Your message dated Thu, 06 Apr 2017 19:21:53 +0000
with message-id <[email protected]>
and subject line Bug#857966: fixed in partclone 0.2.89-3
has caused the Debian Bug report #857966,
regarding partclone: CVE-2017-6596
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
857966: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857966
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: partclone
Version: 0.2.73-2
Severity: important
Tags: upstream security
Forwarded: https://github.com/Thomas-Tsai/partclone/issues/91
Hi,
the following vulnerability was published for partclone.
CVE-2017-6596[0]:
| partclone.chkimg in partclone 0.2.89 is prone to a heap-based buffer
| overflow vulnerability due to insufficient validation of the partclone
| image header. An attacker may be able to launch a 'Denial of Service
| attack' in the context of the user running the affected application.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-6596
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6596
[1] https://github.com/Thomas-Tsai/partclone/issues/91
[2] https://github.com/insidej/Partclone_HeapOverFlow/blob/master/README.md
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: partclone
Source-Version: 0.2.89-3
We believe that the bug you reported is fixed in the latest version of
partclone, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Georges Khaznadar <[email protected]> (supplier of updated partclone package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 06 Apr 2017 20:41:56 +0200
Source: partclone
Binary: partclone
Architecture: source amd64
Version: 0.2.89-3
Distribution: unstable
Urgency: medium
Maintainer: Georges Khaznadar <[email protected]>
Changed-By: Georges Khaznadar <[email protected]>
Description:
partclone - Utility to clone and restore a partition
Closes: 857966
Changes:
partclone (0.2.89-3) unstable; urgency=medium
.
* backported some code from the last version. Closes: #857966
(CVE-2017-6596)
Checksums-Sha1:
b3170e18f148f351c7a2cdcbdb6dd411e0bc6cbf 1980 partclone_0.2.89-3.dsc
7285f7dc860bde56c1980bfa0f67de826944a54a 44256 partclone_0.2.89-3.debian.tar.xz
001ed88b052bc2bebc2306489a82f9a6a3591cd0 1234692
partclone-dbgsym_0.2.89-3_amd64.deb
4425f95055278385cf1083578019924df099cfb9 5921
partclone_0.2.89-3_amd64.buildinfo
488423fd7266227e8d553dda1786b8d1834e8382 389980 partclone_0.2.89-3_amd64.deb
Checksums-Sha256:
a7da4ae9b52d579a4f464931f6348e47cd909f12c8ff26625792fcaf10900018 1980
partclone_0.2.89-3.dsc
31024a5433f2ea44d7063780f8f1a4f380da7e05bf2a46bccdb1d1c5c7dedbd8 44256
partclone_0.2.89-3.debian.tar.xz
d29e37f920df2394d0c6c452d0b0a12c87147ab9edabac8c50259ee73c11e4d4 1234692
partclone-dbgsym_0.2.89-3_amd64.deb
a9c3ba92b1c6072bd3892b969c58758f7e039de5e69fc04f39e7f26b77bd23fb 5921
partclone_0.2.89-3_amd64.buildinfo
d521c48ab9393e1db74003bfb0f6c57b922fd9781075d3b942b1c9167130a371 389980
partclone_0.2.89-3_amd64.deb
Files:
3083850fde06bb1afd8565ac02140a6e 1980 admin extra partclone_0.2.89-3.dsc
f8bfd75156cad5f0111c59f4642256ab 44256 admin extra
partclone_0.2.89-3.debian.tar.xz
08c76ad799897b5d3df1a64034597a5f 1234692 debug extra
partclone-dbgsym_0.2.89-3_amd64.deb
59f1f3904f8fa867a42d0de42ec28b0e 5921 admin extra
partclone_0.2.89-3_amd64.buildinfo
ff7a0a020f84e6a0aa973bcc5e00c018 389980 admin extra
partclone_0.2.89-3_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEM0CzZP9nFT+3zK6FHCgWkHE2rjkFAljmjWsACgkQHCgWkHE2
rjkFPw/7BJrVZiA+YRy+5AzADlNEV4IO23e0o47A7mZJTsCmn7vCl+puvA4RYDzI
GZc3dfucvmVzusk0wT9zjF/s9pF6cE4q+xp3JDiv8TNOHFBzniRCpqV6UIKkdpzN
0jkftM7y9XGZu9jnLypgGehZzyXdpKe2yagBCC42SnNyy4N7K9LUHREucbbQ3Ukh
3oyPo5agxEarEWyVY6zX9hJ3Hqa+vuJ6KomOO05HnjlmtLhToyWXd5OcCAV+720+
9tlOdN+0mYbVUeEU5Q595J7JaLhb3c1tekvpnExW+jc7tAsro7CEeDhSoYu/BElA
EZ19ZDdpI/pJkOottQMjh8vkRJGJSN+qQQqzq67hbCFuG48zmrAOabQfN1peT89J
0QySMAu7JHybHF9Tz4Tpp3Tt7j6QeQoHci+aR5vyID9nd2rmfaXBHMPO7HPFn6sP
DmQbpu7Adds0019qlADROxDpxq60wiWHpzQUPSSYj82Cce+KqJ5Z1tIbZzdf95gW
tipRa2HztUW3HQOdJB0vuh5mTq+0ZcWOibldrQaA6jPA63Guw5RJOCAZ67IsDfAz
cLXxK3oNPCSif7l5IE+zSLp+OceU2WhnNuc8wOH39B0ylVQu7Wov5AUzvcN//ZsQ
thGcSIVzdPu4j2cw6HRp0lnjuKFPgNW0p0wrH/IA9Ij4BUTEBaU=
=VPWn
-----END PGP SIGNATURE-----
--- End Message ---
