Bug#1008236: marked as done (php-guzzlehttp-psr7: CVE-2022-24775)

Sat, 26 Mar 2022 07:39:19 -0700 

Your message dated Sat, 26 Mar 2022 14:35:57 +0000
with message-id <[email protected]>
and subject line Bug#1008236: fixed in php-guzzlehttp-psr7 1.8.5-1
has caused the Debian Bug report #1008236,
regarding php-guzzlehttp-psr7: CVE-2022-24775
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1008236: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008236
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: php-guzzlehttp-psr7
Version: 1.8.3-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerability was published for php-guzzlehttp-psr7.

CVE-2022-24775[0]:
| guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to
| 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker
| could sneak in a new line character and pass untrusted values. The
| issue is patched in 1.8.4 and 2.1.1. There are currently no known
| workarounds.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-24775
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24775
[1] https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: php-guzzlehttp-psr7
Source-Version: 1.8.5-1
Done: David Prévot <[email protected]>

We believe that the bug you reported is fixed in the latest version of
php-guzzlehttp-psr7, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
David Prévot <[email protected]> (supplier of updated php-guzzlehttp-psr7 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 25 Mar 2022 10:05:14 +0100
Source: php-guzzlehttp-psr7
Architecture: source
Version: 1.8.5-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PHP PEAR Maintainers <[email protected]>
Changed-By: David Prévot <[email protected]>
Closes: 1008236
Changes:
 php-guzzlehttp-psr7 (1.8.5-1) unstable; urgency=medium
 .
   [ Graham Campbell ]
   * Release 1.8.5 (#491) fixing improper header parsing [CVE-2022-24775]
     (Closes: #1008236)
Checksums-Sha1:
 a9ce4205d10ac8027a158250cb19f72c8edabc80 1902 php-guzzlehttp-psr7_1.8.5-1.dsc
 64211bc0838ed6e69bcf1e3178e6ac8675f4df10 65700 
php-guzzlehttp-psr7_1.8.5.orig.tar.xz
 86695ed5b30e613e2ed4c82b500fef4897a69f2a 4444 
php-guzzlehttp-psr7_1.8.5-1.debian.tar.xz
 de69160b0347e4ef646889468ebb45f8111db2ca 7719 
php-guzzlehttp-psr7_1.8.5-1_amd64.buildinfo
Checksums-Sha256:
 98c1f8d00e0eeecedcc4555646b5e405260430aa63817f29c2c8f8484b50fb04 1902 
php-guzzlehttp-psr7_1.8.5-1.dsc
 1161b5d9dacfb9324ce9f64b23fa895610908dc3342b17e90e7a4527ee9acd20 65700 
php-guzzlehttp-psr7_1.8.5.orig.tar.xz
 648215ff2983adfe29ca8b02d986c33a30a74258e938d4c7f0930f02e8a3cd5e 4444 
php-guzzlehttp-psr7_1.8.5-1.debian.tar.xz
 2ffb0b0eace42def5306ceca43e5d6feab041f3aab0ddec1f4b9a640b7c84799 7719 
php-guzzlehttp-psr7_1.8.5-1_amd64.buildinfo
Files:
 28d6fef629fd4af329c1457572225da1 1902 php optional 
php-guzzlehttp-psr7_1.8.5-1.dsc
 216461c2ba7b70e8a4f78e177837d52f 65700 php optional 
php-guzzlehttp-psr7_1.8.5.orig.tar.xz
 f5f11fe8926e096e87f038880774ca05 4444 php optional 
php-guzzlehttp-psr7_1.8.5-1.debian.tar.xz
 2ee098321f8cd7c5b2a4d1f50f51f383 7719 php optional 
php-guzzlehttp-psr7_1.8.5-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEeHVNB7wJXHRI941mBYwc+UT2vTwFAmI/G9sACgkQBYwc+UT2
vTyoJwf/ZeQiz+ZqOLZaBLlFv8V/cOWEoYsMC/vX4SrTr7PphfOYLUCOm0kHXQXw
KZQq6jLaUagAT/4nN/155TvlBcXza5gDFyDbGiKrYjPcnIcUkkEQKZmXm58h4WPY
Pb6F4X5d/LK710ITO6OuSdgRtkKKSOSrrkeqAuvw46nHJv01Hg56Gsai9vx4vNlu
qKqSSvGz9WFo55IlpwAT+ClsXgduaLtc/mf7NOVeBr9EbpkRS0yOyugfxjfXjeeW
cH3QeTtn+WvpIAMJ2+Vwi8YofttiDLEi98IlfCD5HBjrqW/qXIZlwV/JPuqt2RSr
4oFMSsuPmNBh4MGgtzUKpsMWjz34aw==
=2gHB
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to