64.deb
110458f5b3e26019d520c274b8c74e1a 4143394 debug extra
libradare2-0.9.6-dbg_0.9.6-3.1+deb8u1_amd64.deb
946ed9d51db47fd29082c4f95f650cb8 173126 devel extra
libradare2-common_0.9.6-3.1+deb8u1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJYs/txAAoJENju1/PIO/qapicP/j0PZPuHar3Fncuth55eWYJ9
hSegfhoDYAZn+pLewr4zWvfVdmXVnFSufUmaBZ4eLTR7HdWuxbxJUBzjYtEQhjcU
HW5dmHDqXz12fws+LlJadG+ddVZNDvwZGrCTW9848KlxfdDAx6cU/gbJgHR4XmzV
mJkjP/C/K1vZVx4mErqX2ULxCIOJOqsHqaMhGEaRUfRfjliX71axuUUcOZAA6vjd
EE+P8jwAgbG4aCxRm/MpRy06aOCmDf7HJYbyODusiLbgAp61ddWh/H+V7vrz7mO5
YwDgiEh+8HJM547hHSkPRbT0udWe3M6f+c1w082cU3JilbqwrMCB3ZWNWOKGGe7s
YsrsUKR1rGUFIaiTJR+Sy2Vn6Ah1SzGF1VI00e2KVUH5+j9gOKMA/n3g2FNmAQZb
NMIihTxXs20JFOdMznHQjCiE7O+nhweEuiGuKTblspt8aG5ZNWYHqafet4MlHT4E
uyZF6Urwo5dLfTQgD65237Y+v5giMe9AV0HdyKMzgONYOWwoWKEBMZl+vX5jVMPG
O5UNYGk8r1J4IZgzMCpXYjQ/NKsP3wMgd/v8PwjMQhqTl7qu3IFhDnRBU57nHnMh
MkDFvr9Nyp9xrNGWNsiUJAZ6Cc0Bpf4bNT3IH92I5QF5G5hMTmV+wkyM2uZNe2/t
V4qZYdTtEzVB9iSEgjYp
=FC3F
-----END PGP SIGNATURE-----
--- End Message ---