Your message dated Tue, 22 Aug 2017 21:47:18 +0000 with message-id <e1dkh14-0003xs...@fasolo.debian.org> and subject line Bug#871263: fixed in libmspack 0.5-1+deb9u1 has caused the Debian Bug report #871263, regarding libmspack: CVE-2017-6419 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 871263: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871263 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libmspack Version: 0.5-1 Severity: grave Tags: security upstream Hi, the following vulnerability was published for libmspack. CVE-2017-6419[0]: | mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows | remote attackers to cause a denial of service (heap-based buffer | overflow and application crash) or possibly have unspecified other | impact via a crafted CHM file. It was fixed in ClamAV already at [1]. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-6419 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6419 [1] https://github.com/vrtadmin/clamav-devel/commit/a83773682e856ad6529ba6db8d1792e6d515d7f1 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libmspack Source-Version: 0.5-1+deb9u1 We believe that the bug you reported is fixed in the latest version of libmspack, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 871...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sebastian Andrzej Siewior <sebast...@breakpoint.cc> (supplier of updated libmspack package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 16 Aug 2017 21:42:50 +0200 Source: libmspack Binary: libmspack0 libmspack-dev libmspack-dbg libmspack-doc Architecture: source all Version: 0.5-1+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Marc Dequènes (Duck) <d...@duckcorp.org> Changed-By: Sebastian Andrzej Siewior <sebast...@breakpoint.cc> Description: libmspack-dbg - library for Microsoft compression formats (debugging symbols) libmspack-dev - library for Microsoft compression formats (development files) libmspack-doc - library for Microsoft compression formats (documentation) libmspack0 - library for Microsoft compression formats (shared library) Closes: 868956 871263 Changes: libmspack (0.5-1+deb9u1) stretch-security; urgency=high . * Non-maintainer upload. * Correct rejection of empty strings. * Fix mis-handling of sys->read() errors in cabd_read_string() (CVE-2017-11423) (Closes: #868956). * Reject negative output length in SpanInfo (CVE-2017-6419) (Closes: #871263). Checksums-Sha1: 8118405773ef8356fe520737058fbf95d17117ed 2106 libmspack_0.5-1+deb9u1.dsc 226f19b1fc58e820671a1749983b06896e108cc4 654193 libmspack_0.5.orig.tar.gz 4babb832b2773e12567b274de585ba2a9e7d8c67 5144 libmspack_0.5-1+deb9u1.debian.tar.xz dc60b25fbf123af558558eca9d42d07eeb5d401e 100468 libmspack-doc_0.5-1+deb9u1_all.deb 223aaec089b4b2981c25d8bf97018e527504774b 5514 libmspack_0.5-1+deb9u1_all.buildinfo Checksums-Sha256: 310bd4b82727a872fe4501178858384843047b6068eca999d95d079f57d76499 2106 libmspack_0.5-1+deb9u1.dsc 8967f275525f5067b364cee43b73e44d0433668c39f9376dfff19f653d1c8110 654193 libmspack_0.5.orig.tar.gz 5684fef2fb4dcef3440a04bfb2fcb2add4eb1cafab157b7e0f6fe623d7a2c484 5144 libmspack_0.5-1+deb9u1.debian.tar.xz b5a7aff16ae33e3b8ab74e2a7f249567908d1b32af63a31c7ea0309f7b142033 100468 libmspack-doc_0.5-1+deb9u1_all.deb b175d977c70110889a4f5f70fb6723a42d52fb9d308434a25946fc2ef32fdc56 5514 libmspack_0.5-1+deb9u1_all.buildinfo Files: 396bdf2547bb0b30d16b472e83d6a3b0 2106 libs optional libmspack_0.5-1+deb9u1.dsc 3aa3f6b9ef101463270c085478fda1da 654193 libs optional libmspack_0.5.orig.tar.gz 9ff4024c162377ea097e4bb2ae44d85f 5144 libs optional libmspack_0.5-1+deb9u1.debian.tar.xz a517717857cb8d9b933fa156f4e24445 100468 doc optional libmspack-doc_0.5-1+deb9u1_all.deb dbf7fd58a7820d7024a987819700eb86 5514 libs optional libmspack_0.5-1+deb9u1_all.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEErHvQgQWZUb1RregAT+XjJihy5MwFAlmV7rYACgkQT+XjJihy 5MzIeA//YVNHDJ/Yp/ebskbodbsSO5z0Dyb/5M/Z41kJWnVd5v541YkIZiEQC3tW 8N3a0sXdYH/x8MMHyU7itHdYU2G5vnh0Th5KXFVTL1lIkCoiOX7779O/XqUeAAwq gJ95e7s4ASgMn+h3vliTtbe4nE8Rj9PbSTcdA+hhB6UssMbH9fTMt6SghTMNBFY3 H0xNZlr7jidA5olqXe/I9mviuAAl6CzenUWe8ePW5EnZIfusZ9ladcs/pYhpWJII yEa7aA+Igjfme4i0OodDDEEt3cJqEyyM5IeqmGHoBEmOhSQc3zawHt6CRZ5nWETR bnFIdaZb5aBV6g1ykBZUeli1Q6CNHueTxUOJEdC2C5kXK7/I1snnRssJW/jpcLhX Y8geQZN0f0EmZjVdRT/4rtl/fAAqS3xst5YFyoPEarnGbAUcLuuX6lOSbGjcQcdQ ldXYJ4/3Wd5JwCYTHW68rwbDXYq+vsEX/gBPpnQeNAaLcaxUPIgd+dMbcAIxfDXv AzcAqe1dJ/dFyV+/PowKqrA4uXyT6C/jTjkG5UWD5ZJU3eXuSl4/6/e/OOpc2gQo inq6JhcFRD9qCx9dD7fXp3b5pzXElGxDS1ODGBS1R+GaqjxFmqX6OuiCYkbacko4 ECoKjbyQ+g3/F50R4J2YwuQx1R/dGzc+EtTo7Ei76kfNuch4fuc= =oXra -----END PGP SIGNATURE-----
--- End Message ---
