Your message dated Wed, 29 Mar 2017 16:19:04 +0000
with message-id <[email protected]>
and subject line Bug#857966: fixed in partclone 0.2.90-1
has caused the Debian Bug report #857966,
regarding partclone: CVE-2017-6596
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
857966: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857966
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: partclone
Version: 0.2.73-2
Severity: important
Tags: upstream security
Forwarded: https://github.com/Thomas-Tsai/partclone/issues/91
Hi,
the following vulnerability was published for partclone.
CVE-2017-6596[0]:
| partclone.chkimg in partclone 0.2.89 is prone to a heap-based buffer
| overflow vulnerability due to insufficient validation of the partclone
| image header. An attacker may be able to launch a 'Denial of Service
| attack' in the context of the user running the affected application.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-6596
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6596
[1] https://github.com/Thomas-Tsai/partclone/issues/91
[2] https://github.com/insidej/Partclone_HeapOverFlow/blob/master/README.md
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: partclone
Source-Version: 0.2.90-1
We believe that the bug you reported is fixed in the latest version of
partclone, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Georges Khaznadar <[email protected]> (supplier of updated partclone package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 29 Mar 2017 17:54:24 +0200
Source: partclone
Binary: partclone
Architecture: source amd64
Version: 0.2.90-1
Distribution: experimental
Urgency: medium
Maintainer: Georges Khaznadar <[email protected]>
Changed-By: Georges Khaznadar <[email protected]>
Description:
partclone - Utility to clone and restore a partition
Closes: 857966
Changes:
partclone (0.2.90-1) experimental; urgency=medium
.
* New upstream release. Closes: #857966 (CVE-2017-6596)
Checksums-Sha1:
86edbf483ee286d47a881b59840859fcfe7cfaa8 1980 partclone_0.2.90-1.dsc
228ff85bf0ab4a9fe1d2cb577077dbb0037119f2 1428232 partclone_0.2.90.orig.tar.gz
6c2437b81b5dc6a4991dd4d3023d11e1380a332d 43380 partclone_0.2.90-1.debian.tar.xz
b98e070b497079b86a8f023102437d22d3c6b172 1239240
partclone-dbgsym_0.2.90-1_amd64.deb
be9f4dd1c4441232f036f98baea5fc6d313ed622 5919
partclone_0.2.90-1_amd64.buildinfo
8433c49ec04e00373f0069c0f440c322e3af3bd3 390952 partclone_0.2.90-1_amd64.deb
Checksums-Sha256:
c05be201df8ffae65bac296403325518a705030ebde49925cc057ddb5e5186af 1980
partclone_0.2.90-1.dsc
1e785031e32277021ac395298260b3e2b66907a81dfcb19ae7aac8b26ee5b837 1428232
partclone_0.2.90.orig.tar.gz
48dc3ce4bae5d0ee02e970f9b54536fb5f78c0fc081b3848a097b52d0c7b530e 43380
partclone_0.2.90-1.debian.tar.xz
7e5a3894c1afb5a0f0cac0a82cfea10fa0693e49d0c941cb44847240af7fef15 1239240
partclone-dbgsym_0.2.90-1_amd64.deb
c7002a749aacf0e5d0b1d3812c9a73f1d13aeceee00baa799c07af94a5f8f6da 5919
partclone_0.2.90-1_amd64.buildinfo
e4015ee38bb083986b41f9e2c501c3787e3b794de73ec13838ed5ce81b64c3bb 390952
partclone_0.2.90-1_amd64.deb
Files:
e9aa782ce66ada1b636bb63c10526c26 1980 admin extra partclone_0.2.90-1.dsc
e69e69d441c8356bfcb34d9376141395 1428232 admin extra
partclone_0.2.90.orig.tar.gz
b48665c8c7d546bcbbab14bc1be47547 43380 admin extra
partclone_0.2.90-1.debian.tar.xz
ec9a38434ef3bd38dbc4b141d3c37c6d 1239240 debug extra
partclone-dbgsym_0.2.90-1_amd64.deb
c0d1ab6148b7dad53a177a198df71ca5 5919 admin extra
partclone_0.2.90-1_amd64.buildinfo
ef5f1f57e98a0df7cab280935675ec74 390952 admin extra
partclone_0.2.90-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEM0CzZP9nFT+3zK6FHCgWkHE2rjkFAljb2g4ACgkQHCgWkHE2
rjlTLA//eu/wtc/TmNOCG0/zkq4Ii5SfChZKPxGocTCV7wkp5JrcADP48Kn6fsFp
5WxL2vwVkcjy8ImC8gFWvLPuUUPhubqnPiVCqVMqGl6DcL4URzkfKZMoqyCRywaL
e16t6Yl2ZO2lUxDzrCShQraTbtQJuNihPIGnl5rAUuxqTgRYn+c3k4YLOFfO75wI
mwGS5c/uc9IWPIT5tAuGoiYhQXQRsNvDOYW3IO3eyIVoeAA7y20Y71XJBdiWqawZ
wyHjk/JRGFADVKaMnkVn7HpKbtRiL1YjSXfiW1bL7wJQV+k6iYab0FZyw+H9KLJJ
wtoVbdqv376YxxRqJXClV+m5xsaRQM7RkmG3NqGWd+E2HkDB3iwu0jEXjccXIx44
FIzsGDvv8NqL9FQ4ryw+QFjCcwRNxUh96KagLI9KUpp+jIK0O+WRU15/jNIVGoIn
CqoR2AZQETMZYM4AxGm4ktbzL874vR5rqNmXD/Iq1AT9NgcBXwdSOi71R+8OTC4U
uhe12l6exSR9Jj2jOgXpJE27lOule8KPvU8MvmL96qCdMyOEG1tI69dhK0Dyx1qG
5/a7c7hwEtN63LVC/E96NByLhyzjT32uqgEEGEIwHiHdP0D6wL7A2MOpR73pnzGz
dUbl2zRGaejKDhcWPODdO4z2BaUWphstNf7ZNIsHA4fpB8M1nEM=
=4as/
-----END PGP SIGNATURE-----
--- End Message ---
