Your message dated Mon, 10 Sep 2018 20:35:19 +0000
with message-id <[email protected]>
and subject line Bug#907608: fixed in libtirpc 0.2.5-1.3
has caused the Debian Bug report #907608,
regarding libtirpc: CVE-2018-14622: Segmentation fault in makefd_xprt return
value in svc_vc.c
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
907608: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907608
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libtirpc
Version: 0.2.5-1
Severity: important
Tags: patch security upstream
Hi,
The following vulnerability was published for libtirpc.
CVE-2018-14622[0]:
Segmentation fault in makefd_xprt return value in svc_vc.c
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-14622
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14622
[1] https://bugzilla.novell.com/show_bug.cgi?id=968175
[2]
http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=1c77f7a869bdea2a34799d774460d1f9983d45f0
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libtirpc
Source-Version: 0.2.5-1.3
We believe that the bug you reported is fixed in the latest version of
libtirpc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated libtirpc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 31 Aug 2018 21:47:58 +0200
Source: libtirpc
Binary: libtirpc-dev libtirpc1
Architecture: source
Version: 0.2.5-1.3
Distribution: unstable
Urgency: medium
Maintainer: Anibal Monsalve Salazar <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 907608
Description:
libtirpc-dev - transport-independent RPC library - development files
libtirpc1 - transport-independent RPC library
Changes:
libtirpc (0.2.5-1.3) unstable; urgency=medium
.
* Non-maintainer upload.
* rendezvous_request: check the makefd_xprt return value (CVE-2018-14622)
(Closes: #907608)
Checksums-Sha1:
fd96a1d2eff4d61d47fa3390446af0cf2c2ee51a 2010 libtirpc_0.2.5-1.3.dsc
a04c34547264677bbc5cf375270c3eaba6e30d4b 16016 libtirpc_0.2.5-1.3.debian.tar.xz
Checksums-Sha256:
5fda50599de55187814b81b8353195baf206f0883c3b3a370ec26d4b4aa52f67 2010
libtirpc_0.2.5-1.3.dsc
7378d6b87ac71aa0f00338a71ea8e6713260ed266cb62dcca82c15a383592cc5 16016
libtirpc_0.2.5-1.3.debian.tar.xz
Files:
bc39dd0a7306c5c4c8e80207bf177ae6 2010 libs standard libtirpc_0.2.5-1.3.dsc
2a199341b3ce0ee8384a1975d1651837 16016 libs standard
libtirpc_0.2.5-1.3.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAluJnDtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EyJYP/RAkSkPgrc06Q8xfK7lwPUYGq7R/IiX0
XW6z/V/TFW6ohxCCc45FOv8DZIjT0U6RlIirkTyiA2ACTJiSD9Mp+73kMfLoljTe
4KwatUiAO2pqFs9UV3lIrh9RGWbKS8/ldbPPfh5rEVKCy5kslseco7+opVIWEK0u
kU6wjH7gTBjPjL3v207Pt2fiaqEzKYU344t4Y5ECcd+ueVaZylL0yzJ7gLo0HPMv
jPoX7zWJr/cXbmtpVaTfX1oJG2I5QKKcWDoqqEWoK2fclT21y6lSU8nY+jJQepzR
SCWvdGTZJXnpl7F24Yd7v/4LbKteH3ybsRwCO7WM1bkt+FbUXB8SppTK730o0XII
vetzFlCNwofQt9w5pMpvgjBIXX4FfGCs79X3peRWG5SLxwe7xz7SsLoAC4k1YL64
wJnyl0/xuHo6/EyNb5DJl9NlnlraIzO9JBVpVI89xGSv9kt0ripZq9XD9ax5/Er1
maX8o5PSDLdaCMrZC8FrCuv7GRmk5wqA6OE3ZZDR+GhRboATP4QPxV0P8eGIh00Q
9iv+OBIYTJz9KtXm8WeTN4OodzdelnRIrEmxJpSr5+1cWHPElNjnXJXQkVPuVh3x
bmWPzPPSEHeO8fz15oPeUMw2MFPPLRE7tbQGPhXXFKirkq5Rri5aNmBnzuFQjMU8
QY2CvJi2rnR2
=6DpM
-----END PGP SIGNATURE-----
--- End Message ---
