Your message dated Sun, 12 Nov 2017 15:32:08 +0000 with message-id <e1eduey-000f0d...@fasolo.debian.org> and subject line Bug#880116: fixed in bchunk 1.2.0-12+deb9u1 has caused the Debian Bug report #880116, regarding CVE-2017-15953 / CVE-2017-15954 / CVE-2017-15955 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 880116: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880116 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: bchunk Severity: grave Tags: security Please see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15955 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15954 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15953 Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: bchunk Source-Version: 1.2.0-12+deb9u1 We believe that the bug you reported is fixed in the latest version of bchunk, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 880...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sebastien Delafond <s...@debian.org> (supplier of updated bchunk package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 09 Nov 2017 14:28:06 +0100 Source: bchunk Binary: bchunk Architecture: source amd64 Version: 1.2.0-12+deb9u1 Distribution: stable Urgency: high Maintainer: Praveen Arimbrathodiyil <prav...@gmail.com> Changed-By: Sebastien Delafond <s...@debian.org> Description: bchunk - CD image format conversion from bin/cue to iso/cdr Closes: 880116 Changes: bchunk (1.2.0-12+deb9u1) stretch-security; urgency=high . * Non-maintainer upload. * Fix CVE-2017-15953, CVE-2017-15954 and CVE-2017-15955. bchunk was vulnerable to a heap-based buffer overflow with an resultant invalid free when processing a malformed CUE (.cue) file that may lead to the execution of arbitrary code or a application crash. (Closes: #880116) Checksums-Sha1: 5a0b53bf7c121efb91f55d36e7b2d1b10075bb3d 1496 bchunk_1.2.0-12+deb9u1.dsc 322cab011f66776fd1fdf3f60a397049ce73a39d 5500 bchunk_1.2.0-12+deb9u1.debian.tar.xz fd3fc0ed55adf46cf0e8c57a70ed308d21f810e2 5258 bchunk_1.2.0-12+deb9u1_amd64.buildinfo 11e26b9b2abb5968e89c81d2ab94916ba234b78e 14022 bchunk_1.2.0-12+deb9u1_amd64.deb Checksums-Sha256: 78b75e48f91022c25eb1e1a7d387a8c8f8d60e206370f9321d24d754844cbe5d 1496 bchunk_1.2.0-12+deb9u1.dsc 94a8ac8f5a69fcec6536760378ae90a075a154b9f996692fc31f5ec0ee71918c 5500 bchunk_1.2.0-12+deb9u1.debian.tar.xz bfa870678c3c27fcc624f9f3512557c9122788fa00d962505887ae3291cab27c 5258 bchunk_1.2.0-12+deb9u1_amd64.buildinfo 2717d40a003557f23bacf1d229c13928f9d98c02ab95a69405d874b07c5d53ea 14022 bchunk_1.2.0-12+deb9u1_amd64.deb Files: fb141ef6678f5a0763c1f40efce302ce 1496 otherosfs optional bchunk_1.2.0-12+deb9u1.dsc 0665a5e9d71e12ae0b616293717466f7 5500 otherosfs optional bchunk_1.2.0-12+deb9u1.debian.tar.xz bad598309a8f20c2302e8bfa8579727c 5258 otherosfs optional bchunk_1.2.0-12+deb9u1_amd64.buildinfo ee002669531f301d0eebe7844a345754 14022 otherosfs optional bchunk_1.2.0-12+deb9u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAloEcuEACgkQEL6Jg/PV nWRN3QgAj19DjG4zinyAj1QUXoPvr8GlyTzSebzSrnsxU30XN6pSpi8pJtTPlIsg /WI2t3UcmSzSnwW7KMnoWDezyLemj16q7m6xbfp1XaD6g1Q3Ds3M25PsMnJinjL7 8DWvv3rcCTCUF+cr9T8Fh5cd+ztm4cOD1O4JHQpYIKrTcL2FpgjJSF5VL9IrtNrC NAxvT3lgKl3N2dkH9bodvr9GYbsGfXiz1AhEE83yNeKiHJtgDtO9gYVspaoDv/ZF c1uENW1f9HNEKyEarhhFqtNJ4AVbDQ0O+gGAeLfmTAFoooPdzO7xJGZXuwn+HHiX nz96v+fYCE1c9tO+Oz3OQBUtE44YUw== =2EFv -----END PGP SIGNATURE-----
--- End Message ---
