Your message dated Fri, 15 Sep 2023 15:49:12 +0000
with message-id <[email protected]>
and subject line Bug#1051100: fixed in libtommath 1.2.1-1
has caused the Debian Bug report #1051100,
regarding libtommath: CVE-2023-36328
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1051100: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051100
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libtommath
Version: 1.2.0-6
Severity: important
Tags: security upstream
Forwarded: https://github.com/libtom/libtommath/pull/546
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for libtommath.
CVE-2023-36328[0]:
| Integer Overflow vulnerability in mp_grow in libtom libtommath
| before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows
| attackers to execute arbitrary code and cause a denial of service
| (DoS).
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-36328
https://www.cve.org/CVERecord?id=CVE-2023-36328
[1] https://github.com/libtom/libtommath/pull/546
[2]
https://github.com/libtom/libtommath/commit/beba892bc0d4e4ded4d667ab1d2a94f4d75109a9
Please adjust the affected versions in the BTS as needed.
Regards,
Salvaotre
--- End Message ---
--- Begin Message ---
Source: libtommath
Source-Version: 1.2.1-1
Done: Dominique Dumont <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libtommath, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Dominique Dumont <[email protected]> (supplier of updated libtommath package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 15 Sep 2023 17:21:00 +0200
Source: libtommath
Architecture: source
Version: 1.2.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Rakudo Maintainers <[email protected]>
Changed-By: Dominique Dumont <[email protected]>
Closes: 1051100
Changes:
libtommath (1.2.1-1) unstable; urgency=medium
.
* New upstream version 1.2.1 (Closes: #1051100)
* fix CVE-2023-36328
* watch: fix watch file
Checksums-Sha1:
1a2b508b7104feee8c4216251733dd9a53c0daa7 2226 libtommath_1.2.1-1.dsc
83d5085dcef18a96e4f549a1edc1c8f30010d6b2 242384 libtommath_1.2.1.orig.tar.gz
16c432069c7838bf46a2f46abe797df6a23a7b57 20376 libtommath_1.2.1-1.debian.tar.xz
fbfd2deb2a43cf5461e676989a0a18c7751419fb 7363
libtommath_1.2.1-1_source.buildinfo
Checksums-Sha256:
2add4970f2fcf38f857d6bad8a44901067c8a0a7fd934f0fef71ca4127e28320 2226
libtommath_1.2.1-1.dsc
068adaf5155d28d4ac976eb95ea0df1ecb362f20d777287154c22a24fdb35faa 242384
libtommath_1.2.1.orig.tar.gz
d0f34137f0442806ff842bd2d69474e5f5daa8ab5a7a3456a2d4b4319c30beb1 20376
libtommath_1.2.1-1.debian.tar.xz
a850f1ba2e01ff1af2d1fdf871d924d6e248f15b4338fecb5e5cb51471857529 7363
libtommath_1.2.1-1_source.buildinfo
Files:
6c6eec02457e70aa0ad17a8923dd90be 2226 libs optional libtommath_1.2.1-1.dsc
5928e9080ec529856ce93ce468ecbe75 242384 libs optional
libtommath_1.2.1.orig.tar.gz
dbd14d1358885a9d7c369d32c4d94fc9 20376 libs optional
libtommath_1.2.1-1.debian.tar.xz
c46784edd9d28a198de6646035342da6 7363 libs optional
libtommath_1.2.1-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEn3I5/LZk8Qsz6dwDwx9P2UmrK2wFAmUEd1IACgkQwx9P2Umr
K2zdOw//UX8uAS4fy0CI6MCF5QYUnli2eBbWApzZzNL0dQwIKB/AWBIWIXYC+ne+
cio/cAEVZ6AKx59V18yOzs/eZRAJgs8WcHEGICQms7MqHTiCregTsr850XSIQCSv
qVoGe/xectkOM+4M8zcZVUf/zEDY4BAUJc6Np7/ElUh/Y9drODjX/mDdXhNLIgNL
/iZ4hl6OF/rmm6s/rj1l9qTYBrpcaiII5v9mXwgWUMo84DjsB4sPRYr45SJP20ID
GOHHrb3bAlhCu74vgKP2WU47ArvEMqMDosibAhCdndBstcpsRxZ7h/jaPW0HRfXF
wQuPXA2fl9zRgUAhlDCECp/jydNTYqSSj4yvxRLRCZBSxrH6ez+djhri14QoJicc
9jlvfV/L9NSc57HdqN+29RCH0c/CN2oIiuQ5JfbpOt+R6N0BgX3x7oHBEDj4t5dD
tgvdV+L/+ktdTDE4chz2jaYcgfN7x8GlHtHAs0N0XnpaR8gAA9bCfGCb0MINZf6K
2UY6W0i6k8O2P+sMzkNoik89PoInjdwsOBhs0puU5RDtgTeyXvGy6LnS9BYsmQID
ppbq92VC5JhTg8YJ6Y3y7nPN7n8n5r39G+depDcj6wSbhDgtQiMj5yq1NzVddAqw
9mx2ApBky+CU8RuJNJJknAzMeiJXY0iExHkqlHA7KHHMvt+giik=
=eXn6
-----END PGP SIGNATURE-----
--- End Message ---
