Your message dated Tue, 29 Oct 2024 02:24:24 +0000
with message-id <[email protected]>
and subject line Bug#1086206: fixed in gsl 2.8+dfsg-4
has caused the Debian Bug report #1086206,
regarding gsl: CVE-2024-50610
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1086206: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086206
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: gsl
Version: 2.8+dfsg-3
Severity: important
Tags: security upstream
Forwarded: https://lists.gnu.org/archive/html/bug-gsl/2024-09/msg00000.html
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for gsl.
CVE-2024-50610[0]:
| GSL (GNU Scientific Library) through 2.8 has an integer signedness
| error in gsl_siman_solve_many in siman/siman.c. When params.n_tries
| is negative, incorrect memory allocation occurs.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-50610
https://www.cve.org/CVERecord?id=CVE-2024-50610
[1] https://lists.gnu.org/archive/html/bug-gsl/2024-09/msg00000.html
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: gsl
Source-Version: 2.8+dfsg-4
Done: Dirk Eddelbuettel <[email protected]>
We believe that the bug you reported is fixed in the latest version of
gsl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Dirk Eddelbuettel <[email protected]> (supplier of updated gsl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 28 Oct 2024 18:21:35 -0500
Source: gsl
Architecture: source
Version: 2.8+dfsg-4
Distribution: unstable
Urgency: medium
Maintainer: Dirk Eddelbuettel <[email protected]>
Changed-By: Dirk Eddelbuettel <[email protected]>
Closes: 1086206
Changes:
gsl (2.8+dfsg-4) unstable; urgency=medium
.
* siman/siman.c: Assert n_tries > 0 [CVE-2024-50610] (Closes: #1086206)
.
* debian/patches/n_tries_positive_in_siman: Patch file for this change
* debian/patches/series: Updated
Checksums-Sha1:
e83a00e0916a2b7f9a2f7b166a126ceb4822bc08 2096 gsl_2.8+dfsg-4.dsc
237d15dc2d3b5f5975e8f3769ce119f9b117149f 22236 gsl_2.8+dfsg-4.debian.tar.xz
e83a24f0f00d3814a34048f5be3c5cc953948181 5766 gsl_2.8+dfsg-4_amd64.buildinfo
Checksums-Sha256:
ae241f650de48066da489b55d8e56b10e50ed7dc4ad6812644fa849350ea49b3 2096
gsl_2.8+dfsg-4.dsc
cd06b3c7d9df1dba6be2ac920b0f341c47b4a3d89cdbf1cb012f60a425ed9cc2 22236
gsl_2.8+dfsg-4.debian.tar.xz
26b4465c201eb21ed3fa8d8befbdae8cba830938eb9fdb700c258d723b16e823 5766
gsl_2.8+dfsg-4_amd64.buildinfo
Files:
ea4b7c8679df00501a7d9cf9cfaf9a10 2096 math optional gsl_2.8+dfsg-4.dsc
3406ed2c04409fe73267e02bc56dbe12 22236 math optional
gsl_2.8+dfsg-4.debian.tar.xz
06761e49f498e102c86e9728d07f8d3f 5766 math optional
gsl_2.8+dfsg-4_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIVAwUBZyAfLaFIn+KrmaIaAQgyXg/6AztwU7a9LhLTuJiW8kl2j1KAEw4T/Zni
is71FLwEJldXXK7Fp1EOd2/I4TS7RxV3m6VnZeymlq7/6BrNiDvdbG0j3EdZKAQ7
vLXjzJfQN/eCnpqbIw2SpLCWUl9PFaxH2E5VUzUnDZxD5sVteGidJSYqZHQ9ycwF
IIzjQxGtzWAfiWTojT1iYjgaSC/FBqXg8OX2Iy7zHR5fuvA7bzmLCm3O+CHOQw2U
AIFboJAOpo2Q/+kVf6+KhyKWis1H5PRtdm64iCcMb1TEaZONPjxwVUKpCX9tdubZ
qGIqI0L332YD0eidZnKlFInNvCe0Nw+LL3PWbbZjfALKi79roX2SypsGFHzhsMv9
NbBpo4bREDrS55lf6TJQCPvrsEyVG16yCyyCUeUKFI4GJrOr/JbEJ114PPkHWlMl
TOZWhwbFY1OIIYINqQ9m9IlAkewIr2UWbundmNxgic+F7gdBlECqIxBEK4EwZJGe
gJ+BG+aExTYnrugO1XhCdXGjD11hulF38QqE36KJCEAjo7uFM7s5bVyCKt/cJ1c7
WG8+xcEhRlVGLLvvs6/3KBxZDlB4pQdhx+nIf3zibDBP+yK+5I4cdjY2mbv5XA0J
RYKjyjTt7hubV6fXeAlDXNOn5n2RMhz8fdLrcrY8Vb4A9Wu86PFfgVFJMutfs5jU
ztVvlxZGkRk=
=ItoS
-----END PGP SIGNATURE-----
pgpqiffRT34AK.pgp
Description: PGP signature
--- End Message ---
