Your message dated Sun, 04 Jun 2017 11:03:48 +0000
with message-id <[email protected]>
and subject line Bug#849212: fixed in msgpuck 1.0.3-1.1
has caused the Debian Bug report #849212,
regarding msgpuck: CVE-2016-9036: Invalid handling of map16 format in mp_check()
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
849212: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849212
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: msgpuck
Version: 1.0.3-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/rtsisyk/msgpuck/issues/12
Hi,
the following vulnerability was published for msgpuck.
CVE-2016-9036[0]:
Invalid handling of map16 format in mp_check()
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-9036
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9036
[1] https://github.com/rtsisyk/msgpuck/issues/12
[2] http://www.talosintelligence.com/reports/TALOS-2016-0254/
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: msgpuck
Source-Version: 1.0.3-1.1
We believe that the bug you reported is fixed in the latest version of
msgpuck, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Muehlenhoff <[email protected]> (supplier of updated msgpuck package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 04 Jun 2017 12:49:08 +0200
Source: msgpuck
Binary: libmsgpuck-dev
Architecture: source amd64
Version: 1.0.3-1.1
Distribution: unstable
Urgency: medium
Maintainer: Roman Tsisyk <[email protected]>
Changed-By: Moritz Muehlenhoff <[email protected]>
Description:
libmsgpuck-dev - MsgPack serialization library in a self-contained header file
Closes: 849212
Changes:
msgpuck (1.0.3-1.1) unstable; urgency=medium
.
* Non-maintainer upload.
* CVE-2016-9036 (Closes: #849212)
Checksums-Sha1:
1815b6e68840a3bb29c087d25caec550200d7472 1904 msgpuck_1.0.3-1.1.dsc
85febdfe2270ad76262a62968e31ed8c6e7b7918 3848 msgpuck_1.0.3-1.1.debian.tar.xz
5aa299515e0772f4a971891e14179bfc565d7ab3 29272
libmsgpuck-dev_1.0.3-1.1_amd64.deb
8b33da091e6dadafa2f9147d62608cd67c8bdc10 6394 msgpuck_1.0.3-1.1_amd64.buildinfo
Checksums-Sha256:
d448aee36e6dc2796b91c3a263d7918914a50d6562ab63d904c0a0e078fd897e 1904
msgpuck_1.0.3-1.1.dsc
bc951d75062338e95fb0a61053a0667e3c96035b12b4790ed6e8d4bcc498face 3848
msgpuck_1.0.3-1.1.debian.tar.xz
00f5eef1c1398423a94d583074c26500cd9775d84fdc4e48d30810f4854168d0 29272
libmsgpuck-dev_1.0.3-1.1_amd64.deb
55cc43694539a41e0113be33b11ba228d664a39aed6b2dea7144caed16402061 6394
msgpuck_1.0.3-1.1_amd64.buildinfo
Files:
a090bd8a6e8e9c035fe962b3685c9441 1904 libdevel optional msgpuck_1.0.3-1.1.dsc
67aac4aeea2da87249086b056bb5df28 3848 libdevel optional
msgpuck_1.0.3-1.1.debian.tar.xz
972cbb78d437a2b07cf802a3a60f3014 29272 libdevel optional
libmsgpuck-dev_1.0.3-1.1_amd64.deb
4d92514a7dbddf1308f38b13d540472e 6394 libdevel optional
msgpuck_1.0.3-1.1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlkz5vcACgkQEMKTtsN8
TjbyhxAAuWGe0/ToFMWecpiDVLpSiczZ8wVkfw0UEEgOGP7D2xnn62Hv8aDt0jtR
XHe6XBduIvbVuMhvwi/4yFVXqHnHMt3cIjIPkzJ/b4CNlgazAPNFd0k/5IapBJoo
5HNGkIYcmW4oLR9iuGX3TUDGalt3fVGVBUSMYUOdbIvHS1PPmuBw/2aAdSakMFOT
Umfxjy8Ce0ZphGFMgOYsAolE/4XSi6PYtNFqXZt5xCTLHG4unS1D+vfun8+RZar8
nBPUVDja+2TfGzJqGuEcnNomn1JrZKbFKmQmB4NZJozBC3X+xX8zJkBZclDVGyYw
MK0yHsOkDwrUPDHULMtwF8hbVUP1gT9NAvDQalCoo8pi6R+yV0gm9RlBz+ADY7Q6
O0G6TKr/sUXDIOJ1fdgXns7T32TKR7Zb0axFFhtTFljc6ilDO/E2hRbUW2x5OxuN
YhmsbqNReAu4xSLScTFOowWv33e74qaSmQSb+i9aMHaOmBUPPxANjpUGo6H1hAcp
nnO8B1H0iahNyWo/+X8ctRzNrK5v9VI4m8PFHbCyBNBHu5omnTssVcaWPjsF+4rI
ZkMLsYmQwU4KHyaFTbUpqgNFSEFk0u1e12rL5o8APK8jkvLDfP1X1Gp0A5SIEtKC
l7ipnDMFGeo3A1gLGl/2mMGgB3hzI4v34pcpYZeFgMfJPiXTn9A=
=mazF
-----END PGP SIGNATURE-----
--- End Message ---
