Your message dated Fri, 15 Sep 2017 21:05:59 +0000 with message-id <e1dsxof-0009cu...@fasolo.debian.org> and subject line Bug#875690: fixed in freexl 1.0.4-1 has caused the Debian Bug report #875690, regarding freexl: CVE-2017-2923: Heap-based buffer overflow in the read_biff_next_record function to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 875690: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875690 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: freexl Version: 1.0.3-1 Severity: grave Tags: upstream security Hi, the following vulnerability was published for freexl. CVE-2017-2923[0]: Heap-based buffer overflow in the read_biff_next_record function If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-2923 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2923 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1490898 [2] https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0430 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: freexl Source-Version: 1.0.4-1 We believe that the bug you reported is fixed in the latest version of freexl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 875...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bas Couwenberg <sebas...@debian.org> (supplier of updated freexl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 15 Sep 2017 21:37:56 +0200 Source: freexl Binary: libfreexl-dev libfreexl1 libfreexl1-dbg Architecture: source amd64 Version: 1.0.4-1 Distribution: unstable Urgency: medium Maintainer: Debian GIS Project <pkg-grass-de...@lists.alioth.debian.org> Changed-By: Bas Couwenberg <sebas...@debian.org> Description: libfreexl-dev - library for direct reading of Microsoft Excel spreadsheets - deve libfreexl1 - library for direct reading of Microsoft Excel spreadsheets libfreexl1-dbg - library for direct reading of Microsoft Excel spreadsheets - debu Closes: 875690 875691 Changes: freexl (1.0.4-1) unstable; urgency=medium . * New upstream release. Fixes TALOS-2017-430 (CVE-2017-2923) & TALOS-2017-431 (CVE-2017-2924). (closes: #875690, #875691) Checksums-Sha1: 1015eabe9afeea2ed3dfd27fe06167536bd5dbec 2111 freexl_1.0.4-1.dsc e909bdfb4590debb16b75f5c6df7f33cbccdff33 938754 freexl_1.0.4.orig.tar.gz 7c1396d7ec1c8bc05238603481b8fe82a750a9ae 12840 freexl_1.0.4-1.debian.tar.xz 3d10efcbcd56172f09a4ec2777bfb1b921197b61 6371 freexl_1.0.4-1_amd64.buildinfo d23d3c5688168ff1385896785d8a1a3484b3c9fd 32396 libfreexl-dev_1.0.4-1_amd64.deb b5be9df5bd3fc7561d564a0c03d24168dc47fab8 50010 libfreexl1-dbg_1.0.4-1_amd64.deb 63e4d452eb9ddfc7520b589d4a358cc46135af53 33542 libfreexl1_1.0.4-1_amd64.deb Checksums-Sha256: 393ed1b6110bf55bcc8e02d376f854276b9f3dccdaf63a0502732cab3f917df0 2111 freexl_1.0.4-1.dsc 500ff1010bbceee26d4ce1b991515736bd8c0ae6894f8c38468c05c224fe7c25 938754 freexl_1.0.4.orig.tar.gz 12b4a7c4d57d97d044ccc2b05b7fd4d6ce7ad00297788a53bce7217027e73404 12840 freexl_1.0.4-1.debian.tar.xz 31c5de8fad1bbdb99724ab3595af2c0d15ce3613fa824c320278e26f56c81712 6371 freexl_1.0.4-1_amd64.buildinfo ea3591305dc1882cd78b6430989896b63dcbdec8d5d8ffbc408fdb472ea25366 32396 libfreexl-dev_1.0.4-1_amd64.deb 22f08e874b8b50f588c93265aa4fcada40f75b913c59ece329cad34dd053279d 50010 libfreexl1-dbg_1.0.4-1_amd64.deb e35d789c4e7810d7fd5c198a1c04c9b82473e2ec179688b19c730c714890de35 33542 libfreexl1_1.0.4-1_amd64.deb Files: 14b43120889cf24008d77fababe66378 2111 libs optional freexl_1.0.4-1.dsc 2629f8690054a9f50479e16ade3d1f66 938754 libs optional freexl_1.0.4.orig.tar.gz e12ef5570186484afbaf4179b531af54 12840 libs optional freexl_1.0.4-1.debian.tar.xz 4816b795a6740575e6367dbd73ae4271 6371 libs optional freexl_1.0.4-1_amd64.buildinfo 01297d5bb8454cd0bb1f841f88967c3c 32396 libdevel optional libfreexl-dev_1.0.4-1_amd64.deb f5690ae04684fed546509d0b6523cc25 50010 debug extra libfreexl1-dbg_1.0.4-1_amd64.deb 28b1b50add69a58412070f19152508bb 33542 libs optional libfreexl1_1.0.4-1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEgYLeQXBWQI1hRlDRZ1DxCuiNSvEFAlm8L3QACgkQZ1DxCuiN SvFjdhAAncMij7x4A8/ylHoPPfd7X4tM0uLUZhx1D78AgbHej6aW357+GDW7bMml LIdeRtLDn/SB0aS1Qr2HoFeWrPgFX71D8vCBjiY7JcdzJmfHr1u0nhNWZPZfCSTl jS8bIzWNa859H6omNYC2CU6Eqa0dCzrdDLNzurf8LOTZHajX5Zp8aoBu+Ucg8Nna OteC1PyYynoZP1J4M2RpYOpOkH0Vz2oRNlN6/dgyPJcCq0I4PDjG6EXE39m5l6K/ C7F6X3Hy6QBfvyBdsXuNiGnAGia9WKNazov0AIlKjt9gF16M4eYwoXaUXBXOPam2 gUMNPZfYJjbVCJQCVPdeDCDdI3DzjCSqJumalTvs9Oby3hgTkRTLHfENtgnXYi7z egtOSVHXUMvJ0rtxkc9bf4049zGrFifWFGPqO667Tm/qZPjve1u00L0rW9BAKjd5 Effn6ZQMDYvxGssUHqj/ih0mG0UJXvzw+3QOGw44kb+inzsulcJDQWenE9QDN6go i4lh7KKnJPCT0Wmj/+x5UKtJta63UgGQcmADjI6iZbHbHEcG72v3IF1oBwoqtoAC 4GJkaX5Xm2Ttrzs3SP8qHP9pv44xzTBKCrHx3rjDyfGEpmEg+q5FokOzWcmfDG44 HhdctmdsPThmF1OcBTapDlaVuw2/0W4CXez4gvROhaVZrUYespw= =qmum -----END PGP SIGNATURE-----
--- End Message ---
