Your message dated Sat, 29 Jun 2024 20:38:48 +0000 with message-id <e1sneqo-00afpv...@fasolo.debian.org> and subject line Bug#1061543: fixed in indent 2.2.12-1+deb11u1 has caused the Debian Bug report #1061543, regarding indent: CVE-2024-0911 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1061543: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061543 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: indent X-Debbugs-CC: t...@security.debian.org Severity: normal Tags: security Hi, This was assigned CVE-2024-0911: https://lists.gnu.org/archive/html/bug-indent/2024-01/msg00001.html If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-0911 https://www.cve.org/CVERecord?id=CVE-2024-0911 Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---Source: indent Source-Version: 2.2.12-1+deb11u1 Done: Santiago Vila <sanv...@debian.org> We believe that the bug you reported is fixed in the latest version of indent, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1061...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Santiago Vila <sanv...@debian.org> (supplier of updated indent package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 23 Jun 2024 18:25:00 +0200 Source: indent Architecture: source Version: 2.2.12-1+deb11u1 Distribution: bullseye Urgency: low Maintainer: Santiago Vila <sanv...@debian.org> Changed-By: Santiago Vila <sanv...@debian.org> Closes: 1036851 1049366 1061543 Changes: indent (2.2.12-1+deb11u1) bullseye; urgency=low . * Restore the ROUND_UP macro and adjust the initial buffer size. Patch from the author, backported from 2.2.13. Fix memory handling problem. Closes: #1036851. * Apply two patches by Petr Písař <ppi...@redhat.com>. - Fix an out-of-buffer read in search_brace()/lexi() on an condition without parentheses followed with an overlong comment. - Fix a heap buffer overwrite in search_brace(). Closes: #1049366. This one is CVE-2023-40305. * Fix a heap buffer underread in set_buf_break(). Closes: #1061543. Patch by Petr Písař <ppi...@redhat.com>. This is CVE-2024-0911. Checksums-Sha1: afbc3cf64ca70f96faa5982ab5492f9235eba7f1 1422 indent_2.2.12-1+deb11u1.dsc 2edc75eab44d299f28c192576dea8135496ba7c4 7548 indent_2.2.12-1+deb11u1.debian.tar.xz 63485617a7b8f52b2c98b182415cfde67229ce3a 5632 indent_2.2.12-1+deb11u1_source.buildinfo Checksums-Sha256: a04a1522e1f51b43b53530f657314bce3e6816f4c56befb0d9534d91a5619487 1422 indent_2.2.12-1+deb11u1.dsc c7340890eb5d68e54d42887445c4a381d2fdc472e2e2e87ae9f2db32d40f61e9 7548 indent_2.2.12-1+deb11u1.debian.tar.xz 1356191ccec03e6af318b8550a11689915c515d1788d680ebeca4b289f6f2026 5632 indent_2.2.12-1+deb11u1_source.buildinfo Files: 328baeac6001744a986aa325025eecdd 1422 devel optional indent_2.2.12-1+deb11u1.dsc 96e0d5482a2d5fe686f0eb6c0db36708 7548 devel optional indent_2.2.12-1+deb11u1.debian.tar.xz 6490e39867536b9b3d55fa0a260efde1 5632 devel optional indent_2.2.12-1+deb11u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAmZ4TdcACgkQQc5/C58b izI+9Af/XWxKvoWzGeuVM6QtATVS7lNPDPOPdTwyvm9cykA+lXdLsg3JeyVf/VMk EafNNyjyiiF1GzyNxoQlisX+0djPCCD3Ng6f5ViXeRluWPtS+9CjbcTRCfdb/LuX ZZednyw7T+g4ZBBJzTqvlpHBnuLODzEyXyEmyFJwWs2iYzs804/aINJjAgCT8y3T ouwJr8/Bc+8Al2gtGu8TWH2iP/jn1NF3J/EgdX1vzz7xhipLBYI6K937xahN0C/O ytKWkdCC6yYnK4IrUj5+TuWBdV+DyiczDXzwUAB5vbeOL8J0oa/4BSPwPOoEtb2N mgAxpZU3PC0iLIingqhpJvFDKWtG9w== =yiqs -----END PGP SIGNATURE-----pgpitV7oPI5Az.pgp
Description: PGP signature
--- End Message ---