Your message dated Fri, 19 Jul 2019 14:11:27 +0000
with message-id <[email protected]>
and subject line Bug#931323: fixed in libmatio 1.5.16-1
has caused the Debian Bug report #931323,
regarding libmatio: CVE-2019-13107
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
931323: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931323
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libmatio
Version: 1.5.13-3
Severity: important
Tags: security upstream
Hi,
The following vulnerability was published for libmatio.
CVE-2019-13107[0]:
| Multiple integer overflows exist in MATIO before 1.5.16, related to
| mat.c, mat4.c, mat5.c, mat73.c, and matvar_struct.c
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-13107
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13107
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libmatio
Source-Version: 1.5.16-1
We believe that the bug you reported is fixed in the latest version of
libmatio, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sébastien Villemot <[email protected]> (supplier of updated libmatio package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 02 Jul 2019 12:31:25 +0200
Source: libmatio
Binary: libmatio-dev libmatio-doc libmatio9 libmatio9-dbgsym
Architecture: source amd64 all
Version: 1.5.16-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Science Team
<[email protected]>
Changed-By: Sébastien Villemot <[email protected]>
Description:
libmatio-dev - MAT File I/O Library - development files
libmatio-doc - MAT File I/O Library - documentation files
libmatio9 - Library to read and write Matlab MAT files
Closes: 931323
Changes:
libmatio (1.5.16-1) experimental; urgency=medium
.
* New upstream version 1.5.16
Fixes CVE-2019-13107 (Closes: #931323)
* d/copyright: reflect upstream changes
* Drop patches applied upstream
+ avoid-int-mult-overflow.patch
+ fix-printing-vars-from-mat-v5.patch
+ fix-reading-vars-from-mat-v5.patch
* SONAME bump: the shared library package is now libmatio9
* Bump to debhelper compat level 12
* Bump S-V to 4.3.0
Checksums-Sha1:
973f1b4808af34cc86c8229ecddb2f3c1fb2c55d 2104 libmatio_1.5.16-1.dsc
62bb85fddd17748080347a18a95624e90671d30d 10050153 libmatio_1.5.16.orig.tar.gz
a97f153965452caeadf985706639a72283b060d7 6772 libmatio_1.5.16-1.debian.tar.xz
cb7ae69f68ce01499e8bef2609068575e169adff 105496 libmatio-dev_1.5.16-1_amd64.deb
c5fc8430c460c0c66c306521bbde82a6dd4c2d8d 209688 libmatio-doc_1.5.16-1_all.deb
aae80d3e07f69d487d4fd154507964085bfce41f 324464
libmatio9-dbgsym_1.5.16-1_amd64.deb
e5f3555e17dd2df398e940f26c8656c40d7372b3 98540 libmatio9_1.5.16-1_amd64.deb
5d69e4f2360625048fbae449a1fbb44681621f37 9116 libmatio_1.5.16-1_amd64.buildinfo
Checksums-Sha256:
7f259e10c49b1a49af5ae4bd870ff3aa087239193980d98c4344db919df4045c 2104
libmatio_1.5.16-1.dsc
47ba3d5d269d5709b8d9a7385c88c8b5fb5ff875ef781a1ced4892b5b03c4f44 10050153
libmatio_1.5.16.orig.tar.gz
c19df1a1502ea595dd87c67ea9169260b61f8763302d7de9af2c2fc31e69a451 6772
libmatio_1.5.16-1.debian.tar.xz
57ebcd775bdedb200ca7c35d45c9275e887e7cb1ab349617079fa6bd4283afff 105496
libmatio-dev_1.5.16-1_amd64.deb
a1fde6214466043442b3ebff895abe578fc71723942d47b1195f0b68a7600496 209688
libmatio-doc_1.5.16-1_all.deb
18a60c859db0879687ea539a5b3f33083aae69f5e526ea1e500b5ca0632db9a8 324464
libmatio9-dbgsym_1.5.16-1_amd64.deb
dde4d7a3f46b2461cfab2790b9449445750517fa35d7daf1f601d15b16941280 98540
libmatio9_1.5.16-1_amd64.deb
5d99e2e2a7566cf958e59233dd8dcbad0ce9b1ba3d8c7724ad610cdf92820d62 9116
libmatio_1.5.16-1_amd64.buildinfo
Files:
4bf86406c090a117f90b89428d3cfc30 2104 libs optional libmatio_1.5.16-1.dsc
ebfca3816e4950715584f0e1123ac806 10050153 libs optional
libmatio_1.5.16.orig.tar.gz
e47afc9cdeafa3748513331b923bb408 6772 libs optional
libmatio_1.5.16-1.debian.tar.xz
98e062aef647859246b7f9ce426119e3 105496 libdevel optional
libmatio-dev_1.5.16-1_amd64.deb
6b22d254c569a8a5f09ddd2aaaed53b1 209688 doc optional
libmatio-doc_1.5.16-1_all.deb
e8f0dc4363c17841dcd207fbddf99e59 324464 debug optional
libmatio9-dbgsym_1.5.16-1_amd64.deb
2ee964bb5bc71e48390fd896f95e3476 98540 libs optional
libmatio9_1.5.16-1_amd64.deb
3b7db34685a995d00158120d553e5ae3 9116 libs optional
libmatio_1.5.16-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEU5UdlScuDFuCvoxKLOzpNQ7OvkoFAl0bNLYACgkQLOzpNQ7O
vkpVZQ/9FXEa1hBfvRJnewMlAuuumWwnzas5kfkbRLHrXziVa2i96rYueCyg9b8F
rsEfgf6EaSHVAJBjKTC/4wF0UDPxdIuYWKqgpVMmKNbv3X970F3ngS1v2JKa1BEq
EIMcnAgpX4/TWOqXYQF9sJ/fYnV0LA2W0gjjK+KA80mRlWRVO19Ozb6qghBp5qAy
Kg5ML3c63VsyPkcvbF4Y7pQPNwP7qhXiA71AeFRWNw+fX+p0ll8OqnOyPPVrFRAu
P+FdBWUa2xDp9+SootgGFC2X4JkqSKTiPtaToWXd3whLBCtDMKpGh3ljWobqOgm7
kk6ZZSSZLp2hyIPpwqckEUYCRxHxzO0mOAFRa3GpYlGHRq7RYQX6wVkAQrXYQyo7
vEUcaLcaSjEmiHvg4G4VbAS/YKaOWyjSHRlpBp8TTV/3nnxmGcrgL0XiTDCtm93b
gH1hSXIUmTsJr5jKIlnGJaKdGHTHP2nqgUGkIBNnHZ7MrpHXlbKhlRXXip3HbnUj
uZqfvBWE53ejHMLpCM5g5G+bbQ0KKtSFMp5r0i70yDUJJu0I0tFYdp+bApxQ51k2
FfOsIASa2NtEXEKiD6TWMiUJeec0TG6GA9PCCT8Ol/08Ot4IHzHziLzBWP8mXTxD
nrYB9MJsrd1Etbs+DsMTDmwhO2+WW/AObJnOGzUpZfmzqf4Dxg8=
=nwCO
-----END PGP SIGNATURE-----
--- End Message ---
