Your message dated Sun, 12 Feb 2023 20:41:02 +0000
with message-id <[email protected]>
and subject line Bug#1019597: fixed in pspp 1.6.2-2
has caused the Debian Bug report #1019597,
regarding pspp: CVE-2022-39831
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1019597: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019597
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: pspp
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerability was published for pspp.
CVE-2022-39831[0]:
| An issue was discovered in PSPP 1.6.2. There is a heap-based buffer
| overflow at the function read_bytes_internal in utilities/pspp-dump-
| sav.c, which allows attackers to cause a denial of service
| (application crash) or possibly have unspecified other impact. This
| issue is different from CVE-2018-20230.
https://savannah.gnu.org/bugs/?62977
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-39831
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39831
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: pspp
Source-Version: 1.6.2-2
Done: Friedrich Beckmann <[email protected]>
We believe that the bug you reported is fixed in the latest version of
pspp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Friedrich Beckmann <[email protected]> (supplier of updated pspp
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 12 Feb 2023 20:31:13 +0100
Source: pspp
Architecture: source
Version: 1.6.2-2
Distribution: unstable
Urgency: medium
Maintainer: Friedrich Beckmann <[email protected]>
Changed-By: Friedrich Beckmann <[email protected]>
Closes: 1019597 1019598 1030827
Changes:
pspp (1.6.2-2) unstable; urgency=medium
.
* Debian: Switch off perl module FTBS on armhf
Closes: #1030827
* Debian: Update policy to 4.6.2
* Disable install of pspp-dump-sav (Patch from upstream)
Closes: #1019597
Closes: #1019598
* Switch gtksourceview version 3 to 4
Checksums-Sha1:
7b7ddbf5931ee6e87f8c8d532360f4b501df8824 2021 pspp_1.6.2-2.dsc
a76afa93a3b344b826f61e3a2701f1891254874c 33424 pspp_1.6.2-2.debian.tar.xz
09a8adbbb16eab15c4687585ba0ea1cacb0eeadb 15369 pspp_1.6.2-2_amd64.buildinfo
Checksums-Sha256:
c9099e6a432d8e2a1893f7fde3cd61d4f20b5dfe0b883f2b8f8a0f97add480fc 2021
pspp_1.6.2-2.dsc
b989b287155c7683da6288d4b4e548ae82bd0dfb31d92d76e51d6447879b33f6 33424
pspp_1.6.2-2.debian.tar.xz
4127bd3e49c46d12d6b2fdd258db0b40073b54f31132c1c1ca9b9f51469d503c 15369
pspp_1.6.2-2_amd64.buildinfo
Files:
2e01ec99f78a70590aedc99dc9b6e528 2021 math optional pspp_1.6.2-2.dsc
5f9be1347ea81aca7d95f39f2ee92ca7 33424 math optional pspp_1.6.2-2.debian.tar.xz
610e2c26335239f379915f474a7a0197 15369 math optional
pspp_1.6.2-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEGp+TZe9/EUJidSaxzHnYClu3/FEFAmPpRCQACgkQzHnYClu3
/FEaSAf+K9++CYbciA3z3mqo13VAP2fGcD8M0mlzh63TrJPVmNe0VH268i+N/9nD
/HMSjHd7UBgVCOL8UDWMOhJDBvdL/cZCMJtBJDSiHakqPX9HklqZgMzBTWpROKMv
L8QiYns43Rkiqs1xrgYWZXTA0v0zP1r7mMZGZK7a2j4v4quuScUdXDtpa35wEKDF
2CLYTMLmYsmhmJqnpBisMo4VoZ4rBAh2qx/rStFP5+jxePvoVDdlBSu/I/iEbQbV
GS3j929mDy3eUr57lo3oQ+D/l+/bRYktNkxeYhIuNRWYi/H/oRTAwTHYUlK7RNJw
FaAMkM5a96y1PuCLM6vFeTa2uDeztQ==
=V4ad
-----END PGP SIGNATURE-----
--- End Message ---
