Your message dated Wed, 19 Jul 2023 08:35:14 +0000
with message-id <[email protected]>
and subject line Bug#1041426: fixed in hnswlib 0.7.0-1
has caused the Debian Bug report #1041426,
regarding hnswlib: CVE-2023-37365
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1041426: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041426
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: hnswlib
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerability was published for hnswlib.
CVE-2023-37365[0]:
| Hnswlib 0.7.0 has a double free in init_index when the M argument is
| a large integer.
https://github.com/nmslib/hnswlib/issues/467
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-37365
https://www.cve.org/CVERecord?id=CVE-2023-37365
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: hnswlib
Source-Version: 0.7.0-1
Done: Étienne Mollier <[email protected]>
We believe that the bug you reported is fixed in the latest version of
hnswlib, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Étienne Mollier <[email protected]> (supplier of updated hnswlib package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 19 Jul 2023 09:44:03 +0200
Source: hnswlib
Architecture: source
Version: 0.7.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Med Packaging Team
<[email protected]>
Changed-By: Étienne Mollier <[email protected]>
Closes: 1041426
Changes:
hnswlib (0.7.0-1) unstable; urgency=medium
.
[ Andreas Tille ]
* New upstream version
* Standards-Version: 4.6.2 (routine-update)
.
[ Étienne Mollier ]
* cve-2023-37365.patch: new: fix CVE-2023-37365.
This is done by capping M to 10000 per discussion with upstream.
(Closes: #1041426)
* d/t/run-unit-test: adjust to new source layout.
* d/copyright: update reference to sift_1b.cpp.
* d/t/run-unit-test: test against all supported python3 versions.
* d/control: add myself to uploaders.
Checksums-Sha1:
a2e2de01a7828597866ddadcfabd90da427c7d24 2303 hnswlib_0.7.0-1.dsc
ef4f5223aabc3ff623ad457474d7739c3bb6a52f 59661 hnswlib_0.7.0.orig.tar.gz
add16564a325d7fbdedcc7c4bfcc9143f54572e8 11412 hnswlib_0.7.0-1.debian.tar.xz
Checksums-Sha256:
58e82e268946f6749fa468e09de06b908c4ffe7c9b76d35f949795fbac72aa31 2303
hnswlib_0.7.0-1.dsc
4eba5d103a558fc76782d4051cde0cac2361fe5c36ccf56a959f9ff36813c91b 59661
hnswlib_0.7.0.orig.tar.gz
9a24fab0e498d6498cfb75272a79ff4fe8a7809477701a49086589d4528650ab 11412
hnswlib_0.7.0-1.debian.tar.xz
Files:
8198c433efe9f79dc32b5cad3be12c31 2303 science optional hnswlib_0.7.0-1.dsc
4c0776255ac620b0f713b35c108d74c6 59661 science optional
hnswlib_0.7.0.orig.tar.gz
528710e7f5d9bbfa71100466a3c032c9 11412 science optional
hnswlib_0.7.0-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCgAyFiEEj5GyJ8fW8rGUjII2eTz2fo8NEdoFAmS3l00UHGVtb2xsaWVy
QGRlYmlhbi5vcmcACgkQeTz2fo8NEdpDLg/8CFJp4BQTM4BKHLj9QS/jdkiAiiqC
+wTASO13LCKwizmLdA7vPFtw2PMRFDnFAdXmI+J6voYqDTEV0kCYmL3/Vpgb/8EB
PS7i1hAdYIkLp7ncv/uN2sJ0avTaKAMwVNhwQ7h2DuMiw+mfIftr7QvW5zV3kEaz
EQCEJr+Uo2qYAL3XEa328rcjk9FcxDmQMAxPGFdBdGj2jcpCX1fF6XGccKZgppBN
pMpY+ejaU2lQ931MV8pFfMBterQjNG1SFMegYaPPff3OuSU8ad/gmviY/YnXqfpU
2+dPgrHccT0gOeYXmpDm8eeZY44IY5kzG3SSa//c4hFWmJfhIiKRGq9vm1c2Bj1d
6Nv864T7y2hMQtlTfugYhPySN1aBv/PFC85IJUK4bnJuON5rq/8ksVyvJFOmNSJB
I5Dv53Ug1MFk5UrbybOZmmietu/4BkggOC06c/SksXKUypqBhZOw42PMZbxy6wdW
vjLfFcb3L91D/WZkSXkNIVXMwAZPy+/WqzSnX9/xMNKC3omIc9LYgoS3LqzKGO63
WMTLSR33dwby/89vkZQCaQ2+5/67D4YO++XUfpMqZGxApJZg2TW0LkQF4J+L1Xey
n5J/juMVOXG3woJMVLHj0CLelw+KEtmupOC4rnkYWTBPAFMfuR4PG43IKSq8sQsC
ETdyVXXq6Xivzl4=
=waFI
-----END PGP SIGNATURE-----
--- End Message ---
