Bug#994763: marked as done (ulfius: Fix CVE-2021-40540 in bullseye)

[Debian Bug Tracking System]

Your message dated Thu, 30 Sep 2021 19:02:09 +0000
with message-id <e1mw1jp-000h6i...@fasolo.debian.org>
and subject line Bug#994763: fixed in ulfius 2.7.1-1+deb11u1
has caused the Debian Bug report #994763,
regarding ulfius: Fix CVE-2021-40540 in bullseye
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
994763: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994763
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: ulfius
Version: 2.7.1-1
Severity: important
Tags: patch




-- System Information:
Debian Release: 11.0
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-8-amd64 (SMP w/4 CPU threads)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8), LANGUAGE not
set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Description: Fix CVE-2021-40540
Author: Nicolas Mora <babelou...@debian.org>
Forwarded: not-needed
--- a/src/ulfius.c
+++ b/src/ulfius.c
@@ -207,6 +207,7 @@
   UNUSED(cls);
 
   if (con_info != NULL) {
+    memset(con_info, 0, sizeof(struct connection_info_struct));
     con_info->callback_first_iteration = 1;
     con_info->u_instance = NULL;
     u_map_init(&con_info->map_url_initial);

--- End Message ---

--- Begin Message ---

Source: ulfius
Source-Version: 2.7.1-1+deb11u1
Done: Nicolas Mora <babelou...@debian.org>

We believe that the bug you reported is fixed in the latest version of
ulfius, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 994...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nicolas Mora <babelou...@debian.org> (supplier of updated ulfius package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 19 Sep 2021 15:39:39 -0400
Source: ulfius
Architecture: source
Version: 2.7.1-1+deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: Debian IoT Maintainers 
<debian-iot-maintain...@lists.alioth.debian.org>
Changed-By: Nicolas Mora <babelou...@debian.org>
Closes: 994763
Changes:
 ulfius (2.7.1-1+deb11u1) bullseye; urgency=medium
 .
   * d/patches: Fix CVE-2021-40540 (Closes: #994763)
Checksums-Sha1:
 828c4af5d0916e899ff65a05a18b385b3021b65f 2415 ulfius_2.7.1-1+deb11u1.dsc
 aa4c95c48f6e76c0c6744885e5680cf8687092cf 249751 ulfius_2.7.1.orig.tar.gz
 7e2759f3b69cae764634fdd4bc668d76ab8c2901 7292 
ulfius_2.7.1-1+deb11u1.debian.tar.xz
 31fd66ff1d39f72e0e51ea509764544dfbdb55ae 8992 
ulfius_2.7.1-1+deb11u1_amd64.buildinfo
Checksums-Sha256:
 73c1841cfd8de2f0061253f41f7c04d67ccc598fbed90565b07b4b1cf34b68a7 2415 
ulfius_2.7.1-1+deb11u1.dsc
 d5dfb90ac16fe9d8ce70fe6b23e43102d5208d4f0174196d3ef183d950d3a57b 249751 
ulfius_2.7.1.orig.tar.gz
 12687d5ad0966c9dc011600633da678bfbde73dd6fa82b9a453869b4cddba9c6 7292 
ulfius_2.7.1-1+deb11u1.debian.tar.xz
 e786edc98d4b02e39bd93063119f8fe878605e24df9159906f71f9b2e25ef08e 8992 
ulfius_2.7.1-1+deb11u1_amd64.buildinfo
Files:
 a9ecdfc164d80e708f77e2efe3d2c20f 2415 devel optional ulfius_2.7.1-1+deb11u1.dsc
 2236cc397f54769dbe55a888eecc791d 249751 devel optional ulfius_2.7.1.orig.tar.gz
 226796fa3e889745b73ff2f50e4dfa69 7292 devel optional 
ulfius_2.7.1-1+deb11u1.debian.tar.xz
 86858633a33667583e6af3f90aa824ee 8992 devel optional 
ulfius_2.7.1-1+deb11u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEhAWwL8wo75dEyPJT/oITlEC9IrkFAmFQYIIACgkQ/oITlEC9
IrmigQ//fysjjFUKgnsfJaxT85t8w+5Zx5SoInp3ZOJTQwCAt05YlDX00H+vHw3D
kMgBsg5cLRvZfTahgeJvbQwfYFUoYDISM1cjKaIQ8nGUN/dAktzoICR9NeEIhs+v
cLGnUlAa4N3W4jdIwZNgtdrjnayn6O46wmjmfdM2hJ3RC1XgbXvwzDc3msxFLu0O
YEfLLhJhALtrqKxlWFKUfUjkKfPnCtSKwVhgel+OOBsGW4recHPNH2Gu0UkksfuG
U0GFU8uCPD1ONf8mZ3HoAQGcUZsk0DEFw0e6aKxaF6EegNw/2urJG0s6Q0EUSz9p
ASYp9oS65i3y2qyL5+YVP9hGo+Lt5eIILCdOevZ8xubv6Z4WxnywHEZrDBP4v8lA
Jop/34I4N5fvwgx47sJh3VGjsfGiae/lbtQ8bojRizl/Sr8NjjzrEb568H5pgN0t
tWYrQf6fDVTBOv/zpjATG4CNJ+s72WmQVNvyp4vnKEg7/vWeiYV8wDi8rwWEAiWZ
wjlQuD2i+QSmXoUJj6U17yNKCTy6Jb3I8ajqFkNN9TqQuU0DF1bVhF9oQY4rgkYW
VvmWU8hO4lgh/2L6TUyxCqoCvJ4UwFgc+zHqOlkcP14+Jy4fOdIUdLiZulzRye1n
WKkllIJ0//Dh59JQP3iVconmN2lT9L9ll/ndPUGSLqzIfSIyDIM=
=/A10
-----END PGP SIGNATURE-----

--- End Message ---