Your message dated Sat, 07 Mar 2026 09:47:05 +0000
with message-id <[email protected]>
and subject line Bug#1101714: fixed in augeas 1.14.1-1.1~deb13u1
has caused the Debian Bug report #1101714,
regarding augeas: CVE-2025-2588
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1101714: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101714
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: augeas
Version: 1.14.1-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/hercules-team/augeas/issues/852
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for augeas.
CVE-2025-2588[0]:
| A vulnerability has been found in Hercules Augeas 1.14.1 and
| classified as problematic. This vulnerability affects the function
| re_case_expand of the file src/fa.c. The manipulation of the
| argument re leads to null pointer dereference. Attacking locally is
| a requirement. The exploit has been disclosed to the public and may
| be used.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-2588
https://www.cve.org/CVERecord?id=CVE-2025-2588
[1] https://github.com/hercules-team/augeas/issues/852
[2]
https://github.com/hercules-team/augeas/commit/af2aa88ab37fc48167d8c5e43b1770a4ba2ff403
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: augeas
Source-Version: 1.14.1-1.1~deb13u1
Done: Adrian Bunk <[email protected]>
We believe that the bug you reported is fixed in the latest version of
augeas, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Adrian Bunk <[email protected]> (supplier of updated augeas package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 06 Mar 2026 19:36:23 +0200
Source: augeas
Architecture: source
Version: 1.14.1-1.1~deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Hilko Bengen <[email protected]>
Changed-By: Adrian Bunk <[email protected]>
Closes: 1101714
Changes:
augeas (1.14.1-1.1~deb13u1) trixie; urgency=medium
.
* Non-maintainer upload.
* Rebuild for trixie.
.
augeas (1.14.1-1.1) unstable; urgency=medium
.
* Non-maintainer upload.
* CVE-2025-2588: NULL Pointer Dereference in re_case_expand()
(Closes: #1101714)
Checksums-Sha1:
4e604f83ddef7e8dc4856bd88acefa4486cd1135 2179 augeas_1.14.1-1.1~deb13u1.dsc
88daf08a88fbbdf68ca5865abc5593b52c017368 2653776 augeas_1.14.1.orig.tar.gz
29467cb9ba3b9a3c11e00346fbfd17985b133bf0 11344
augeas_1.14.1-1.1~deb13u1.debian.tar.xz
Checksums-Sha256:
425668a4b15e976ea2e05a96de7a08c87540db8cdf17e243c955f4c410db2b10 2179
augeas_1.14.1-1.1~deb13u1.dsc
368bfdd782e4b9c7163baadd621359c82b162734864b667051ff6bcb57b9edff 2653776
augeas_1.14.1.orig.tar.gz
b672aba5fb1eb81c383f16cc1af66da3af85e0b833ac261aa84364f842964d79 11344
augeas_1.14.1-1.1~deb13u1.debian.tar.xz
Files:
eafe3dddd4ae653864d5a35cd6540101 2179 libs optional
augeas_1.14.1-1.1~deb13u1.dsc
ac31216268b4b64809afd3a25f2515e5 2653776 libs optional
augeas_1.14.1.orig.tar.gz
818162898a68eb69e54a09a8c922dd8e 11344 libs optional
augeas_1.14.1-1.1~deb13u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmmrPFUACgkQiNJCh6LY
mLFh1w/+Js1vEWWI/6KrRO5QnwiGsQ3b/7WBtWCwxJoZYkFU3EQyviih0r2MHoqL
QuU1RGKOKmKTKFpfkyZ+v0vSgOPTtDTd7jzN8StjNaNYMtRvyGt3vtkENauNupBS
DAW2HUDAhvXU7NZetLIQJMtS5d2tiOY/xiCxv1Au05wa++t8f6P0zunhIBaRuOZP
KEJ12SBYyk01IOMD7YJ8XQZHpCnDwkOb2wUZXjcwm3RDMcxDoCeT5BQsEEYbqazX
bQ5HtAgbHdK2GaR7yHoQrbMJYMW8PVzMAmJBOFLaieH6D94h4jCr9JLJ3xVIwb6s
DWWfF8S4q9FsLtGarHytlEjdhN2Zu3CqRT7ZA+oHTkKmbg9hoUyCtB/mq/456lmd
qchpNnGJPIut5xjUiKnfYgp1/bvJGlDP00KDKL4/wv3vIrzQPBWXHyJewDaPJHbr
druh11OfumSvZmTode7EBGdq8fauDrdlcUZ+CIsbAjFBXIRev8vVBQ2SoN2MiiIt
lsIJNAxOy/Xk/rFK96w/EGKF4HQe74dG+X6SmxGkXIwzr1nbfnhwaER1Rp/z5z9d
rOLx0sbZfKQFeLnmxV2rhmUHLWQ8I2OMQKlZ5wy9KG+NXOlddr/zs6mdb4HM9ez0
6syub+ZXHDCxQM07q2ZGG/HRNq1jMadOvNX6IRMsoDApQYHRcl8=
=91nK
-----END PGP SIGNATURE-----
pgpU9rjsHP5tl.pgp
Description: PGP signature
--- End Message ---
