Your message dated Mon, 18 Oct 2021 08:23:58 +0000
with message-id <[email protected]>
and subject line Bug#996591: fixed in libgclib 0.12.7+ds-2
has caused the Debian Bug report #996591,
regarding libgclib: CVE-2021-42006
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
996591: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=996591
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libgclib
Version: 0.12.7+ds-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/gpertea/gclib/issues/11
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for libgclib.
CVE-2021-42006[0]:
| An out-of-bounds access in GffLine::GffLine in gff.cpp in GCLib 0.12.7
| allows an attacker to cause a segmentation fault or possibly have
| unspecified other impact via a crafted GFF file.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-42006
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42006
[1] https://github.com/gpertea/gclib/issues/11
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libgclib
Source-Version: 0.12.7+ds-2
Done: Andreas Tille <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libgclib, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Tille <[email protected]> (supplier of updated libgclib package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 18 Oct 2021 09:55:11 +0200
Source: libgclib
Architecture: source
Version: 0.12.7+ds-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Med Packaging Team
<[email protected]>
Changed-By: Andreas Tille <[email protected]>
Closes: 996591
Changes:
libgclib (0.12.7+ds-2) unstable; urgency=medium
.
* Fix CVE-2021-42006
Closes: #996591
Checksums-Sha1:
a6d9be3d0b5074d44fc3b5847ab60a45fc47f04c 2169 libgclib_0.12.7+ds-2.dsc
d3f634bc6405ea20cb132f7f017f90bf11899ab4 13572
libgclib_0.12.7+ds-2.debian.tar.xz
56476ed3096846446016af08c66baf710e1ace46 6774
libgclib_0.12.7+ds-2_amd64.buildinfo
Checksums-Sha256:
4ab0e5e6137e2efc328e0ac123a6fe9653139a66e5a0ace2dcb877653cca9cd7 2169
libgclib_0.12.7+ds-2.dsc
31b370395ed8685719ce604ad611156b8a7611ee4abfb344676a69c2e0361079 13572
libgclib_0.12.7+ds-2.debian.tar.xz
4c70d55e6ec739e6930a31c1e4285c2d808689aa9014dc172849067e1736a751 6774
libgclib_0.12.7+ds-2_amd64.buildinfo
Files:
4c01e59f91b40eb8912181facb1ff377 2169 science optional libgclib_0.12.7+ds-2.dsc
09d7b840c13558a5bf2d92600fca8b84 13572 science optional
libgclib_0.12.7+ds-2.debian.tar.xz
854164064762196c975ac8e3dea4dffe 6774 science optional
libgclib_0.12.7+ds-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEE8fAHMgoDVUHwpmPKV4oElNHGRtEFAmFtLBURHHRpbGxlQGRl
Ymlhbi5vcmcACgkQV4oElNHGRtFTbg/8CuCvjv2H5kPzN0fTiS6P6Ob+f3QYaKA8
OVIVazXMmyRwbFY806fP/g/XBscSiRdOwJRT8MVWthDcI4y5dHZ4+42NPBvagSVE
aKOlXWWfeBqisRbKDWY10f8Gna8D6/LcgYDHvjRvkjDcXNa9liO2kPth/21IhEjv
K/9x+rsAFnZWWi01rDgS487mL4SuvPie2XcXHwilvrxKdrODIM72HtfkFD47U+V1
kYqyH3SAQSIfzjSK5e355UAE6gmWzyO196B1xnNYFJSO15uzmoRIl0GKhFrQflwY
Mweu5VyV5Qi3czDY1Sy7M0Y2i04krqjLwv3lkOwiaPok66EbasMRV59wPlw5RdpP
Xbds9n6Uhh3v0VOgh06fxEPzAaKS8yeyKg9k3CTOP4ji5IBaEfJIeBhgTWmgmKCL
0xj5auwdhyua/4T+TBfpki+ygPsB2ZOm0pjVOBPE5X/iyv+anFtZhd5Yb/FBM+6t
1NiKsGqHFkC4X78wrLtDC4oBz8tdJhNkivtU4/lrXVVrYYGiI9Z9nHzZy4zUywJC
hFkPtQFuUwjXQnIqlUY76u160eCunflvMBBldYO05dpgSRk/EHcWnno17yvtTath
feAThUV5adSRh0YEzBCIH4Sh/kbdvK4sHEQgBwKvMrhyx/+2tEPbM6IuIFxC0ZFt
MLg4pzGhbZY=
=mck9
-----END PGP SIGNATURE-----
--- End Message ---