Your message dated Sat, 18 Nov 2017 22:17:26 +0000 with message-id <e1egbqu-0005ht...@fasolo.debian.org> and subject line Bug#880116: fixed in bchunk 1.2.0-12+deb8u1 has caused the Debian Bug report #880116, regarding CVE-2017-15953 / CVE-2017-15954 / CVE-2017-15955 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 880116: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880116 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: bchunk Severity: grave Tags: security Please see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15955 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15954 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15953 Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: bchunk Source-Version: 1.2.0-12+deb8u1 We believe that the bug you reported is fixed in the latest version of bchunk, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 880...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Markus Koschany <a...@debian.org> (supplier of updated bchunk package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 08 Nov 2017 19:41:33 +0100 Source: bchunk Binary: bchunk Architecture: source amd64 Version: 1.2.0-12+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Praveen Arimbrathodiyil <prav...@gmail.com> Changed-By: Markus Koschany <a...@debian.org> Description: bchunk - CD image format conversion from bin/cue to iso/cdr Closes: 880116 Changes: bchunk (1.2.0-12+deb8u1) jessie-security; urgency=high . * Non-maintainer upload. * Fix CVE-2017-15953, CVE-2017-15954 and CVE-2017-15955. bchunk was vulnerable to a heap-based buffer overflow with an resultant invalid free when processing a malformed CUE (.cue) file that may lead to the execution of arbitrary code or a application crash. (Closes: #880116) Checksums-Sha1: 81aebe5683cd802defc06114a2078eadd3315718 1992 bchunk_1.2.0-12+deb8u1.dsc 54309a79f5e90d845d836cad901ca5f0a8cd5184 5440 bchunk_1.2.0-12+deb8u1.debian.tar.xz 17bb2d6fc9b36ec88862ac903ad47d4c80aab8a4 13864 bchunk_1.2.0-12+deb8u1_amd64.deb Checksums-Sha256: 12114df1896dcb4b983641700cf7c6a8cbc9912bbae982970a2a5bbcf5b9650c 1992 bchunk_1.2.0-12+deb8u1.dsc 4675cb7b566b514e0fb2b7b5a1cf7b77df7443f22f7dd3eccd178fcffbf8161e 5440 bchunk_1.2.0-12+deb8u1.debian.tar.xz 420d6352929d09aaa632a1168e60c39f93593d36cc4023ca52198f919d3ec463 13864 bchunk_1.2.0-12+deb8u1_amd64.deb Files: 6e3c98ec0c298aaa6a78de8af0ccd9f7 1992 otherosfs optional bchunk_1.2.0-12+deb8u1.dsc 46e56c811a30bbdbf839d9a2c80c07e2 5440 otherosfs optional bchunk_1.2.0-12+deb8u1.debian.tar.xz 1043ffd19658501b4ec84ab583d1a400 13864 otherosfs optional bchunk_1.2.0-12+deb8u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAloEVgxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkebgP/1oddsoozMfNnHme2Lk1TF09gX6TaEQA00fx 98FuPGuv17Wd/qO/WXPiflTrz/HiiEwHwfl5HHfMZBxKjTp409rIgnR+NIvkvD/K KFteObQQ+bwGB/Zth6KoRISHe9nhPyPp5L+YK4uc5s0qjWjZNzjWOtwUtBklNZvb dfvR+7RC8ITNjA4PJ9WFl4+fmJuuwgaYRltjxURLOhMI3AJBCMj20lU9h2+9c9YD VuRj8hXIybSo1K6mgJHnbxvoCgEqqaZrk86JgAw7oWyd9dTUxyeARpttm9Zlzi3q ePBWZcLc055n/cuSrJ5Pyg+8eFLaQxTr4MBPrie5T+4tp9StHR57BzGrM1BktqeE 6Ul8wtvMHxlLx7dFu8tD0fNth88X0xIdHEhPjlagCpC0aAUBt1Z9laXu+aTPqCaj vQrTpKJP99o3qrzgKY6zutie9+ItMcbthVh3UYAyL8k/VcICrJVk+q7/7TdwujAG jHJvBkO9CJS2q9aIMfY9Xhd+vUT8w3Z1zM0ZoiGLXYUP3Ur6DweExxOKYWez6rG3 btfVU6udQVAh53Q8yR19mYvlzu33VrIgzGlaqoxeii22aR6oPajMiyACsOugzrf0 xQ1k2kKKvdyvFWjeknNC7kd46ejEcZmVim8CFIvLqaETlmAUTj58rmX/q098Hp0h 6zBLBprH =blqQ -----END PGP SIGNATURE-----
--- End Message ---
