Your message dated Mon, 19 Nov 2018 00:26:34 +0000 with message-id <e1goxoc-000iri...@fasolo.debian.org> and subject line Bug#913817: fixed in uriparser 0.9.0-1 has caused the Debian Bug report #913817, regarding uriparser: CVE-2018-19198 CVE-2018-19199 CVE-2018-19200 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 913817: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913817 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: uriparser Version: 0.8.6-1 Severity: important Tags: security upstream Control: found -1 0.8.4-1 Hi, The following vulnerabilities were published for uriparser. CVE-2018-19198[0]: | An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an | out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* | function because the '&' character is mishandled in certain contexts. CVE-2018-19199[1]: | An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an | integer overflow via a uriComposeQuery* or uriComposeQueryEx* function | because of an unchecked multiplication. CVE-2018-19200[2]: | An issue was discovered in uriparser before 0.9.0. UriCommon.c allows | attempted operations on NULL input via a uriResetUri* function. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-19198 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19198 [1] https://security-tracker.debian.org/tracker/CVE-2018-19199 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19199 [2] https://security-tracker.debian.org/tracker/CVE-2018-19200 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19200 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: uriparser Source-Version: 0.9.0-1 We believe that the bug you reported is fixed in the latest version of uriparser, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 913...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jörg Frings-Fürst <debian@jff.email> (supplier of updated uriparser package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 16 Nov 2018 07:57:14 +0100 Source: uriparser Binary: liburiparser1 liburiparser-dev liburiparser-doc Architecture: source Version: 0.9.0-1 Distribution: unstable Urgency: medium Maintainer: Jörg Frings-Fürst <debian@jff.email> Changed-By: Jörg Frings-Fürst <debian@jff.email> Description: liburiparser-dev - development files for uriparser liburiparser-doc - documentation files for uriparser liburiparser1 - URI parsing library compliant with RFC 3986 Closes: 913817 Changes: uriparser (0.9.0-1) unstable; urgency=medium . * New upstream release (Closes: #913817): - Fix CVE-2018-19198. - Fix CVE-2018-19199. - Fix CVE-2018-19200. * Refresh debian/liburiparser1.symbols. Checksums-Sha1: 9a06e3205aeeeb207baa1731dc042b0cd4774c24 2069 uriparser_0.9.0-1.dsc 9b5d849e2fc8f96c1b832c4510ca05d092d02ba6 371895 uriparser_0.9.0.orig.tar.bz2 cb2824acb8c391dd84fb553d4f878d8066e9343d 6596 uriparser_0.9.0-1.debian.tar.xz 1a1d3294385902c98d47194af8f2ae6c3a4a0249 5321 uriparser_0.9.0-1_source.buildinfo Checksums-Sha256: 13c8e0dbd4687027134dec7f50b9e84d946228e04ec6ba1a08fff69a8f65d151 2069 uriparser_0.9.0-1.dsc ec67eb34feda8eac166f281799f03ed48387694fca44f6f5852f61f8fb535e2c 371895 uriparser_0.9.0.orig.tar.bz2 cc82e295c7b33b1124f90fa5223c6681dcc786aa144e35d50218f55af90eda08 6596 uriparser_0.9.0-1.debian.tar.xz 86cbb45d96de92885398a8d421e79d3da375b43cff1b033edd31acd0393aa53a 5321 uriparser_0.9.0-1_source.buildinfo Files: 4bae7940001f9f9550cbe68af5d8dc86 2069 libs optional uriparser_0.9.0-1.dsc 16452063f65826f8d1b5fc3b13e71d3a 371895 libs optional uriparser_0.9.0.orig.tar.bz2 7a417d56c9d4129383f391fa10296267 6596 libs optional uriparser_0.9.0-1.debian.tar.xz b22fda8bf0e38de2f1ac8cb3d6513e2c 5321 libs optional uriparser_0.9.0-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEkjZVexcMh/iCHArDweDZLphvfH4FAlvx/mAACgkQweDZLphv fH5Awg//UN4G8n1P0lfaRqrZQdbQRfbR9pSQ0IKoKf+RkRCF5rkGOqEseyG2vIpd Yt2WVL08K8RcTRl7CSJ6zYq7nE/JvlP/7rqRHUXMPcYR+Whmt4yNZjyplphNnIJP NlnaVU+0uYw108mxLS4xKKochRYxL8BnbtbUl9TcTv+dm3MOJdR0tu4mvu+9kPKv 5K+dBkZb04L1aoKpYFd5O13PU8HtLBG4/WdXPpCTdfHMmMQ/ueOQO8wXoCsjeUIB UfQ5GXGo/GRGANcZDjhZD6DB2/qFj0el4PNV/SxWZkAXO73bFZbYcsg7CyR/I7qy oThe8h3wgrHIyyYqIqOlN14tPj0rieeTPrqurw8fKdqYvRUY5Aa8prb4KmAP8i7J 1HscKlD4gIJdENOQ1ZMHF6A0JAjUUFQCXbRHxQYAdMft6TZqFyBYgaUSf1HDmrBW KzJYCy0KsMqoMojh07AfA1JckDlDx/IzjynNMxgf5g9sNSW+CqTIxMSL67p3hnfL diUg7dClTG7UWVVev+sLtOHOrrswchN8ASWh6ekXFCbOV6YMDW0sqywf18ji9BSl yAkTGFxs/MHATETmvl0YERnBWehoZhoQY1xfw9ZZNmalFN18CG4qZvGeZSlelBFq PhguCAQk1/k/fvrk/W0mUik1k3GCjnDOJiVYyxSivYF1/oCzKhA= =N7LR -----END PGP SIGNATURE-----
--- End Message ---
