Your message dated Thu, 04 Oct 2018 18:47:07 +0000
with message-id <[email protected]>
and subject line Bug#907608: fixed in libtirpc 0.2.5-1.2+deb9u1
has caused the Debian Bug report #907608,
regarding libtirpc: CVE-2018-14622: Segmentation fault in makefd_xprt return
value in svc_vc.c
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
907608: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907608
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libtirpc
Version: 0.2.5-1
Severity: important
Tags: patch security upstream
Hi,
The following vulnerability was published for libtirpc.
CVE-2018-14622[0]:
Segmentation fault in makefd_xprt return value in svc_vc.c
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-14622
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14622
[1] https://bugzilla.novell.com/show_bug.cgi?id=968175
[2]
http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=1c77f7a869bdea2a34799d774460d1f9983d45f0
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libtirpc
Source-Version: 0.2.5-1.2+deb9u1
We believe that the bug you reported is fixed in the latest version of
libtirpc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated libtirpc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 31 Aug 2018 21:56:01 +0200
Source: libtirpc
Binary: libtirpc-dev libtirpc1
Architecture: source
Version: 0.2.5-1.2+deb9u1
Distribution: stretch
Urgency: medium
Maintainer: Anibal Monsalve Salazar <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 907608
Description:
libtirpc-dev - transport-independent RPC library - development files
libtirpc1 - transport-independent RPC library
Changes:
libtirpc (0.2.5-1.2+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* rendezvous_request: check the makefd_xprt return value (CVE-2018-14622)
(Closes: #907608)
Checksums-Sha1:
a92e75e4ba31886310cbd6aedfe1fe1ebd9827bb 2038 libtirpc_0.2.5-1.2+deb9u1.dsc
064b0b74ac763c13da127ffcc6ba0e2bd2016e98 16028
libtirpc_0.2.5-1.2+deb9u1.debian.tar.xz
Checksums-Sha256:
c00b89b207a48a0a431728d2db50d9892702df14ffde63296ce424c317347165 2038
libtirpc_0.2.5-1.2+deb9u1.dsc
55f30a9aeb4597ad8dd725016afe3dd687542a54ef7c02cf0fada27c58fe2cf9 16028
libtirpc_0.2.5-1.2+deb9u1.debian.tar.xz
Files:
1f23001fe458afe0ced5ca30621abf26 2038 libs standard
libtirpc_0.2.5-1.2+deb9u1.dsc
74e74cace3de5ff26e2da550c6dc74a2 16028 libs standard
libtirpc_0.2.5-1.2+deb9u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAluJnk1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EqjwP+wStYH5/V7ybkl/iYtX0GJhhbhVPELCA
Y9kxONkqO+e/msFRcqHBK48deYQHKukgiRhNT9JJgphMAICAxfX+tK5LojufS+c9
yfLSNj9zi6dKbzRvhGE5Ktx7r/mjSSYHtf9952AMAyBZP/+a2pOaDhcvkCevVw6u
mZhx5spTYeiatzXYfrIKWR38XfOvjFbnk95sJwYnPn6QXaKh6tIuF+CY9qUeSxvU
gla31l2W/SGXeXo214C5Fw9VAoKmGCG1w3eV1stF6FgWIaN4oxzpJ83E+H6wBnZ5
PH1qAYHa25lZIbpivNMwfFD8LZVhNZFlocJQtEHO7IozBhkdFB4241oOfqP2VGQm
+0GYKc4Cx0OI+EIam3QCiCtdqFqzJk7QIw0+T998OUGzbQqmuWTjo11x9NDDWQo5
OYTi++mWUuy27OHCQ6a5Nr3JDFqcPNWDI5lv7/uVT/XL04/dVeFhYODJ2Ejd3H42
JU9vrh6+zJaELlJZIZWcrEJQ4/O+yGm0hyQTlyqvuSDN1znxnPDfex5VmkLXYkEU
iG3Pwz0yvgKx4DsROMoWWa82mCCsWi4fCcf8XqhEXzfLAcIG/9s2BF6nl2drk576
Cl1Lyu5b8RyV1E9ds13drdIFRI5b7j+tnhOSvAiUZDL/ZkSQbMAwUuzA3/9ubjHW
diqLs23XxQPr
=M4GX
-----END PGP SIGNATURE-----
--- End Message ---
