Your message dated Fri, 26 Sep 2025 05:34:24 +0000
with message-id <[email protected]>
and subject line Bug#1034805: fixed in fis-gtm 7.1-008-1
has caused the Debian Bug report #1034805,
regarding fis-gtm: CVE-2021-44496 CVE-2021-44504
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1034805: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034805
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: fis-gtm
X-Debbugs-CC: [email protected]
Severity: normal
Tags: security
Hi,
The following vulnerabilities were published for fis-gtm.
CVE-2021-44496[0]:
| An issue was discovered in FIS GT.M through V7.0-000 (related to the
| YottaDB code base). Using crafted input, an attacker can control the
| size variable and buffer that is passed to a call to memcpy. An
| attacker can use this to overwrite key data structures and gain
| control of the flow of execution.
http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html
https://gitlab.com/YottaDB/DB/YDB/-/issues/828
CVE-2021-44504[1]:
| An issue was discovered in FIS GT.M through V7.0-000 (related to the
| YottaDB code base). Using crafted input, an attacker can cause a size
| variable, stored as an signed int, to equal an extremely large value,
| which is interpreted as a negative value during a check. This value is
| then used in a memcpy call on the stack, causing a memory segmentation
| fault.
http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html
https://gitlab.com/YottaDB/DB/YDB/-/issues/828
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-44496
https://www.cve.org/CVERecord?id=CVE-2021-44496
[1] https://security-tracker.debian.org/tracker/CVE-2021-44504
https://www.cve.org/CVERecord?id=CVE-2021-44504
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: fis-gtm
Source-Version: 7.1-008-1
Done: Andreas Tille <[email protected]>
We believe that the bug you reported is fixed in the latest version of
fis-gtm, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Tille <[email protected]> (supplier of updated fis-gtm package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 26 Sep 2025 07:08:54 +0200
Source: fis-gtm
Architecture: source
Version: 7.1-008-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Med Packaging Team
<[email protected]>
Changed-By: Andreas Tille <[email protected]>
Closes: 1034805 1096634 1106903
Changes:
fis-gtm (7.1-008-1) unstable; urgency=medium
.
* New upstream version
Closes: #1096634
Closes: #1034805 (CVE-2021-44496 CVE-2021-44504 in version V7.1-002)
* Build-Depends: libcrypt-dev
Closes: #1106903
* Standards-Version: 4.7.2 (routine-update)
Checksums-Sha1:
d59ee30fcb0a25fd5d701662c5ac2f1cf83512cb 2278 fis-gtm_7.1-008-1.dsc
a3999371f26e02ed74c2abe13a596f16dd30306a 5600807 fis-gtm_7.1-008.orig.tar.gz
39a71232e334409cf815c41ee98c1a361e228351 25372 fis-gtm_7.1-008-1.debian.tar.xz
7fbe03ab379f4be82a5053dc0a64f7f09fa0a84a 8993 fis-gtm_7.1-008-1_amd64.buildinfo
Checksums-Sha256:
2bd56abd0ebfd0026f486aebc744c74e902d69d0f7f31f42fe4b0c0be7a03e20 2278
fis-gtm_7.1-008-1.dsc
1ebecf69ec8c5af9fa6e5f9757c605c26c33f71f366bd92fae2a014ad8e76363 5600807
fis-gtm_7.1-008.orig.tar.gz
6623ec9013d4100966b3998ee97e27fac32b58b9228950193b287ffbacc92915 25372
fis-gtm_7.1-008-1.debian.tar.xz
d02f82d5ed688bd44eac01c4f73c334c3258fe5b0613217e6ba558670e33dcaa 8993
fis-gtm_7.1-008-1_amd64.buildinfo
Files:
bf5084f90df7cf9c6b4d94c5532865a6 2278 database optional fis-gtm_7.1-008-1.dsc
09404541345c9e6ba5c98560a4db4c05 5600807 database optional
fis-gtm_7.1-008.orig.tar.gz
a79c7607ae2e4e642607454f947fa6c8 25372 database optional
fis-gtm_7.1-008-1.debian.tar.xz
a3ab4b6d1724ab20d4e70f1fdd01205a 8993 database optional
fis-gtm_7.1-008-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEE8fAHMgoDVUHwpmPKV4oElNHGRtEFAmjWIh4RHHRpbGxlQGRl
Ymlhbi5vcmcACgkQV4oElNHGRtEg7A//ZTabRyg9QcUIrbfBnAxeNleKT3va00iG
WVWtpyRH+XIpqeDGrIzr6czaHXxUvdmquuQvsxcLozp1v2ki7+oTuxpps2nZ+aDz
Pxm/nsY/cITe6hO86xUW/ppJPa1Oes17YrLq8Ji9W4LsI20lUhZbpjp0x0SsxZUv
RL+mdC6z4AGjTE0z8qiybWed8LjZlK3yCuJP30NEIW4OfyuKePCnUZDuGo/et/W/
VMxifg5AxR0Hs697TUqnGSU46hMqlb6taQHrNnrZBikReJQ2REphExr4X4U6omZ6
FJAkwusrfSAe2JiUyYaXJzVcXSILHwqPanhsUQpdjse9yjg/kHgBnPWM/zdrkhjf
ABLPrExtQl1dhz8+pUW7OBMdvMFdLkzIwy/zJzIBT3l7kIlg52P3bLldZyQzUcil
udD+9lW2bv4fPU2PxhN0FYRQ8g2W0F8ZEWWeS+yo75ajO5gqPMEJxfOFRcWZEViY
ewRbwLF0GuJt8+6B+55Urt2K/PiMkayeEgsWf3vmROiL+EpUe8prd0HFb4uWftPJ
PQ00qMqU5n00bcm1YLeewX98hey2MlPfmapT63scC3GljKXZXXWb+Wvs1CSLA2pF
2t+qgw/lEmpMPTBVu7j4QbmvzuBVrjl34UNRphgGxUNxzvn5k76kOPlggBNaKgVT
GZi6akGoDuU=
=ocRF
-----END PGP SIGNATURE-----
pgpUGNQ3apUqm.pgp
Description: PGP signature
--- End Message ---
