Bug#1003863: marked as done (nbd-client: infinite loop/OOM on using nbdtab option field)

[Debian Bug Tracking System]

Your message dated Mon, 14 Mar 2022 21:17:41 +0000
with message-id <e1nts4t-000glc...@fasolo.debian.org>
and subject line Bug#1003863: fixed in nbd 1:3.21-1+deb11u1
has caused the Debian Bug report #1003863,
regarding nbd-client: infinite loop/OOM on using nbdtab option field
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1003863: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003863
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: nbd-client
Version: 1:3.21-1
Severity: important
Tags: upstream
X-Debbugs-Cc: kain...@gmail.com

In nbd-client prior to 3.22, attempts to use the option field in
/etc/nbdtab (for example, to set a connect port) cause nbd-client to
infinitely loop and eventually OOM. This is patched upstream in
https://github.com/NetworkBlockDevice/nbd/commit/878ccb7d252cf1555484114ab8c6678035da6caa
and present in nbd-client 3.22.  If bullseye won't see an update to
3.22 or greater soon, this should probably be patched in.


-- System Information:
Debian Release: 11.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.15.5 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages nbd-client depends on:
ii  debconf [debconf-2.0]  1.5.77
ii  libc6                  2.31-13+deb11u2
ii  libgnutls30            3.7.1-5
ii  libnl-3-200            3.4.0-1+b1
ii  libnl-genl-3-200       3.4.0-1+b1

nbd-client recommends no packages.

nbd-client suggests no packages.

-- Configuration Files:
/etc/nbdtab changed [not included]

-- debconf information excluded

--- End Message ---

--- Begin Message ---

Source: nbd
Source-Version: 1:3.21-1+deb11u1
Done: Wouter Verhelst <wou...@debian.org>

We believe that the bug you reported is fixed in the latest version of
nbd, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1003...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Wouter Verhelst <wou...@debian.org> (supplier of updated nbd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 09 Mar 2022 10:02:32 +0200
Source: nbd
Architecture: source
Version: 1:3.21-1+deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Wouter Verhelst <wou...@debian.org>
Changed-By: Wouter Verhelst <wou...@debian.org>
Closes: 1003863 1006915
Changes:
 nbd (1:3.21-1+deb11u1) bullseye-security; urgency=medium
 .
   * Cherry-pick fixes for CVE-2022-26495 and CVE-2022-26496 from git
     master; Closes: #1006915.
   * Fix parsing of nbdtab in nbd-client; Closes: #1003863.
Checksums-Sha1:
 0f1af6de8c7fdd005d098899bc5ec2f1a2dbdf9d 2032 nbd_3.21-1+deb11u1.dsc
 c9926433a0f1d5e9e6a7ae6118b27faa2b6a3b32 1063667 nbd_3.21.orig.tar.gz
 8ba4fc80c130ea2f6dac3c3ba8583fe5ada09828 195588 nbd_3.21-1+deb11u1.diff.gz
 157fe4f6c60e69f6c2b8862a4908047df0d52b6b 11264 
nbd_3.21-1+deb11u1_source.buildinfo
Checksums-Sha256:
 c69fb50ef752489d969e6a9963f9909144f65dcabe26a05cbfbbc3f854e0f26c 2032 
nbd_3.21-1+deb11u1.dsc
 2c7866be37e63756c00ce54a0655e7a00cc76d256f9cf1c995d1dbe8879c5ae1 1063667 
nbd_3.21.orig.tar.gz
 23b773da332c64887bb7a9f2ea66060522ffe3ad51b6bae6eb24248680c43c52 195588 
nbd_3.21-1+deb11u1.diff.gz
 0cb723506aefbd510dc1fc741e73a3bb41480a9ce6526b123cc1d4fb5f8b29e4 11264 
nbd_3.21-1+deb11u1_source.buildinfo
Files:
 04ad6fc9f61671c971140451a7588a47 2032 admin optional nbd_3.21-1+deb11u1.dsc
 f55955c8044196d669cdfd2f94f35a4b 1063667 admin optional nbd_3.21.orig.tar.gz
 89ec32bcf590607ece07d8c24567d1c1 195588 admin optional 
nbd_3.21-1+deb11u1.diff.gz
 fdce659858dad5e7d11593756510b20f 11264 admin optional 
nbd_3.21-1+deb11u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCgAwFiEEm2n98/DaCUgGYSn3LfxRmVQYEpYFAmIq92ISHHdvdXRlckBk
ZWJpYW4ub3JnAAoJEC38UZlUGBKWj20P/RDAbreo2u8kgZYZIVaUFlLd3mGnsSJk
yj9lyRwaVrR0F9TF/AGm10LwT/P51RAm8Dendk4LnftiFb0PgNSDYbxR1Q2GWqBh
bqljCC02aeO9pGXh5Kf+nuUzXoqy21u95zY7raXpJN3KFE88PhqtOpalBBDOaqn3
sfgCcqZA3RaJqODor/gibftggK+myACnW4fLLtGWuN3pDrRPY3Ich+OC1mzO5TAK
uIasYRcSeT37khgIuVRmGghs6xD5u3EjgDbKnmQAjc7FMgGPCAp5fpF8IhH22/PX
2oyCc8rKVHEsE4myU+Q32vnSxQgAhCGA3emN/VHE+lXSX1yPP8EJwEMYC+hl7bOh
/15cT2YtO0QomiQxsAJ4OyLSlhgo+q/3twCbmbW6/kTWVtpyuI4/sAHLGfWH3p68
1Kph7pIATV2W/v00FQaSfG15KJEJgs3PIFWTnQlyawZjvjUAc9bZwJH+4Abe/khe
FHm/Py3T5IxwbnCJbGOQKHVyU+nMUXjGs8LnCOjlwFhGQPJHkFbuPzry6/SVwSQy
OWq3rYjZrk7MyJYSsdTAb73AAD3z1AZsUSG+45p/G7DgNIW1QkNcyYhLJdnOpKem
GKR1YCysk6DFTAIJ3WQEQj+J0/8EIpYjTcDu6SBZOwyOjy5WcL4rkypxl2QyAORu
LC5oky5/9F+T
=WnMx
-----END PGP SIGNATURE-----

--- End Message ---