Bug#930510: marked as done (radare2: CVE-2019-12802)

Debian Bug Tracking System Thu, 02 Jan 2020 16:03:35 -0800

Your message dated Fri, 03 Jan 2020 00:00:32 +0000
with message-id <[email protected]>
and subject line Bug#930510: fixed in radare2 3.8.0+dfsg-1
has caused the Debian Bug report #930510,
regarding radare2: CVE-2019-12802
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
930510: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930510
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Source: radare2
Version: 3.2.1+dfsg-5
Severity: important
Tags: security upstream
Forwarded: https://github.com/radare/radare2/issues/14296

Hi,

The following vulnerability was published for radare2.

CVE-2019-12802[0]:
| In radare2 through 3.5.1, the rcc_context function of
| libr/egg/egg_lang.c mishandles changing context. This allows remote
| attackers to cause a denial of service (application crash) or possibly
| have unspecified other impact (invalid memory access in
| r_egg_lang_parsechar; invalid free in rcc_pusharg).


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-12802
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12802
[1] https://github.com/radare/radare2/issues/14296

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: radare2
Source-Version: 3.8.0+dfsg-1

We believe that the bug you reported is fixed in the latest version of
radare2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastian Reichel <[email protected]> (supplier of updated radare2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 04 Sep 2019 20:07:17 +0200
Source: radare2
Binary: libradare2-3.8 libradare2-3.8-dbgsym libradare2-common libradare2-dev 
radare2 radare2-dbgsym
Architecture: source amd64 all
Version: 3.8.0+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Security Tools <[email protected]>
Changed-By: Sebastian Reichel <[email protected]>
Description:
 libradare2-3.8 - libraries from the radare2 suite
 libradare2-common - arch independent files from the radare2 suite
 libradare2-dev - devel files from the radare2 suite
 radare2    - free and advanced command line hexadecimal editor
Closes: 930344 930510 930590 930704 934204
Changes:
 radare2 (3.8.0+dfsg-1) unstable; urgency=medium
 .
   * New upstream release
    - Closes: #930344 (CVE-2019-12790)
    - Closes: #930510 (CVE-2019-12802)
    - Closes: #930590 (CVE-2019-12829)
    - Closes: #930704 (CVE-2019-12865)
    - Closes: #934204 (CVE-2019-14745)
   * Do not install NSFW fortunes messages
Checksums-Sha1:
 9c5131c050d164e41439b81653e3b7a0016f9f8d 2338 radare2_3.8.0+dfsg-1.dsc
 efb058ec18111e6d1a33db7c30ef144927a039e7 4519664 radare2_3.8.0+dfsg.orig.tar.xz
 23ebd44f4f2f056b101f77b1682a3ff3675e6c1f 15000 
radare2_3.8.0+dfsg-1.debian.tar.xz
 4dbd862a2e1df7ff08cbf347ec5edcd9c8d52ea8 8453112 
libradare2-3.8-dbgsym_3.8.0+dfsg-1_amd64.deb
 8c291878cd3e204d784a2b7fd3f981723b95a6f4 2871856 
libradare2-3.8_3.8.0+dfsg-1_amd64.deb
 7cd4001978f5331403dc2685fae85070186dd013 1137448 
libradare2-common_3.8.0+dfsg-1_all.deb
 eb733e6b4708f1a11287ab5cb74c1d1c425655e7 178636 
libradare2-dev_3.8.0+dfsg-1_amd64.deb
 bd9def81335c65fdd6d3c5515742320b24fb8427 199400 
radare2-dbgsym_3.8.0+dfsg-1_amd64.deb
