Your message dated Wed, 24 Sep 2025 18:00:15 +0000
with message-id <[email protected]>
and subject line Bug#1099622: fixed in radare2 6.0.2+dfsg-1
has caused the Debian Bug report #1099622,
regarding radare2: CVE-2025-1864
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1099622: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099622
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: radare2
Version: 5.9.8+dfsg-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/radareorg/radare2/pull/23981
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for radare2.
CVE-2025-1864[0]:
| Improper Restriction of Operations within the Bounds of a Memory
| Buffer vulnerability in radareorg radare2 allows Overflow
| Buffers.This issue affects radare2: before <5.9.9.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-1864
https://www.cve.org/CVERecord?id=CVE-2025-1864
[1] https://github.com/radareorg/radare2/pull/23981
[2]
https://github.com/radareorg/radare2/commit/db6decd4bc90bb4a492129e70803136fa184f470
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: radare2
Source-Version: 6.0.2+dfsg-1
Done: Alex Myczko <[email protected]>
We believe that the bug you reported is fixed in the latest version of
radare2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alex Myczko <[email protected]> (supplier of updated radare2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 12 Sep 2025 09:29:17 +0200
Source: radare2
Binary: libradare2-6.0.0t64 libradare2-6.0.0t64-dbgsym libradare2-common
libradare2-dev radare2 radare2-dbgsym
Architecture: source amd64 all
Version: 6.0.2+dfsg-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Security Tools <[email protected]>
Changed-By: Alex Myczko <[email protected]>
Description:
libradare2-6.0.0t64 - libraries from the radare2 suite
libradare2-common - arch independent files from the radare2 suite
libradare2-dev - devel files from the radare2 suite
radare2 - free and advanced command line hexadecimal editor
Closes: 1098376 1099620 1099622 1107316
Changes:
radare2 (6.0.2+dfsg-1) experimental; urgency=medium
.
* New upstream version.
(Closes: #1098376) (CVE-2025-1378)
(Closes: #1099620) (CVE-2025-1744)
(Closes: #1099622) (CVE-2025-1864)
(Closes: #1107316) (CVE-2025-5648 CVE-2025-5647 CVE-2025-5646
CVE-2025-5645 CVE-2025-5644 CVE-2025-5643
CVE-2025-5642 CVE-2025-5641)
* Bump standards version to 4.7.2.
Checksums-Sha1:
a49e01d68bb2985a51c18db6efdfc291f568a928 2383 radare2_6.0.2+dfsg-1.dsc
af4b4958169863bb6964518c11ca8e5816d296d7 9757300 radare2_6.0.2+dfsg.orig.tar.xz
324ddf4255a51b20379e1f676087b07cad870892 17764
radare2_6.0.2+dfsg-1.debian.tar.xz
7518600fbf33eb3fdc76a7b7260e8e093e6c2f25 30498508
libradare2-6.0.0t64-dbgsym_6.0.2+dfsg-1_amd64.deb
0501d17062e23b1ac66f5c3b7c486f484417fbea 4694436
libradare2-6.0.0t64_6.0.2+dfsg-1_amd64.deb
5777cde57a64cb697b19221d71745cb20765a54c 1810680
libradare2-common_6.0.2+dfsg-1_all.deb
b8bbaecd2ca9625e67a20bfa26c40323deac9446 241908
libradare2-dev_6.0.2+dfsg-1_amd64.deb
70c8fb40d24533ba2742d80dfad9d7b486352e89 3221980
radare2-dbgsym_6.0.2+dfsg-1_amd64.deb
