Your message dated Tue, 22 Aug 2017 21:48:34 +0000 with message-id <e1dkh2i-0004it...@fasolo.debian.org> and subject line Bug#871263: fixed in libmspack 0.5-1+deb8u1 has caused the Debian Bug report #871263, regarding libmspack: CVE-2017-6419 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 871263: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871263 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libmspack Version: 0.5-1 Severity: grave Tags: security upstream Hi, the following vulnerability was published for libmspack. CVE-2017-6419[0]: | mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows | remote attackers to cause a denial of service (heap-based buffer | overflow and application crash) or possibly have unspecified other | impact via a crafted CHM file. It was fixed in ClamAV already at [1]. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-6419 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6419 [1] https://github.com/vrtadmin/clamav-devel/commit/a83773682e856ad6529ba6db8d1792e6d515d7f1 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libmspack Source-Version: 0.5-1+deb8u1 We believe that the bug you reported is fixed in the latest version of libmspack, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 871...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sebastian Andrzej Siewior <sebast...@breakpoint.cc> (supplier of updated libmspack package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 16 Aug 2017 21:42:50 +0200 Source: libmspack Binary: libmspack0 libmspack-dev libmspack-dbg libmspack-doc Architecture: source amd64 all Version: 0.5-1+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Marc Dequènes (Duck) <d...@duckcorp.org> Changed-By: Sebastian Andrzej Siewior <sebast...@breakpoint.cc> Description: libmspack-dbg - library for Microsoft compression formats (debugging symbols) libmspack-dev - library for Microsoft compression formats (development files) libmspack-doc - library for Microsoft compression formats (documentation) libmspack0 - library for Microsoft compression formats (shared library) Closes: 868956 871263 Changes: libmspack (0.5-1+deb8u1) jessie-security; urgency=high . * Non-maintainer upload. * Correct rejection of empty strings. * Fix mis-handling of sys->read() errors in cabd_read_string() (CVE-2017-11423) (Closes: #868956). * Reject negative output length in SpanInfo (CVE-2017-6419) (Closes: #871263). Checksums-Sha1: 0f0eeda3692a12a2ba912733b96c72c6e190295a 2106 libmspack_0.5-1+deb8u1.dsc 42df94afb1e167e1334b92cded4e86c0b6568823 5148 libmspack_0.5-1+deb8u1.debian.tar.xz 5d53a8c460e28223ad680154451f21794e5811a5 47170 libmspack0_0.5-1+deb8u1_amd64.deb ff8fe69a3e7ac2e1a67e3be3583b5002757158b7 65516 libmspack-dev_0.5-1+deb8u1_amd64.deb 66cd4083789e01458c19f928c5576995dfe07aab 84436 libmspack-dbg_0.5-1+deb8u1_amd64.deb 4aae4ac61a56bfc7d30e9195d13bd19f5b290712 100766 libmspack-doc_0.5-1+deb8u1_all.deb Checksums-Sha256: 4c0d570bee1de45c801dd2fc745c4fa56131a206ab1edab49e7407942f7d8387 2106 libmspack_0.5-1+deb8u1.dsc c7ad3df9c6401cbc075acba4519a5fb312183c83154834d52408ce8455e76db8 5148 libmspack_0.5-1+deb8u1.debian.tar.xz c5efdde1b92633dc3c6b65bbe197bd9cdf5c1748b98f465a29c582602fd3cff4 47170 libmspack0_0.5-1+deb8u1_amd64.deb 0578c9ff8f5f6ff6732769a588595c82850ae83a8379ba3e92df3514d7bd8fd3 65516 libmspack-dev_0.5-1+deb8u1_amd64.deb 7597553486ec11b6fc583468bc85b822ab538a3eb3e14a6193aab36793f13542 84436 libmspack-dbg_0.5-1+deb8u1_amd64.deb 8e04f2a37878279060657d4af01ddb4b8a27b30e2656e408e57eecefd80bac29 100766 libmspack-doc_0.5-1+deb8u1_all.deb Files: b5bcf260629f0c2c6884d8b1b1877f55 2106 libs optional libmspack_0.5-1+deb8u1.dsc be04a3ce310a729c35f5fdb666655373 5148 libs optional libmspack_0.5-1+deb8u1.debian.tar.xz 86d7f1928a14eca61d5619eb42a17ff1 47170 libs optional libmspack0_0.5-1+deb8u1_amd64.deb b1677eff105b2c8238f7d119d16f4a1e 65516 libdevel optional libmspack-dev_0.5-1+deb8u1_amd64.deb 54826f304dd902d6e78909f39994bd05 84436 debug extra libmspack-dbg_0.5-1+deb8u1_amd64.deb 66e14a51927a4c22a8d2f3b01ad53123 100766 doc optional libmspack-doc_0.5-1+deb8u1_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEErHvQgQWZUb1RregAT+XjJihy5MwFAlmV7uAACgkQT+XjJihy 5My7oA/+JNfHZouLWnAcOQKvyF2s4RiEADz4mx5Lb/s5vtnfUJMwzhS1nK7sPViu amy2SlSBlCkkscKKVdpCilcTJJeNNHMwXuaLXJDrohA0T3gz6TbG2QlnwiS0BU5x KOXqYy1OCMuPPH3kG/715u4aod6cJLWUPjD+/uNd16PQjhQ+Z/3321iYfo1er/q3 xFwfom3ZmcdXxGl+dQ4cdKNBxhpWUP19Tt19Gwg/tojnfEnm1sNtgrwP9E/nAfMn 5UKO7oNzBpQAl1MZzA6TcfWqf+YAFl8ciNlCYqYxDb7qiFyEPtTWWtxlwDDE7DNa DHc9vSd9psinIUzKNabkIdwYWRK4SOqNESRxDVn1Imdjqj5tuvVRsMS3qWL7HjFS z/9EIYxpUG2b1IsUP1xXF5SKNtMFzNwhC2YU/STXHWgZb4rwig3tg19XBGKVi2Ei fRPJd2+ixeSOXVnn2yHuNRCjEfjDaAC7BwTbteOaeKtLWtGgyvjkfCg0qmxcyrrn xDuU0TIhdLaSayL5vsnf7lCv88FB82t7jhHs5hBaWHAmRjmP+aCT2/PQn0ZbVcAu jyj7BYdLc+0XU8M/fzF949il04BCjOVuPlyCzCSp1hoHFQwovnnN/MIpmXLdFfHa X5DFUlhsb3DxBiWrED4NL++C9v1LeXgOwlpB6Qk/yTmVy1Wki00= =HQH1 -----END PGP SIGNATURE-----
--- End Message ---
