Your message dated Tue, 12 Jun 2018 20:43:53 +0000
with message-id <[email protected]>
and subject line Bug#897695: fixed in blktrace 1.0.5-1+deb8u1
has caused the Debian Bug report #897695,
regarding blktrace: CVE-2018-10689: Buffer overflow in the dev_map_read function
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
897695: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897695
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: blktrace
Version: 1.0.5-1
Severity: normal
Tags: patch security upstream
Forwarded: https://www.spinics.net/lists/linux-btrace/msg00847.html
Hi,
The following vulnerability was published for blktrace.
CVE-2018-10689[0]:
| blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel
| and Android, has a buffer overflow in the dev_map_read function in
| btt/devmap.c because the device and devno arrays are too small, as
| demonstrated by an invalid free when using the btt program with a
| crafted file.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-10689
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10689
[1] https://www.spinics.net/lists/linux-btrace/msg00847.html
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: blktrace
Source-Version: 1.0.5-1+deb8u1
We believe that the bug you reported is fixed in the latest version of
blktrace, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bas Zoetekouw <[email protected]> (supplier of updated blktrace package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 18 May 2018 15:47:57 +0200
Source: blktrace
Binary: blktrace
Architecture: source
Version: 1.0.5-1+deb8u1
Distribution: jessie
Urgency: high
Maintainer: Bas Zoetekouw <[email protected]>
Changed-By: Bas Zoetekouw <[email protected]>
Description:
blktrace - utilities for block layer IO tracing
Closes: 897695
Changes:
blktrace (1.0.5-1+deb8u1) jessie; urgency=high
.
* Fix buffer overflow in btt (CVE-2018-10689) (Closes: #897695)
Checksums-Sha1:
e6c6de60b2553c31f554418a808ae5a43d0e62a3 2005 blktrace_1.0.5-1+deb8u1.dsc
3b74a6b44066d91974793c062b520457ca0a8281 9556
blktrace_1.0.5-1+deb8u1.debian.tar.xz
Checksums-Sha256:
3ae2883338dd1b56974e4d085bb826505d39d485dee6b33f2e69a014e165bcb2 2005
blktrace_1.0.5-1+deb8u1.dsc
e6a030b017446bd8fefad19a674ef33dfa958a2f41ae3e3f78883a7481086a5e 9556
blktrace_1.0.5-1+deb8u1.debian.tar.xz
Files:
f324b26130099a168ec8648174e28d28 2005 utils extra blktrace_1.0.5-1+deb8u1.dsc
d615421a401e06e2afa8fd188caf64ca 9556 utils extra
blktrace_1.0.5-1+deb8u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQJDBAEBCgAtFiEEghC4pFfxxgR8lpr/0YOlF7+pjeYFAlseNjcPHGJhc0BkZWJp
YW4ub3JnAAoJENGDpRe/qY3ma4UP+gPt4zyWLrdywNJiQvJeeNcBSTFcGs3C7NHA
2IlDsFbWcuiCPNacic9Qjon/R/4ef8gkQ5cQtgAybV7bO0k0S9tC0txZSu9Mogz4
2B/w9Vxcb62XOuiKgqhsrS51soxTzV3KbAexk8CmXT41Sh/n+SMqNiSWaQF/y/Bt
qlQNwSl+SQ0oEWxnBjm2p6AcRamR/8nqAgoFJaM/OOeK4D5svK2ClqZzudIJQWZx
5mnan7AZ9NwTdASINSimqasfSG+u2GndMJvqh+cFvs1ZZCEIIvYxlKAMU6uIPZaW
cyRMiDq1v8NH0SKg3ZNm/oOJ+rDzD7lCPrda/UT3DEn7CbJMOY2ibEpyYkvUje9t
negu1WR2GVTLynX3dIhib8W70dO4F1q4WkBLk4Il2H0Hejo2A7uZpg3atzC8nNv7
O2csM5+DLr1XguUFO+ayLlyz5POzlmA/DoA1xWy0CVrLcBThjjpb2rUH0aotNpLs
8gwRlBya0iDMg+v2QIWtzQ0SDAtNQ7w3EDsU6u2iKwquoydYBkxcADrRmJvgS+X3
Ev6ZDyMijIF7yE12JJEDFKq9XT+8CAtO7bhRS9/BsV1HcKy5EH0l6zWc+CN8ft6T
5AdrFZfc5ziSnoB8tToivYISv8DgAGrPJJ2pXC4WbPubdYMKauxJXTPETjqBEGYk
jIJIInxB
=l3Ul
-----END PGP SIGNATURE-----
--- End Message ---