 533c479defdf0550ce9837095f5ec67a16d75c83 8300 
radare2_3.8.0+dfsg-1_amd64.buildinfo
 7773dc98437d358732bf8130570e1f7c2dddfc6c 97116 radare2_3.8.0+dfsg-1_amd64.deb
Checksums-Sha256:
 a20ec7658d5c3827863510ab93c4c3d06112beedc25e3cdeb64b1f6f4672cb33 2338 
radare2_3.8.0+dfsg-1.dsc
 2d2eb6166ce80e5ea7635cf9dbc319d17e71a99b5727b1fbc9480bcaa8789d1e 4519664 
radare2_3.8.0+dfsg.orig.tar.xz
 42c975186ce122c64b2fcea22c90b65aea7dfbbfe9087316a2d5ad2ade2a3eec 15000 
radare2_3.8.0+dfsg-1.debian.tar.xz
 fa144181aa1b78afe2c199ec547f99c600c8225cc22aa6c2976116227b506f79 8453112 
libradare2-3.8-dbgsym_3.8.0+dfsg-1_amd64.deb
 290ab1534236a7aefbd1d4d21e7313c34ea67ac5328b1d6a11c73676ea011713 2871856 
libradare2-3.8_3.8.0+dfsg-1_amd64.deb
 b53dff577cabc3e59e1755edd98465c42cc7603d7e832f44a1f9a4e35adebf30 1137448 
libradare2-common_3.8.0+dfsg-1_all.deb
 705b672415a70e07fde7401f164a07ecf71662acf76d4a6f255d91107cb0d9a7 178636 
libradare2-dev_3.8.0+dfsg-1_amd64.deb
 82b5f89fb5484fa9e64e1163c44840f93a77fcb71b9da563cdd461b48db6529e 199400 
radare2-dbgsym_3.8.0+dfsg-1_amd64.deb
 98d027259d0372478ead38e90b3f15746c2aa4dcdfdb614d6aa3ea49ffbccdfd 8300 
radare2_3.8.0+dfsg-1_amd64.buildinfo
 5d1114db26ce6bc01da35e24e9bcc4f47a56bda142227d1936ac378e94bd77a2 97116 
radare2_3.8.0+dfsg-1_amd64.deb
Files:
 b66b8263502cb6f35fdd5c6fb7d96e89 2338 devel optional radare2_3.8.0+dfsg-1.dsc
 d0a2c21a05ad47089a36973ed5228279 4519664 devel optional 
radare2_3.8.0+dfsg.orig.tar.xz
 ec5882b5c3e9604b0c939bda28961dff 15000 devel optional 
radare2_3.8.0+dfsg-1.debian.tar.xz
 06f4eae14823fd6b5c201d2692dbe0f8 8453112 debug optional 
libradare2-3.8-dbgsym_3.8.0+dfsg-1_amd64.deb
 669b8abb9afd16c36eb7b22632bf0655 2871856 libs optional 
libradare2-3.8_3.8.0+dfsg-1_amd64.deb
 8e4a473a3316b5653a693c3a1045a2da 1137448 devel optional 
libradare2-common_3.8.0+dfsg-1_all.deb
 f7035f485e99fc7a90933dea676a6e13 178636 libdevel optional 
libradare2-dev_3.8.0+dfsg-1_amd64.deb
 6f00e2923f0c80f143aa15ac6d463548 199400 debug optional 
radare2-dbgsym_3.8.0+dfsg-1_amd64.deb
 bfdff0f0cb03016c84d4431cd25259da 8300 devel optional 
radare2_3.8.0+dfsg-1_amd64.buildinfo
 5cb47b0ad41e9312cc40f5208ecc7f0f 97116 devel optional 
radare2_3.8.0+dfsg-1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQJDBAEBCgAtFiEE72YNB0Y/i3JqeVQT2O7X88g7+poFAl179PgPHHNyZUBkZWJp
YW4ub3JnAAoJENju1/PIO/qar1IP/2DdLauAAy8eJyxl+HFi6wpYlCWm8fMTXvrq
H/ZwT5P53jBU2n4vKsWnmlqWOgN7JG7i/DEwNaqIZybV8rFfRaGiyNOHCS6XXGIN
2n9gKy/fwBIiqmIqcXTK1lr5rmSYdIgTOCU2UhS2uohsesYCB9O6ngpeVqSV/+y0
j1ZMdT2kCXI0tlPaEFJthu49CO6gGr4e019/tdo5AOB8UZUxRrJOTKSLFs4bHHVf
bQ7dRWfmd/tP3cluFbIev2ZonMNP70VwH47Hz8wXU7G6PcT+u7Joyscbn0YLqgew
AFtfbIWwwPOW56a+VOmbSEdeWwvlBYvJ9k3c3TdI2xYEiNFTCbx37p/oVJTFegw/
AWYqIlgWc5jYjbbPKejW6nlov5zK9xc1scY8sFMYt7Gxv0aj3QlCmoIEAPjkqENT
XHIiwXy+WXTw6yGY2mmlDmYb1O47RsvQKGeeJ/UxCTTZ4Ordte7dl2YoxTh+gVhH
zSlru3r0Er2VlQVO0w9ypy3O4FVwv5w3E+oOGYzL21bFW7FErz3MUaIGV3PCCWv9
NWTc9En3O8aVbSzD/iaC2j2ItxSsXRFZ4n8lg+it32sXMxOtA6pAuBjd8/ll+Odu
jpMiSVKgXLXEA4QStJvfNVgz79wiM98v9CRQBs911YORfHYzuxR+J93p2K1Nnm3u
6lAj94Qw
=DBPA
-----END PGP SIGNATURE-----

--- End Message ---

Bug#930510: marked as done (radare2: CVE-2019-12802)

Reply via email to