Bug#1008236: marked as done (php-guzzlehttp-psr7: CVE-2022-24775)

Sat, 26 Mar 2022 07:39:21 -0700 

Your message dated Sat, 26 Mar 2022 14:36:04 +0000
with message-id <[email protected]>
and subject line Bug#1008236: fixed in php-guzzlehttp-psr7 2.2.1-1
has caused the Debian Bug report #1008236,
regarding php-guzzlehttp-psr7: CVE-2022-24775
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1008236: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008236
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: php-guzzlehttp-psr7
Version: 1.8.3-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerability was published for php-guzzlehttp-psr7.

CVE-2022-24775[0]:
| guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to
| 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker
| could sneak in a new line character and pass untrusted values. The
| issue is patched in 1.8.4 and 2.1.1. There are currently no known
| workarounds.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-24775
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24775
[1] https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: php-guzzlehttp-psr7
Source-Version: 2.2.1-1
Done: David Prévot <[email protected]>

We believe that the bug you reported is fixed in the latest version of
php-guzzlehttp-psr7, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
David Prévot <[email protected]> (supplier of updated php-guzzlehttp-psr7 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 25 Mar 2022 09:43:25 +0100
Source: php-guzzlehttp-psr7
Architecture: source
Version: 2.2.1-1
Distribution: experimental
Urgency: medium
Maintainer: Debian PHP PEAR Maintainers <[email protected]>
Changed-By: David Prévot <[email protected]>
Closes: 1008236
Changes:
 php-guzzlehttp-psr7 (2.2.1-1) experimental; urgency=medium
 .
   [ Graham Campbell ]
   * Release 2.2.1 (#493) fixing improper header parsing [CVE-2022-24775]
     (Closes: #1008236)
Checksums-Sha1:
 ec94ff9201eaeca0ffe34dbeb1bb565f598509f9 1979 php-guzzlehttp-psr7_2.2.1-1.dsc
 71fee654cc7487f56b103364351d507abf4a008c 76288 
php-guzzlehttp-psr7_2.2.1.orig.tar.xz
 efe3794527af53120b8a474446bec12dd7ecab5d 4992 
php-guzzlehttp-psr7_2.2.1-1.debian.tar.xz
 1a7523cc74ba7a62429d966ebd9aff8d6cd15dfe 7804 
php-guzzlehttp-psr7_2.2.1-1_amd64.buildinfo
Checksums-Sha256:
 94ad6d05ec9c708647e957efa46c0ab67e826d78f93ecdc679b08619e74d10a7 1979 
php-guzzlehttp-psr7_2.2.1-1.dsc
 199fe89d57a611dcd96c56e66df6dcb50871c7d4cefbb12ec12f04ded0f486fc 76288 
php-guzzlehttp-psr7_2.2.1.orig.tar.xz
 ed9c753d4841f59dab86e2a38d60286358ec7735137961d6817a1b74cc3891e2 4992 
php-guzzlehttp-psr7_2.2.1-1.debian.tar.xz
 8c2c76745c54d17354f8c9925843435f9be53fbde3a9cc9c6ac2b384e25ad472 7804 
php-guzzlehttp-psr7_2.2.1-1_amd64.buildinfo
Files:
 0e894fb8ce4ff305cfaef92f4ae8a710 1979 php optional 
php-guzzlehttp-psr7_2.2.1-1.dsc
 0d57186762678defde6746f46d7ba0b7 76288 php optional 
php-guzzlehttp-psr7_2.2.1.orig.tar.xz
 80fb99f9dd74da16e039965c589a5501 4992 php optional 
php-guzzlehttp-psr7_2.2.1-1.debian.tar.xz
 6b6862f1bd8fd33e6514b3bab0998e99 7804 php optional 
php-guzzlehttp-psr7_2.2.1-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEeHVNB7wJXHRI941mBYwc+UT2vTwFAmI/G90ACgkQBYwc+UT2
vTyc7wgAsPftWzjEq3KTWgr8isetlx/9v1cD9XWSKOWOgri31G6AyJiUt6tYOrEY
0IQGHPQvsQjJDviYplHw2oJQ0Y2e3E4dwMVqLUqmQBVc1psBeJ5qcsQhPJF2a0oB
Nsv7DITCGs05WEvIod1sFgbHYvA2Tib6FzcEYNG25ke2PcW4rIgxJa4wIFz8Jhic
XTPqJy8wHmanZ/ygWrmLR39p4b9MiiDeYeeIsLgBIIqsBTuuTCXomk7/f80elLYe
pY1v2PKXCORcGNkPdm9Nh59zVeJE4MS6CUN/bYFKYNlWNBizM9f50QAC/d849nwv
hVwp2Twsp7YVQpbZqq5bSlvXb3kHJg==
=IFph
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to