Your message dated Sun, 17 Apr 2022 15:32:51 +0000
with message-id <[email protected]>
and subject line Bug#1008265: fixed in zlib 1:1.2.11.dfsg-1+deb10u1
has caused the Debian Bug report #1008265,
regarding CVE-2018-25032: zlib memory corruption on deflate
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1008265: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008265
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: zlib
Version: 1:1.2.11.dfsg-2
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team <[email protected]>
This was assigned CVE-2018-25032:
https://www.openwall.com/lists/oss-security/2022/03/24/1
https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: zlib
Source-Version: 1:1.2.11.dfsg-1+deb10u1
Done: Salvatore Bonaccorso <[email protected]>
We believe that the bug you reported is fixed in the latest version of
zlib, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated zlib package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 28 Mar 2022 16:54:02 +0200
Source: zlib
Architecture: source
Version: 1:1.2.11.dfsg-1+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Mark Brown <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 1008265
Changes:
zlib (1:1.2.11.dfsg-1+deb10u1) buster-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix a bug that can crash deflate on some input when using Z_FIXED
(CVE-2018-25032) (Closes: #1008265)
Package-Type: udeb
Checksums-Sha1:
ad01e07ea3d392663348594eb4ed9bd7f2745650 2774 zlib_1.2.11.dfsg-1+deb10u1.dsc
e35534fa3637a4ec0787ddfa5fbaa784bca5fe35 23092
zlib_1.2.11.dfsg-1+deb10u1.debian.tar.xz
Checksums-Sha256:
3eddd036f314f8a7717c41fe7d3c935653afeb6b7f7bf6d9ad80c10ef1c4bdc3 2774
zlib_1.2.11.dfsg-1+deb10u1.dsc
eb26660e5b8a39f945a4fe1284e29b0279ded3513327e3cbd51c51921758f13f 23092
zlib_1.2.11.dfsg-1+deb10u1.debian.tar.xz
Files:
db557e73a35459dcf470e18d7fc63acc 2774 libs optional
zlib_1.2.11.dfsg-1+deb10u1.dsc
82dac8e2b7814db97e11f5675a6bcdc1 23092 libs optional
zlib_1.2.11.dfsg-1+deb10u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmJBzoZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EBGIP/31rPNNSMHdiDVwnbKlk+R4sV1+0JC5n
J79ZqhGHt/w0fHDbAmhJiJJ9GCJS3BdvUSf3VKyOZVaVq6HNuHQ5yE5XFnUysFRM
GkcVkO66GTjg+k+hOpadayonHQtMIEsCLGc+pQu+toGBTKi3jHm7bWXBOqNclW33
ejYPTpG9gZuz2ZiTH9sF6tFFs/1SJA0qX4PEM2m+3jlw+R8MexU7ZfE4G4GKE8I/
PVxSLUiL1WNe+4JRFmmYZHD25DxaDm4f1YnlnTbi+Kn0V6iyntVtfpik1txf8pI/
1kdf9UQFfkF3Z/NOqFOTGUJDVI9ePFWAKRGR55jmzvnw2tFE5HtUI+ja//zwrhfT
6RhD/pwY+N2kVCrpDYYBieySUprc6C89McNvCyuJmbTDSkhmmQx/HmepzuINM+P0
V6Jz2Gptqw74p2IsSFQMldkT5drNsJmkwKec65wQ6A1OJgwlHi8K6yqqiqg7Ff81
3G26Du8IegiGgyvhxe/oOxXnzh3webYMpjLYxaybL/16LIO+ajeWT+q9+dAZqApa
6ycOtOaSl7EzasM1F85WRUeDn3L6bCpn+xTI9EhUZ63NJ8ru7HIguWQDFBv1NXO7
YAfON3KXCM2AJDodbkxBxQ8U4kuKtleG6kMFKsNNmuB4Wc0cHifnji55zt5eo76m
+DbG3jBy9B/C
=lZah
-----END PGP SIGNATURE-----
--- End Message ---
