Your message dated Wed, 10 Jan 2024 00:35:54 +0000
with message-id <[email protected]>
and subject line Bug#1036294: fixed in sysstat 12.6.1-2
has caused the Debian Bug report #1036294,
regarding sysstat: CVE-2023-33204
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1036294: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036294
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: sysstat
Version: 12.6.1-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/sysstat/sysstat/pull/360
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for sysstat.
CVE-2023-33204[0]:
| sysstat through 12.7.2 allows a multiplication integer overflow in
| check_overflow in common.c. NOTE: this issue exists because of an
| incomplete fix for CVE-2022-39377.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-33204
https://www.cve.org/CVERecord?id=CVE-2023-33204
[1] https://github.com/sysstat/sysstat/pull/360
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: sysstat
Source-Version: 12.6.1-2
Done: Robert Luberda <[email protected]>
We believe that the bug you reported is fixed in the latest version of
sysstat, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Robert Luberda <[email protected]> (supplier of updated sysstat package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 09 Jan 2024 21:31:44 +0100
Source: sysstat
Architecture: source
Version: 12.6.1-2
Distribution: unstable
Urgency: medium
Maintainer: Robert Luberda <[email protected]>
Changed-By: Robert Luberda <[email protected]>
Closes: 1033722 1036294
Changes:
sysstat (12.6.1-2) unstable; urgency=medium
.
* Acknowledge NMU.
* Add debian/patches/CVE-2023-33204.patch from Ubuntu (systat
12.6.1-1ubuntu1) to fix overflow check logic in check_overflow()
function in common.c reported in CVE-2023-33204 (closes: #1036294).
* Update upstream website URL in debian/control and debian/watch.
* Drop obsolete dependency on lsb-base package.
* Add Romanian translation of debconf templates (closes: #1033722).
* Standards-Version: 4.6.2 (no changes).
Checksums-Sha1:
1c1561275f190d33d408a986048578637aa7d172 1984 sysstat_12.6.1-2.dsc
7de1c1b30bbb92c868cc7420e32efb18e786ceb7 38240 sysstat_12.6.1-2.debian.tar.xz
a0b099dfdc2af58dd41afd9c84629ffe095b5d8c 7339 sysstat_12.6.1-2_amd64.buildinfo
Checksums-Sha256:
d39063a9d8dce5e3df4afa4f186862f60b58b2077d28816d2434c727091b3908 1984
sysstat_12.6.1-2.dsc
5dc50d117c6363eec9e496c90dba50197cb90459b8c9b99df335927be618882b 38240
sysstat_12.6.1-2.debian.tar.xz
81211dcea5cda809e90af1cbd5fea504d94492ce85b1d2015d55e966c0e71c79 7339
sysstat_12.6.1-2_amd64.buildinfo
Files:
77da5a4dfa7185c424d36c69674f0e8e 1984 admin optional sysstat_12.6.1-2.dsc
1c193765c7e2ac6a4426f76f19960477 38240 admin optional
sysstat_12.6.1-2.debian.tar.xz
64b0fc4dfbf1f613f6bad836f1c5a54d 7339 admin optional
sysstat_12.6.1-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEENeh2+rTTcy6TtNI3Yx3nVTvor9QFAmWdrvAACgkQYx3nVTvo
r9SAIRAAm1RHuVnhaXmTzcbC4EQZL3+uCoqJR+QTlAFPgj8l9pmz61xxrIi9s3Ii
NTU4Ydp1yzjzScEz8dnT/Z4h1huXQiBV6aZbVLTxOCaBHnnfaI7Q3lOb39hVgcPz
tdJxWRlFA3DHryy7tQaDHrV6lPFFTsrRboatNxyM9X0YbOlHfzGjkL3ZtgwPJ6je
vHaPhyJt7mdoTl5YkVdhalJFiR8nEdzqffkqXr01t8HEGbHs2XpfMyO2Jnf1RbeN
p6895UB3LeC93PkuNZhNc4s9ktPyjfMr9CkYrPbpENZIJOS/BvSlaedFFCJoVhv0
RmIJdUT+ZFZGziBX0IPg8rnHz/lBBnpke0VoZklGNpO0bb3BumtjcOqJvEnSzioS
ZVy8cbLQEMxkIjZJjOF7A5Y03ikDgZpgF9Uzl0+MSuXXhi6hBj3PEEgSQeurn8cS
QGPol281vWAwnp3B5P3qG5Lk27MzRtjoPMFNMwCc01bQNMTvjDIdx2xPcM51QcVP
1Ze3gnFQKnKp5jFmOcOaU+Y13VItSG2q2E8O4RLNBzMpHvdakY19Kde+ASUqaTK5
CKyqBAgRwfuH60ADILiMVclqc9mXk/z1BvHfpceB+Zy7D1tIyRxfrj5ABmBUtWap
eabWW7IAYR/H+8khYszyax1ammsDEm1knfCup94in/w0qDZt4HU=
=eR2s
-----END PGP SIGNATURE-----
--- End Message ---
