Bug#1014764: marked as done (guestfs-tools: CVE-2022-2211)

[Debian Bug Tracking System]

Your message dated Mon, 10 Apr 2023 17:19:32 +0000
with message-id <e1plvay-0077uy...@fasolo.debian.org>
and subject line Bug#1014764: fixed in guestfs-tools 1.48.3-4
has caused the Debian Bug report #1014764,
regarding guestfs-tools: CVE-2022-2211
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1014764: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014764
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: guestfs-tools
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerability was published for guestfs-tools.

CVE-2022-2211[0]:
Buffer overflow in get_keys leads to Dos

https://bugzilla.redhat.com/show_bug.cgi?id=2100862
https://listman.redhat.com/archives/libguestfs/2022-June/029274.html
https://listman.redhat.com/archives/libguestfs/2022-June/029277.html

https://github.com/libguestfs/libguestfs-common/commit/35467027f657de76aca34b48a6f23e9608b23a57
Documentation: 
https://github.com/libguestfs/libguestfs/commit/99844660b48ed809e37378262c65d63df6ce4a53

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-2211
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2211

Please adjust the affected versions in the BTS as needed.

--- End Message ---

--- Begin Message ---

Source: guestfs-tools
Source-Version: 1.48.3-4
Done: Hilko Bengen <ben...@debian.org>

We believe that the bug you reported is fixed in the latest version of
guestfs-tools, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1014...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Hilko Bengen <ben...@debian.org> (supplier of updated guestfs-tools package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 10 Apr 2023 14:18:02 +0200
Source: guestfs-tools
Architecture: source
Version: 1.48.3-4
Distribution: unstable
Urgency: medium
Maintainer: Hilko Bengen <ben...@debian.org>
Changed-By: Hilko Bengen <ben...@debian.org>
Closes: 1014764
Changes:
 guestfs-tools (1.48.3-4) unstable; urgency=medium
 .
   * Disable test-virt-resize.pl
   * Add libguestfs-common patch, fixing CVE-2022-2211. Closes: #1014764
Checksums-Sha1:
 8a55f33b5462bfbcd3f3c741ef9ebc699bdc77d6 3261 guestfs-tools_1.48.3-4.dsc
 ce1d5c72e71251cd8a107f4671b0721156329f86 4052 
guestfs-tools_1.48.3-4.debian.tar.xz
 bd637cbb3e8e242ea48c0758fd513bd72095a58b 14303 
guestfs-tools_1.48.3-4_source.buildinfo
Checksums-Sha256:
 e4f5adaa82e39eb7575114385720c5f3d5bc5330db1841c77155078f9b4b5c71 3261 
guestfs-tools_1.48.3-4.dsc
 347800665069c6d830d30ba5197a4958e7631f7c5418cbf29d0de7ceeee38dbe 4052 
guestfs-tools_1.48.3-4.debian.tar.xz
 bbfccb596c3944408bd3175764c06538379ae8bb2e5ce1a8a6168d567ce8c17e 14303 
guestfs-tools_1.48.3-4_source.buildinfo
Files:
 f67a82d280c62c7e4aedf12fafa1eba2 3261 utils optional guestfs-tools_1.48.3-4.dsc
 6380e41c7ec6b2c6493b99aa0019026a 4052 utils optional 
guestfs-tools_1.48.3-4.debian.tar.xz
 fbe7f574b06d0e8fac83503bb18fdc76 14303 utils optional 
guestfs-tools_1.48.3-4_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEErnMQVUQqHZbPTUx4dbcQY1whOn4FAmQ0QQcACgkQdbcQY1wh
On5/Hw/9EIuyUR0q1ZQ921bgdqeVd5syXb1GHaFLB1GODSlXuQjdCB3QhwGiFCHc
ytSleSkMFEGTBbr2TZDhFlc1lzNaY6tYiGZwTbrdLcUeiWlidwizwGWsWrQK0yY0
bfSh3f45Yc8BdlPmu4B4XiCuKYoHkfmjQTQVNzqc2ZjCoNMZ8+5iWLZIoh8BflA+
UnyK8XaGYHo3jgAzqjgF1EhPqS5vpLUtXpNfOcE8COfstJWXEzQ698q0HRLLto3x
+aZIHKSN4zI0eIMFqYh/JcoS7vecYd49bMjLckUTpW/caTwQYfxqLbY3BLqoedb6
DNyi8RcXi+Jl0BvYq/t/uIrEIlnPfp5sjPJmDoIiMAC9voP3Gd7/mP4FlNRHnW24
hVSHYUWqiiQBc6ypVtvDcwvy399OKSJTDVNdxlnPIx49wMrAFkIuNGLOGGcmugTK
8V4frk1tcP5Rl5LuIZoeIJDrBRvL7cgfYyF1vhgcFI66KK8rVRkOv1HTT0ZzqHXD
WfIv098VXyO14/8thkjhZGagwl6v2S6EfcS8oXY7ebWa+805VSuOpzD2+SQq20yl
M2WGtbj3R9MTFtoPTMEO+/wrR+cpSgioc/p2YguPfB8RWgHQ87FVFtjwfgVWoYFi
DxvzGbkUR1dDtJrX7U2le0Ugcu6zCNztXg4fm/obPo7R96e94kA=
=iVQW
-----END PGP SIGNATURE-----

--- End Message ---