Your message dated Sat, 23 Sep 2017 11:33:10 +0000 with message-id <e1dvigi-000ee7...@fasolo.debian.org> and subject line Bug#875690: fixed in freexl 1.0.0g-1+deb8u4 has caused the Debian Bug report #875690, regarding freexl: CVE-2017-2923: Heap-based buffer overflow in the read_biff_next_record function to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 875690: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875690 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: freexl Version: 1.0.3-1 Severity: grave Tags: upstream security Hi, the following vulnerability was published for freexl. CVE-2017-2923[0]: Heap-based buffer overflow in the read_biff_next_record function If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-2923 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2923 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1490898 [2] https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0430 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: freexl Source-Version: 1.0.0g-1+deb8u4 We believe that the bug you reported is fixed in the latest version of freexl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 875...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bas Couwenberg <sebas...@debian.org> (supplier of updated freexl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 16 Sep 2017 23:26:04 +0200 Source: freexl Binary: libfreexl-dev libfreexl1 libfreexl1-dbg Architecture: source amd64 Version: 1.0.0g-1+deb8u4 Distribution: jessie-security Urgency: high Maintainer: Debian GIS Project <pkg-grass-de...@lists.alioth.debian.org> Changed-By: Bas Couwenberg <sebas...@debian.org> Description: libfreexl-dev - library for direct reading of Microsoft Excel spreadsheets - deve libfreexl1 - library for direct reading of Microsoft Excel spreadsheets libfreexl1-dbg - library for direct reading of Microsoft Excel spreadsheets - debu Closes: 875690 875691 Changes: freexl (1.0.0g-1+deb8u4) jessie-security; urgency=high . * Add upstream patch to fix CVE-2017-2923 & CVE-2017-2924. (closes: #875690, #875691) Checksums-Sha1: 37e7320897f6dbecc864d0d01ee39cbabfafecfe 2131 freexl_1.0.0g-1+deb8u4.dsc a38ea11e82f3d6794f19f554696203d05e4d3aba 14028 freexl_1.0.0g-1+deb8u4.debian.tar.xz 3209ae37043ea7566847c02dca3c82d60100e283 31010 libfreexl-dev_1.0.0g-1+deb8u4_amd64.deb fc34b2728d93ebe3df6161a7aa6c919eb079c917 26638 libfreexl1_1.0.0g-1+deb8u4_amd64.deb dfc7842df5806bacc222682fcd16540f1b8029f5 54720 libfreexl1-dbg_1.0.0g-1+deb8u4_amd64.deb Checksums-Sha256: a3a7e548c738707bdd6bfa2d9afe49f733f5d0ee26f0944e77ec833a129927be 2131 freexl_1.0.0g-1+deb8u4.dsc 1f90a7fbeb4e8d75aba9a8b6042154b6935f809c6738430a7ff47acef40d422d 14028 freexl_1.0.0g-1+deb8u4.debian.tar.xz fc8ca1b04cdb2541112c03117ef96a6398e3d148f17e67f1c695a54a8f498220 31010 libfreexl-dev_1.0.0g-1+deb8u4_amd64.deb 3a7a2e42a8664d88087c8497ff6139b93751668daa596e14642994fad1f266dd 26638 libfreexl1_1.0.0g-1+deb8u4_amd64.deb e88913f2355a70eb2fb9f162a69624c3ebff547684c450181c9b97cb4062555a 54720 libfreexl1-dbg_1.0.0g-1+deb8u4_amd64.deb Files: 79e835759a08472d9df0f6b29cdf1bae 2131 libs optional freexl_1.0.0g-1+deb8u4.dsc 93aa9cf71c481ae99d7780c007c17571 14028 libs optional freexl_1.0.0g-1+deb8u4.debian.tar.xz 94fe5f461cdff98627396c7788863a2f 31010 libdevel optional libfreexl-dev_1.0.0g-1+deb8u4_amd64.deb fd975d654b94507842bdcedfef799919 26638 libs optional libfreexl1_1.0.0g-1+deb8u4_amd64.deb e992eb74a2f8bd51adac082954fcaa24 54720 debug extra libfreexl1-dbg_1.0.0g-1+deb8u4_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEgYLeQXBWQI1hRlDRZ1DxCuiNSvEFAlm+fioACgkQZ1DxCuiN SvHZXg/+Py9XK8VxNotvcM+FdsLKvz7096hH/rN9vyaIy7ggiyUshpCgtIVqOn+E 2uEKRSOM63YjtEL3sgufe01pTVXvaLiugTa4XriNk4Mnx55UFIUNuLrx0+eKZ55H P3TGx1ArAs8+u44kUgCo8q6OuKr/7g3B096XhQvijw38BNOEssAIvZ3WIr4TVGd9 l0/iVfMWw0+ActthgLVZgZd0r3hbh3M3sbnqbJ2dqAIBDMTaI+lC9MEPBofQ7ew6 MHkp9CoSCVZA9Hru613IKXfwnpOgpNw4Av7EzjHBprVcoT4tCuiAP8PWRpo6bfNV DBzv9DRc3o3syKn0HntzsHcJIMwoZ27+/saVk3bXlOVP63GANqs9g7MDvvkv/aCO L4k0rE4gLi/U/EsJAI2jeUmbV+qP9SlVE2DTz87lRyYIAVyRw8OrpcrJ5KssjTnJ 0a9LjYtK8PBNlAalOCKhEqqO2/Ulfqe9V1UCTvnX9I3QOv+MhnU4O8FN6nqEVKIj c6sc0bKy8Z9s5jlzOmLsBpxTvUx5M6YXYsvmimICN9wMk93N3/7Yz5WgLBeFSeAV Fb5Xz+jDUwnG0KMwHpvhZ1stUInJ6h8BPYWHwERsNiZvv/fxkVxntIASeEUGNBC2 pB7841X7pXkcnirAOzPB2nxbVtixgRZ5buKdhAfrobZFVGuTrqw= =jsWo -----END PGP SIGNATURE-----
--- End Message ---
