Your message dated Tue, 22 Aug 2017 21:48:14 +0000
with message-id <e1dkh1y-0004ao...@fasolo.debian.org>
and subject line Bug#872400: fixed in augeas 1.2.0-0.2+deb8u2
has caused the Debian Bug report #872400,
regarding augeas: CVE-2017-7555: Improper handling of escaped strings leading
to memory corruption
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
872400: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872400
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: augeas
Version: 1.8.0-1
Severity: grave
Tags: security upstream
Forwarded: https://github.com/hercules-team/augeas/pull/480
Hi,
the following vulnerability was published for augeas.
CVE-2017-7555[0]:
crash/memory corruption when handling certain escaped strings
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-7555
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7555
[1] https://github.com/hercules-team/augeas/pull/480
[2]
https://github.com/hercules-team/augeas/pull/480/commits/39592c4eef8d4826947adca94c7fbd6efb8d47ca
[3] https://bugzilla.redhat.com/show_bug.cgi?id=1475621 (not
addessible at time of writing)
[4] http://www.openwall.com/lists/oss-security/2017/08/17/3
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: augeas
Source-Version: 1.2.0-0.2+deb8u2
We believe that the bug you reported is fixed in the latest version of
augeas, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 872...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hilko Bengen <ben...@debian.org> (supplier of updated augeas package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 18 Aug 2017 23:12:46 +0200
Source: augeas
Binary: augeas-tools libaugeas-dev libaugeas0 augeas-dbg augeas-lenses
augeas-doc
Architecture: source amd64 all
Version: 1.2.0-0.2+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Hilko Bengen <ben...@debian.org>
Changed-By: Hilko Bengen <ben...@debian.org>
Description:
augeas-dbg - Debugging symbols for libaugeas0
augeas-doc - Augeas lenses documentation
augeas-lenses - Set of lenses needed by libaugeas0 to parse config files
augeas-tools - Augeas command line tools
libaugeas-dev - Development files for writing applications based on libaugeas0
libaugeas0 - Augeas configuration editing library and API
Closes: 872400
Changes:
augeas (1.2.0-0.2+deb8u2) jessie-security; urgency=high
.
* Add patch to fix CVE-2017-7555 (Closes: #872400)
Checksums-Sha1:
e56fdc95428b1d6fd70aa0d1850999e2d8e0e3b8 2352 augeas_1.2.0-0.2+deb8u2.dsc
ab63548ae5462d7b3dc90e74311b8e566ba22485 1957910 augeas_1.2.0.orig.tar.gz
b156c48e9e883a0e5e1f2fba9ec7d9479d3b9528 11960
augeas_1.2.0-0.2+deb8u2.debian.tar.xz
c3cbaed4e51944143f058cbd2aaa8d93193ee1d3 127478
augeas-tools_1.2.0-0.2+deb8u2_amd64.deb
56c7b7183ef1539bea87466605fa26b939d01251 278560
libaugeas-dev_1.2.0-0.2+deb8u2_amd64.deb
91fc2e3940e921d561d6cbf450a3a5a05c9be172 257180
libaugeas0_1.2.0-0.2+deb8u2_amd64.deb
