Your message dated Tue, 18 Oct 2022 06:19:16 +0000
with message-id <[email protected]>
and subject line Bug#1021270: fixed in libmodbus 3.1.6-2.1
has caused the Debian Bug report #1021270,
regarding libmodbus: CVE-2022-0367
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1021270: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021270
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libmodbus
X-Debbugs-CC: [email protected]
Severity: grave
Tags: security
Hi,
The following vulnerability was published for libmodbus.
CVE-2022-0367[0]:
| A heap-based buffer overflow flaw was found in libmodbus in function
| modbus_reply() in src/modbus.c.
https://bugzilla.redhat.com/show_bug.cgi?id=2045571
https://github.com/stephane/libmodbus/issues/614
Fixed by:
https://github.com/stephane/libmodbus/commit/b4ef4c17d618eba0adccc4c7d9e9a1ef809fc9b6
(v3.1.7)
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-0367
https://www.cve.org/CVERecord?id=CVE-2022-0367
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: libmodbus
Source-Version: 3.1.6-2.1
Done: Adrian Bunk <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libmodbus, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Adrian Bunk <[email protected]> (supplier of updated libmodbus package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 15 Oct 2022 13:51:42 +0300
Source: libmodbus
Architecture: source
Version: 3.1.6-2.1
Distribution: unstable
Urgency: medium
Maintainer: SZ Lin (林上智) <[email protected]>
Changed-By: Adrian Bunk <[email protected]>
Closes: 1021270
Changes:
libmodbus (3.1.6-2.1) unstable; urgency=medium
.
* Non-maintainer upload.
* CVE-2022-0367: Heap-based buffer overflow in modbus_reply()
(Closes: #1021270)
Checksums-Sha1:
eb9a7009d730ed33194f5ccd336a448fcc93f29c 2012 libmodbus_3.1.6-2.1.dsc
44d44f0e212f28d29c7996d31ac74d3d974a6216 8644 libmodbus_3.1.6-2.1.debian.tar.xz
Checksums-Sha256:
3b6784f583efbdbf3f1ef375cbf418247509a3a060166d6521726662db001b4b 2012
libmodbus_3.1.6-2.1.dsc
0ca7b670979a2a258f61ea8ea3b6a07729cd5c4e0a3863ce17b592e19065fa66 8644
libmodbus_3.1.6-2.1.debian.tar.xz
Files:
23d6f7983bad290e1b6bae6d5fa4fb82 2012 libs optional libmodbus_3.1.6-2.1.dsc
e49d2d1b33b1172cba04d82bdc92c80b 8644 libs optional
libmodbus_3.1.6-2.1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmNKkroACgkQiNJCh6LY
mLH3PA//dQlqsqYxkyt7W29uZhTVLWTcO2I7IerKmLqLxogL15tmFLZt9pVjpPYI
48zZGO2VqA3La7pZVj98XGlEu/Bvksu2xm+8p7sMA1IiuQUcsJeB5SPczC9vB4yz
/jkgftIqd8nNPeC3pId1IbUsSDZVaLumcDfytXlShhtOZsQu0oXn1tD4Tng6Hoht
qzdQm075xAiyR3dB3VsJLmRFh0xDUF99XIKPAV/hKTdrLBY9JiGFIi3pN9CiLmdF
uInm3YRSjzpYw2TOpjDYMbptjllS0xMhTHTgrE+gbcn/JGeRnIPXzoTPjI8gc+g8
z+YIB0ni61mn79Ze7yliplfVhf6iKWJERla6YkiJkXNsF0gnvDIt9xeKmbj+dpWs
LXZ/SW79zOIn3BgtsLwWueUAKFfqHdxUKLU+UeKCawm245VS+julHFTaq0wgkpxO
shHGI3mF8QTIaa2xdWTCVCZlvfjHYXZLw/HY4XnNU6TFXZUXPtVsMS5iXiV4GZx8
v75Qd2uvv8aoOQ57oxPefKwmWS/OhMgwXtksDnXOWSUzNi4k8BDvdFbW0MloLCGS
HJ2lqyAZXU71G0U5KLRCXyglGnGlI/KjX3U3H26WWYC2JqcbVSFO9P49CxAPRlLI
9kaI9N45ptVfTAARZExoVEIJqAnV3rMQqBMgL/s56zAF5diSsPk=
=lgGb
-----END PGP SIGNATURE-----
--- End Message ---