f8ca0b123ee505cafff3d563ee2d2c9bc1b4191a 9251
radare2_6.0.2+dfsg-1_amd64.buildinfo
82fefa11637b8ef7b5ef752ce3c34513f3768d33 202788 radare2_6.0.2+dfsg-1_amd64.deb
Checksums-Sha256:
9387c8b25f5dd5f715b5bb8f6aaf063050dd9fc42555e195c532f094ea3c567a 2383
radare2_6.0.2+dfsg-1.dsc
3382395098eb794dc843205a462f4086b1882461e16247ee5cf78794b2a9fb24 9757300
radare2_6.0.2+dfsg.orig.tar.xz
0e89ca9dc2d100981e27db9513278adc9300abb3a56449f3f432135d068abeba 17764
radare2_6.0.2+dfsg-1.debian.tar.xz
9480e6413ed63b6e06479c4d8ecc5e532633cc10cf16f1bb67f244e44cb7baf1 30498508
libradare2-6.0.0t64-dbgsym_6.0.2+dfsg-1_amd64.deb
4957a9388df310d7c29a2379fb34c5bf21c78c5b4a764078278c590fe9f915ea 4694436
libradare2-6.0.0t64_6.0.2+dfsg-1_amd64.deb
6ea4600ef020e17383f2b03af3f0bbb97990a4320707f1dbe49668b7aef173a3 1810680
libradare2-common_6.0.2+dfsg-1_all.deb
73094a513d4023426eb0c867cdd9f78f331f7cc005e4d5889b8998abc6ef646f 241908
libradare2-dev_6.0.2+dfsg-1_amd64.deb
ac9ab932433fbc433e8106ae18f76668b5460d55677b297f1edd15e4c4de81db 3221980
radare2-dbgsym_6.0.2+dfsg-1_amd64.deb
0df7b0ce159c4d6312917f63dd365f16e924ac0c34ccc971691005ef5fe40969 9251
radare2_6.0.2+dfsg-1_amd64.buildinfo
4b9db9e9a881f06a5bc47d5693d16b9320b74717b71381a8af0e5f9e63c6fd77 202788
radare2_6.0.2+dfsg-1_amd64.deb
Files:
ddb547f3964319731032acfbc4af5e11 2383 devel optional radare2_6.0.2+dfsg-1.dsc
baedf5d7d333183b73db30abb8adbc8b 9757300 devel optional
radare2_6.0.2+dfsg.orig.tar.xz
c7a3007fe66db632da9afb10895c42ca 17764 devel optional
radare2_6.0.2+dfsg-1.debian.tar.xz
d9eb6df217b92b8dc6d942e5a680454c 30498508 debug optional
libradare2-6.0.0t64-dbgsym_6.0.2+dfsg-1_amd64.deb
0748a581512404347072f0c248667d9b 4694436 libs optional
libradare2-6.0.0t64_6.0.2+dfsg-1_amd64.deb
b998e8f21bb56f442d6233913806ca79 1810680 devel optional
libradare2-common_6.0.2+dfsg-1_all.deb
c3e9fd8a172f3ee3b9ba675b1ca1d7e0 241908 libdevel optional
libradare2-dev_6.0.2+dfsg-1_amd64.deb
bdc3e09ec076b865915a353bd23dd8fa 3221980 debug optional
radare2-dbgsym_6.0.2+dfsg-1_amd64.deb
16ca8c22aecd2d37803a938a7af442e8 9251 devel optional
radare2_6.0.2+dfsg-1_amd64.buildinfo
afab86eda20abaf9a4245778b6262bec 202788 devel optional
radare2_6.0.2+dfsg-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEtgob82PcExn/Co6JEWhSvN91FcAFAmjTtFYACgkQEWhSvN91
FcAGqg/9FLUN3w4HXiarRyjqP5+Sn8yLr9f5XjkSFm3gu0VSvqswm/T8prkuhMzz
0dQMS3jEfcNdhFGbM5Oi3tMnAkxlxDTNnRAujEqdaeeHIC7zZB13vRZk2773aLPO
G48HytMWPUzRsIQHdfLZKn93FhX24Qvtp9dYACZ4U7+J4ePxD9G2KAba78p2j3ND
Odfm5gkyuAf63hmXRv2phmJS5uBzTOtw+x/upS3ufeVenQdjP8fZadfzqTJvH1xf
0ROtGQpjXacylLPMnJzBupbERTzI0m+K1DmAkcqCmxkmGmWaoGKe4QTDFedHk4UJ
pLzjxsxPAIyZA22Y7ELAFF/HYG0XaTYPnqJdTOzLMF9LaZZGVjrnWZLZopO5zwqm
ReJMTUZTfhYgb+mgcxaMkAYkjk2SEzoHYtBBfU3tFl4fVUP1u4eISejJrWpX3O2V
TLpJwRax7YusXReKwQrOrgoaIDmAFrbj+JZLt63yJC/MtmqfrvKd6k1mam4YemGj
3PeJ8lycXye11iO1ZM+NvG61ggT2WfsdmnCMKW2IxWyzlPkXIo9R9w7PlE2cl519
kIK5UqJJYy1LJnrXPqSe50OYNBXJbbSjdrfQV7uE8IKStgV1u5jDL+DrF3GCtNb3
IOGLTcfjnSJU3oGE8iL1JSovQ95j90IsntK3JUubjyWCkdY1uE4=
=/Yxw
-----END PGP SIGNATURE-----
pgpB4SjjoGHGR.pgp
Description: PGP signature
--- End Message ---
