Your message dated Fri, 03 Mar 2023 15:04:26 +0000
with message-id <[email protected]>
and subject line Bug#1014538: fixed in fuse-exfat 1.4.0-1
has caused the Debian Bug report #1014538,
regarding fuse-exfat: CVE-2022-29973
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1014538: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014538
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: fuse-exfat
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerability was published for fuse-exfat.
CVE-2022-29973[0]:
| relan exFAT 1.3.0 allows local users to obtain sensitive information
| (data from deleted files in the filesystem) in certain situations
| involving offsets beyond ValidDataLength.
https://github.com/relan/exfat/issues/185
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-29973
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29973
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: fuse-exfat
Source-Version: 1.4.0-1
Done: Sven Hoexter <[email protected]>
We believe that the bug you reported is fixed in the latest version of
fuse-exfat, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sven Hoexter <[email protected]> (supplier of updated fuse-exfat package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 03 Mar 2023 15:43:18 +0100
Source: fuse-exfat
Architecture: source
Version: 1.4.0-1
Distribution: experimental
Urgency: medium
Maintainer: Sven Hoexter <[email protected]>
Changed-By: Sven Hoexter <[email protected]>
Closes: 1014538
Changes:
fuse-exfat (1.4.0-1) experimental; urgency=medium
.
* New upstream release, includes fix for
CVE-2022-29973 (Closes: #1014538).
* Update debian/watch to query the GitHub API.
* Build-Depend on libfuse3-dev. Supported upstream starting with
1.4.0.
* Update debian/copyright. Drop year from my own copyright line.
* Update Standards-Version to 4.6.2.
Checksums-Sha1:
a4579fbbefc7a40b41aec4e7df65808ae9752d37 1918 fuse-exfat_1.4.0-1.dsc
21c4f1ab0f13a38536a070d9d513399aa5edbec7 167536 fuse-exfat_1.4.0.orig.tar.gz
9efcd4ecaf049b4b1d6d9f7dfb6b3c40bc990dd6 4300 fuse-exfat_1.4.0-1.debian.tar.xz
2df7fc27bd2241f9ec7e61c8586144eb947beb64 6625
fuse-exfat_1.4.0-1_amd64.buildinfo
Checksums-Sha256:
40c7bf65d5985eb7b77e8a3fafcd1f3b92c3920578081166006073d863927ab9 1918
fuse-exfat_1.4.0-1.dsc
a1cfedc55e0e7a12c184605aa0f0bf44b24a3fb272449b20b2c8bbe6edb3001e 167536
fuse-exfat_1.4.0.orig.tar.gz
d670bfedbbeb0791b4ca7c07f8f8d53b3723b311c2754245f8a922ac3b2f7137 4300
fuse-exfat_1.4.0-1.debian.tar.xz
fcdd06d73e68932239f209ceac20ba64d2b3521c8616cdf1894beff52373b4b3 6625
fuse-exfat_1.4.0-1_amd64.buildinfo
Files:
931d3c9a9f4d65ceeb3163a0da342b5b 1918 otherosfs optional fuse-exfat_1.4.0-1.dsc
765bf2484d48e5c253d0d8cb8de4f8c0 167536 otherosfs optional
fuse-exfat_1.4.0.orig.tar.gz
8bec6b752c415aa380f40fc1997b1580 4300 otherosfs optional
fuse-exfat_1.4.0-1.debian.tar.xz
75adeead49daead32a54cc7454cbe0d4 6625 otherosfs optional
fuse-exfat_1.4.0-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEfAcX+forK514ixQbptwk2dokk9EFAmQCCMsACgkQptwk2dok
k9H+lhAAlQGkuyLjxrX04luPvngAWZWoOfe7/5Vys2KRBhMQnwVtCai+jSjzvl8I
UUSod5mTMDwlhUtkGDQz6hqjZ0OBrEWC0DyVSVxKKpRoD5ixKLybBdjEoZKHIr6x
DqovZmxGqHALkO43B8C/zSiv48NMf5wKkIbVr+Ew9b6TskeFL4TKVEDMZb8kHhjE
aLD+s0h3+jvAjlRx7RCF4JrhODBLjyqxM7ObAHudxwqQszaF2l0tW6uwhfW0VVfc
VsyhdTVfJWOElZEpWLTQsKFOMZWKQgo33N4BOYjrxLfaMUkVPSAvvIDdgQ+e8UOp
xiwiRWzIAK3ia3Cn29szVXRWSCo9pkQwVgv9gu9fcOC6ccWXpLHjIlY+WInLnkav
ghsYjcZC/Bb+McJ8rV3Q8YB9S4hjm1AL00HHm0/r+iQYlqwM61h/tvLX5VaaRYgo
cecdyUrXkpaA1X/OsKIrDcGG9NQZyHn0h2KxLXghB49tgJPjsorQSzUgtHT/bW5a
rJvVcWcEnRTIwTa1rmdkACs0GFL3syZd/PgNIbxqu9LLhJcVElK6vl7Gj38RnMw4
TEl5X2ABeUlEjLyG/Z0L4Ia24ED9Lyr8nz8+/9qBq5IRdysjdvIujkkTbwzDhtXW
jh4qYvfRDEj2xA8lve9tjjjUC/V8QSZH+CykFU1v0gv25gI+BTw=
=v3Q9
-----END PGP SIGNATURE-----
--- End Message ---
