Your message dated Tue, 11 May 2021 18:49:07 +0000
with message-id <[email protected]>
and subject line Bug#988239: fixed in libgetdata 0.10.0-10
has caused the Debian Bug report #988239,
regarding libgetdata: CVE-2021-20204
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
988239: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988239
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libgetdata
Version: 0.10.0-9
Severity: important
Tags: security upstream
Forwarded: https://bugs.launchpad.net/ubuntu/+source/libgetdata/+bug/1912050
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 0.10.0-5
Hi,
The following vulnerability was published for libgetdata.
CVE-2021-20204[0]:
| A heap memory corruption problem (use after free) can be triggered in
| libgetdata v0.10.0 when processing maliciously crafted dirfile
| databases. This degrades the confidentiality, integrity and
| availability of third-party software that uses libgetdata as a
| library. This vulnerability may lead to arbitrary code execution or
| privilege escalation depending on input/skills of attacker.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-20204
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20204
[1] https://bugs.launchpad.net/ubuntu/+source/libgetdata/+bug/1912050
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1956348
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libgetdata
Source-Version: 0.10.0-10
Done: Anton Gladky <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libgetdata, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Anton Gladky <[email protected]> (supplier of updated libgetdata package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 09 May 2021 14:27:38 +0200
Source: libgetdata
Architecture: source
Version: 0.10.0-10
Distribution: unstable
Urgency: medium
Maintainer: Debian Science Maintainers
<[email protected]>
Changed-By: Anton Gladky <[email protected]>
Closes: 988239
Changes:
libgetdata (0.10.0-10) unstable; urgency=medium
.
* Team upload.
* Fix CVE-2021-20204. (Closes: #988239)
Checksums-Sha1:
eebb060c72f0997c73debbb9e646c93e324f5674 2756 libgetdata_0.10.0-10.dsc
0dabe8c29140c445c3866297c0af4d5f9e8075ea 7048
libgetdata_0.10.0-10.debian.tar.xz
5320b61004440c70ce07658fc6cf975c8185a63f 7355
libgetdata_0.10.0-10_source.buildinfo
Checksums-Sha256:
283fd127c2df64c63968b9362e905723d6d11508950f743725440a6c3c460140 2756
libgetdata_0.10.0-10.dsc
624d7abb754c01749f737d61e1d688aee637b6a6db5815f50c7f48ed374b0532 7048
libgetdata_0.10.0-10.debian.tar.xz
835caa01a218263b307ab012582048b57e6c227b0ce8ac14a58d01a7550cd766 7355
libgetdata_0.10.0-10_source.buildinfo
Files:
3a18c6a2b9edb40d8d4bd2ca917bfeb3 2756 science optional libgetdata_0.10.0-10.dsc
f8086dda5d507addc38f660ee4ead310 7048 science optional
libgetdata_0.10.0-10.debian.tar.xz
519ec62b36f9869f29f7af9a86108d82 7355 science optional
libgetdata_0.10.0-10_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmCa0BsACgkQ0+Fzg8+n
/wZEAw//f57HwfwcCmq6aNIbAenqako6F5nrjDxqyaTaOTlcRoytrcQwKVY8vNlh
3iyjKWBqBn3eDhoM7Bu5fum/AlS5ePOd0rL/I6RYj4n8w9wiIZZW3NGDEjhU0zUe
ilvfaJT9ZOOeW+TOjMoVvTvQ526ayreTBZRxTahcQuhoZa6rppqtiY8wDXMmi4yc
6LHlmkd6jMTjS/XTwyoJLZh4BHU8vcoRz8yMeZ9Lhkkg2cY3pLkgBfAdY3VxoMBU
+hC9TSAwTXJ87IKTBhM603i8QIWsLl6/Tfd0jE0Tw+CoGrwicv5P8NIHYAmN5i2l
gfq8svCeS3stCJwN1fhciwEi0DuKykcAMUL8EiYelrTz18KxIDBK0uMhYc/N14Ud
BblRLa2NAPDvDmTRLapzsMu7+m6S5B/UgG8R0n5tO8z4c+ijWBMeKa2PadALditE
vtZ1e87PUTET/EXmO8MIHcFazxijOKoXoysKvlEKTiyJhWDIbmlVJtuLE2H5KeYo
IHa7+qOoE/m6B0oqTDo1tXIEYJUC1X0p8nQVIST5yT0VZsF/seaDXvkzBaDeBl1U
NmRgPCwcBkkfqvS8cBnotgKSQFeni3r17qdVLka+6p9MNFWx4/8NL0fxfEnNQWNE
7sulh8tC7ZpoUNjl7zqtex/eg+ShxfDqdA9yCs1CNzHbL2XLGcU=
=6SnF
-----END PGP SIGNATURE-----
--- End Message ---
