Your message dated Sun, 20 May 2018 13:04:43 +0000
with message-id <[email protected]>
and subject line Bug#897695: fixed in blktrace 1.2.0-1
has caused the Debian Bug report #897695,
regarding blktrace: CVE-2018-10689: Buffer overflow in the dev_map_read function
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
897695: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897695
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: blktrace
Version: 1.0.5-1
Severity: normal
Tags: patch security upstream
Forwarded: https://www.spinics.net/lists/linux-btrace/msg00847.html
Hi,
The following vulnerability was published for blktrace.
CVE-2018-10689[0]:
| blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel
| and Android, has a buffer overflow in the dev_map_read function in
| btt/devmap.c because the device and devno arrays are too small, as
| demonstrated by an invalid free when using the btt program with a
| crafted file.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-10689
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10689
[1] https://www.spinics.net/lists/linux-btrace/msg00847.html
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: blktrace
Source-Version: 1.2.0-1
We believe that the bug you reported is fixed in the latest version of
blktrace, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bas Zoetekouw <[email protected]> (supplier of updated blktrace package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 19 May 2018 21:49:22 +0200
Source: blktrace
Binary: blktrace
Architecture: source
Version: 1.2.0-1
Distribution: unstable
Urgency: medium
Maintainer: Bas Zoetekouw <[email protected]>
Changed-By: Bas Zoetekouw <[email protected]>
Description:
blktrace - utilities for block layer IO tracing
Closes: 705269 873470 894836 895915 897695
Changes:
blktrace (1.2.0-1) unstable; urgency=medium
.
* New upstream release
* Update VCS links to salsa.debian.org
* Change SUggests from libav-tools to ffmpeg (Closes: #895915)
* Update Standards-version to version 4.1.4; change priority to optional
* Fix buffer overflow in btt (CVE-2018-10689) (Closes: #897695)
* Fix FTCBFS: (Closes: #894836)
+ Let dh_auto_build pass cross tools to make.
+ Fix build/host confusion.
* Make build reproducible
* Fix typo in README.Debian
* Don't parse changelog during build
* Add doc-base metadata for documentation
* Remove debugfs mounting init script, as systemd is moutning debugfs
by default nowadays (Closes: #873470, #705269)
* Add python3 support for btt_plot.py and bno_plot.py
Checksums-Sha1:
91313a5d239cacdba313a02b9dc18def6e2b016d 1959 blktrace_1.2.0-1.dsc
da76ff5b2387443de5a1ee9ca32e165881959868 395193 blktrace_1.2.0.orig.tar.bz2
a0b6d52a36b5e3ec9c6f4f10f2b10ff3e14a2a8b 13308 blktrace_1.2.0-1.debian.tar.xz
da412f79f869a67e4a7fd6a3703d99333f04e15c 8724 blktrace_1.2.0-1_amd64.buildinfo
Checksums-Sha256:
77532a5ae7cc0e94ab52b6188efe7d476baff31aa44faea283caa183ccdcac21 1959
blktrace_1.2.0-1.dsc
26961888f7308f5e1343b16c44a59d2ab190e12ae17b1841e4a4e304bd3a3f45 395193
blktrace_1.2.0.orig.tar.bz2
92ad7bfc91a49bad0c58ac012bd169fde79a35ea70e468ae7aa47674744c81bc 13308
blktrace_1.2.0-1.debian.tar.xz
f0a9ad0011cab891317b0d72e634a9db7b33387a47a5a38dab7e2208e10e9e3c 8724
blktrace_1.2.0-1_amd64.buildinfo
Files:
e9babff7b3ea5aaa70b22d4e895fc6f7 1959 utils optional blktrace_1.2.0-1.dsc
b9a80b7cc0a50f7a96d34c570ab8224d 395193 utils optional
blktrace_1.2.0.orig.tar.bz2
c6aaae0bfe5488e31316f383ceb10e9a 13308 utils optional
blktrace_1.2.0-1.debian.tar.xz
f56c42b58d2a2daf7d552d03ce303ac6 8724 utils optional
blktrace_1.2.0-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJDBAEBCgAtFiEEghC4pFfxxgR8lpr/0YOlF7+pjeYFAlsBa2sPHGJhc0BkZWJp
YW4ub3JnAAoJENGDpRe/qY3mTUEQAKFzQBwtYaJf/Horkt9sV64yvMijfTq5iw7v
qQx8An3ocdHtw6epC/F49rkJziLi+2xIS+wd1RNlas0c4QDRI3bcKJZM0n0fAxtR
YcSdboOTaepkOukBbATl9lijGcJLiBqOGaFmYE+yKj+SEt+s8xBKiztasZNFLNr7
X+9CvDTEgiONpnbPwKwtMhVRzJF7cuO1yWx/jlP2AUGwDKMk7A89sCLjJcXToiOj
lkXerrv7XSxdbXZl90XjvHcNsXaH8fpT6LPelfp91IxfiIAMWWu89+S+pRs09dcF
2OtrhzKbhxtZHmjTi3EdCZH/OWkHTzNLGFDarto63rDc1g2Q14zgOBJLgsr9qu/r
xwobdG8JQaSRMwY7Mk+ObQC2MneZI6TLwvZnt8OTPngwqjOs4CACsbmW9RvVL3dT
Ly3qPEFE7Lpxz2U+ff8Wx5Kt+rsswlt9HWdUsJmT2oJfHNK5STwMgcb79i6yQC6A
FQzZOwCKVdq4LUNP9ZrXQJk9Efav5lhFCviqSFj5c9is8pvytT2ij4Y1sSbBDB20
fnrZb/BYInOuZqJvmdeoVZDqPCOPF9sg10dOhaqLkSsa1sx0rSO0yaZq+mjH1Fyt
oFVGw3HpqaTZ98H7ypIszkHJrJORec3kLClBi00dU4BQvAs3DugkhT2tPX2yMxL/
yQy9b0Gq
=v+mc
-----END PGP SIGNATURE-----
--- End Message ---