3065a32ea8faffa839df89f27329a5d24bd67059 554128
augeas-dbg_1.2.0-0.2+deb8u2_amd64.deb
e12613645b6187fe75d1c89a289819ebce462faf 336398
augeas-lenses_1.2.0-0.2+deb8u2_all.deb
c1a9c7d5249b1f26ce1dd531fadd49819e808277 455322
augeas-doc_1.2.0-0.2+deb8u2_all.deb
Checksums-Sha256:
c2561b304f073c4dd9fcd1db07014b5f69e8f03a01ffbcec8b96d11835e30f70 2352
augeas_1.2.0-0.2+deb8u2.dsc
f4aeb28ebe0b0921920fe1c9b4c016739c25261a15de04cb97db02d669f481e0 1957910
augeas_1.2.0.orig.tar.gz
56c8504771d32950c3839e803dc8cae64e795b551f186d09238d46dec67a9f86 11960
augeas_1.2.0-0.2+deb8u2.debian.tar.xz
d219907a1ed66cec373bafb2f9f7f94c0d6b1fdce5e6b4eea4145c72fa107cc0 127478
augeas-tools_1.2.0-0.2+deb8u2_amd64.deb
35a3e59db231bb3723f713e2521d706611536e3d1d3138705928c1731c106ecc 278560
libaugeas-dev_1.2.0-0.2+deb8u2_amd64.deb
2867ebe38ae1ae9dc55d790b0f6af663997e1b268b564af190038611df564bbe 257180
libaugeas0_1.2.0-0.2+deb8u2_amd64.deb
c3ff5f81b534d6bfa7a7b10fbe673e5d8e6eb1bd51cfdf8f61d9219e79536b72 554128
augeas-dbg_1.2.0-0.2+deb8u2_amd64.deb
e8dd4446dd13559f94b42d87eef382697e7bfbf9f998963eb5603094f774efcc 336398
augeas-lenses_1.2.0-0.2+deb8u2_all.deb
11db12cd32d3ddb5d6123a6552a1a5c051223db77a3cf4a7688016ca8699e5dd 455322
augeas-doc_1.2.0-0.2+deb8u2_all.deb
Files:
e24a61d05cbbd12332b2aa36091184ec 2352 libs optional augeas_1.2.0-0.2+deb8u2.dsc
dce2f52cbd20f72c7da48e014ad48076 1957910 libs optional augeas_1.2.0.orig.tar.gz
2b718659b0364c412da612ee36aa7740 11960 libs optional
augeas_1.2.0-0.2+deb8u2.debian.tar.xz
be065ca73cc5f49e0b85b53f91638a7f 127478 admin optional
augeas-tools_1.2.0-0.2+deb8u2_amd64.deb
20955f0a7ad13b3a90680eadfd519618 278560 libdevel optional
libaugeas-dev_1.2.0-0.2+deb8u2_amd64.deb
29aaa9025cd86eb5ab771f2476ea8cf5 257180 libs optional
libaugeas0_1.2.0-0.2+deb8u2_amd64.deb
0de0f93176529b9238b8d90784d15154 554128 debug extra
augeas-dbg_1.2.0-0.2+deb8u2_amd64.deb
697d3f2ba5edb8559eb591d357bf2085 336398 misc optional
augeas-lenses_1.2.0-0.2+deb8u2_all.deb
26005642f47ba3ab9d10dd5571d1e935 455322 doc optional
augeas-doc_1.2.0-0.2+deb8u2_all.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEErnMQVUQqHZbPTUx4dbcQY1whOn4FAlmZw/8ACgkQdbcQY1wh
On72bw/9GMp8Ps9eovF0bGgiD5N4e7tT2zS9MeojooTOqFCRT6HTVd6b3rR8rhH9
WZ4Pw/D7GDk9N7taOAptVZMenLjaAzJ7Y7OiRXHqM/VVToJ8OX1aAVxpAmqS4534
1gJJ2FoNe+1D12pCNCQljlisPeayiZC8qpRtlNV/458dQnCRJSdihXCmB7ihSGtp
fd2owMiNzvI84YbHwoq++NAVv7yay7ANLepGy7IYp/LWK8b/W91DXw1Y+12E1U/4
5cXu2Lr+KsWH+crDEu9i0pytxZoQztvq+q2Fh0XCq2l5slWnYKgSjjJ1TGcXANXw
CwJ7VK0zokPbo0RYd8C+4kst9lR0UZjTTprxSgE4EK7JFH+Uscfyu8x8vn+scByR
R897HtjE1VvhDO4HbkygUdpsPRkMB5kfKEC4UiOC1cosD778qxpjDyV0N/zng6eB
x1dYIhgHAVAYwyByTrOEosKvN4W/JUMIRp7Lz+Sg5VHyznVFupafzET4OHMJKxeQ
46d6KXjwNhitXN562SnV8wdXS5syiP6EpWivX8Cfq+Z8zBWjakge4e59YX7By8ac
+dLahWnsPGkL5Is8DdXjksM5targzl2aq0MhnJ3VH9gTM4ACsJA2eqoP+qHxbanx
YYslRCQ4M+qwgazP8AdtmyiAevGGVQI+Are0H/YSLXR74DAHVvI=
=okpu
-----END PGP SIGNATURE-----
--- End Message ---
