Your message dated Mon, 18 Jul 2022 13:45:06 +0000
with message-id <[email protected]>
and subject line Bug#1008000: fixed in rtl-433 21.12+git20220718+ds-1
has caused the Debian Bug report #1008000,
regarding rtl-433: CVE-2022-25050 CVE-2022-25051
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1008000: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008000
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: rtl-433
Version: 21.12-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/merbanan/rtl_433/issues/1960
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerabilities were published for rtl-433.
CVE-2022-25050[0]:
| rtl_433 21.12 was discovered to contain a stack overflow in the
| function somfy_iohc_decode(). This vulnerability allows attackers to
| cause a Denial of Service (DoS) via a crafted file.
CVE-2022-25051[1]:
| An Off-by-one Error occurs in cmr113_decode of rtl_433 21.12 when
| decoding a crafted file.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-25050
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25050
[1] https://security-tracker.debian.org/tracker/CVE-2022-25051
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25051
[2] https://github.com/merbanan/rtl_433/issues/1960
[3]
https://github.com/merbanan/rtl_433/commit/2dad7b9fc67a1d0bfbe520fbd821678b8f8cc7a8
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: rtl-433
Source-Version: 21.12+git20220718+ds-1
Done: Gürkan Myczko <[email protected]>
We believe that the bug you reported is fixed in the latest version of
rtl-433, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Gürkan Myczko <[email protected]> (supplier of updated rtl-433 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 18 Jul 2022 14:36:55 +0200
Source: rtl-433
Architecture: source
Version: 21.12+git20220718+ds-1
Distribution: experimental
Urgency: medium
Maintainer: Gürkan Myczko <[email protected]>
Changed-By: Gürkan Myczko <[email protected]>
Closes: 1008000 1009788
Changes:
rtl-433 (21.12+git20220718+ds-1) experimental; urgency=medium
.
* New upstream version. (Closes: #1008000, #1009788)
(Addresses CVE-2022-25050, CVE-2022-25051, CVE-2022-27419)
Checksums-Sha1:
0b3d51efcfa0be8c7e76f71d060512ee506787d5 2006
rtl-433_21.12+git20220718+ds-1.dsc
0cc479b74c5f843e68f80d7af89b02511700705d 776136
rtl-433_21.12+git20220718+ds.orig.tar.xz
b7a4974a7149cfbf5e8c92a10864acc39529eaa9 5612
rtl-433_21.12+git20220718+ds-1.debian.tar.xz
4fb645d28c81da2a7cddd88f1025436f7a42fe7d 8123
rtl-433_21.12+git20220718+ds-1_source.buildinfo
Checksums-Sha256:
edb54d2f5cdc71699a746c083019fe85ff80d5399487793cb776f190623ae03c 2006
rtl-433_21.12+git20220718+ds-1.dsc
98ae97c3e624e93fadc3064a567238d69a0e5a6233173f4307ec0a5554812b63 776136
rtl-433_21.12+git20220718+ds.orig.tar.xz
ad8839dab49979f98bc4d292080a3c278210720ae699469f77ccb00fdfd9b35f 5612
rtl-433_21.12+git20220718+ds-1.debian.tar.xz
499296112b288f9d7a82293af4a3dbde9adc8d775c9a3fedfd6eb0657e4cb5d0 8123
rtl-433_21.12+git20220718+ds-1_source.buildinfo
Files:
c1b8a957f6b4115d2f8557df21de7d22 2006 hamradio optional
rtl-433_21.12+git20220718+ds-1.dsc
035aa5d68d59b2e77587ad29b4379adf 776136 hamradio optional
rtl-433_21.12+git20220718+ds.orig.tar.xz
0ed63613e113be2e3e9197570c6f9919 5612 hamradio optional
rtl-433_21.12+git20220718+ds-1.debian.tar.xz
b06aa341e7f146ddb18eb32221fa756c 8123 hamradio optional
rtl-433_21.12+git20220718+ds-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEtgob82PcExn/Co6JEWhSvN91FcAFAmLVVzEACgkQEWhSvN91
FcBryA/9Gw/D7KYIiBghfihaGadFeckcD1Y2U5jDEdvFfPPTeSI8pXlvNbvh44BU
G66YyfXOLeohE3YSe1dueK1egpPeWGkuba0295sEuUwjmHuQKQHDy1lYccbKcaHS
H+8Gw7r8KewzdxuEetkvdVMA1DzZblOL9V5f6oEqADXcEJrTmHIJa2whJhG4hwu3
iDr2RYTFDU611bwl5v++Mj2L5sDawP/pg9msKlXT4PYCy7fvRPrjI80FcBq0G4wV
0KUIBYfDMT0iIW63WglorWu1CdGle/0rEJsRWXcelsfZkqHp4Hg++1yrIMpT8IXI
e4ckp3sgRaSN3ZT0UUAPU2WHGY70oFmOb3bsvaBfOR9dNAdzvJzotN56Y4j4T+Vg
2H5/xbjZ4adupPLv646Vi7FpMsleLx8IpTQ07UZwip8RB3TAnqqg42QcdQwXXoZ5
zR7LM4fuf8yffer6uGRK1KwDho4g6LcwKYqL2jIjhWTn4A3e5Bj/VY6uZpdym8t9
HMIePTLba8JEhIba31zo3RulGz/sVW+6Nu9NY+JQtAr3zO+2raaqmgZGKPlMfgNb
mjkAJs2PF3u483zz0g8lInIk2Xg2TGARgAbrEP0yf+88/FI90LCk3qyspduHVr4i
rjoeOPMgIIh1Pf8x1WfDrIC1V3VEM9xYpTUqpU+DDBXf8ozZGO0=
=jYEg
-----END PGP SIGNATURE-----
--- End Message ---
