Your message dated Sat, 12 Jan 2019 23:16:47 +0000 with message-id <e1giswf-0005oj...@fasolo.debian.org> and subject line Bug#918848: fixed in systemd 240-4 has caused the Debian Bug report #918848, regarding systemd: CVE-2018-16865 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 918848: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918848 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: systemd Version: 43-1 Severity: grave Tags: security upstream Justification: user security hole Control: found -1 232-25+deb9u6 Control: found -1 240-2 Hi, The following vulnerability was published for systemd, opening tracking bug. CVE-2018-16865[0]: memory corruption If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-16865 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16865 [1] https://www.openwall.com/lists/oss-security/2019/01/09/3 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: systemd Source-Version: 240-4 We believe that the bug you reported is fixed in the latest version of systemd, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 918...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Biebl <bi...@debian.org> (supplier of updated systemd package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 12 Jan 2019 21:49:44 +0100 Source: systemd Binary: systemd systemd-sysv systemd-container systemd-journal-remote systemd-coredump systemd-tests libpam-systemd libnss-myhostname libnss-mymachines libnss-resolve libnss-systemd libsystemd0 libsystemd-dev udev libudev1 libudev-dev udev-udeb libudev1-udeb Architecture: source Version: 240-4 Distribution: unstable Urgency: medium Maintainer: Debian systemd Maintainers <pkg-systemd-maintain...@lists.alioth.debian.org> Changed-By: Michael Biebl <bi...@debian.org> Description: libnss-myhostname - nss module providing fallback resolution for the current hostname libnss-mymachines - nss module to resolve hostnames for local container instances libnss-resolve - nss module to resolve names via systemd-resolved libnss-systemd - nss module providing dynamic user and group name resolution libpam-systemd - system and service manager - PAM module libsystemd-dev - systemd utility library - development files libsystemd0 - systemd utility library libudev-dev - libudev development files libudev1 - libudev shared library libudev1-udeb - libudev shared library (udeb) systemd - system and service manager systemd-container - systemd container/nspawn tools systemd-coredump - tools for storing and retrieving coredumps systemd-journal-remote - tools for sending and receiving remote journal logs systemd-sysv - system and service manager - SysV links systemd-tests - tests for systemd udev - /dev/ and hotplug management daemon udev-udeb - /dev/ and hotplug management daemon (udeb) Closes: 909396 917607 918841 918848 918927 Changes: systemd (240-4) unstable; urgency=medium . [ Benjamin Drung ] * Fix shellcheck issues in initramfs-tools scripts . [ Michael Biebl ] * Import patches from v240-stable branch (up to f02b5472c6) - Fixes a problem in logind closing the controlling terminal when using startx. (Closes: #918927) - Fixes various journald vulnerabilities via attacker controlled alloca. (CVE-2018-16864, CVE-2018-16865, Closes: #918841, Closes: #918848) * sd-device-monitor: Fix ordering of setting buffer size. Fixes an issue with uevents not being processed properly during coldplug stage and some kernel modules not being loaded via "udevadm trigger". (Closes: #917607) * meson: Stop setting -fPIE globally. Setting -fPIE globally can lead to miscompilations on certain architectures. Instead use the b_pie=true build option, which was introduced in meson 0.49. Bump the Build-Depends accordingly. (Closes: #909396) Checksums-Sha1: 71e37bb2f12272a16b7b50f45f77d47518e8c5a0 4898 systemd_240-4.dsc e8160f259001a6563c5a7523aa22e58a90883f9c 164740 systemd_240-4.debian.tar.xz b70e6881b2d011a8afe72697b004e1333084660f 9092 systemd_240-4_source.buildinfo Checksums-Sha256: 0f6d3af3272098320cde66d8cef56b8dba42674e3279d5f01a6e41d2a7b8d945 4898 systemd_240-4.dsc 89de641b06c125bdf4c75249673fa4c6d38b1289cd781e97e897e5af12c9cb87 164740 systemd_240-4.debian.tar.xz 6f8b4fca0da2c314663c72eadf02537f96725a770728e19d2b991de7853ef3ac 9092 systemd_240-4_source.buildinfo Files: d1b15187721bd4aa3972477c23f8832e 4898 admin optional systemd_240-4.dsc 8921999d026f783853e9b385e4c3504a 164740 admin optional systemd_240-4.debian.tar.xz 4d48b2431f3af586c55fff6447e43913 9092 admin optional systemd_240-4_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEECbOsLssWnJBDRcxUauHfDWCPItwFAlw6bjoACgkQauHfDWCP Itww6Q/+LLeP3LH1IKYoNJcmsAXpPMj4VTG5AtSoGcw972v7tB8U1DXpzp/68BwW DO+lrPCwStUWNCWsbsu1jrgD3Rm+siGPeJ0JTQ/Qu+fr+jUhgIWYDXxDJ2v6iHGy LlC1u29mRoKGddICgzls/7OMhCg2z/OcC0Hnxfa2kGV/cuxWQ3uBCjgoFlbSgJdI dKTdS+kL0n1TCh55gIw/HUdCLWq12w4vJM6lOdoM6nrGw8NNQ89ehQHgDrP+0+Sw JjLxapTou1Ijvj/yK2PF88z/HyXvzVf57X8HPrzgmhog4Wks3zVVak7DB4m/+oRe 3UTezDPJE/K4w2s1ZpUJgPPxM7vXhHtmznf0t376jrYwdVwu70rEPrWg/MiEcgIu /0+QiMNRc/wwcdNBWKRXp0+iPCt5Dbk7kfTdEo6Ba9MrXYiw0aHIH2gThXmXoYMq r0LKYOEp0U7edcjDkCEb63HrTzjTmFHg1NWKm6F7tA4eha/V3U9RfFnuC6X8Vpcw 65ITGEhTYfPSTd+UsaKv0b8CHs+c3QXAASbeDvMLQ7n89UUtTxNeIsgwsNpU0pC1 AjT1jxOw3Qno5dmGcxeQw9FBjRNPofjQ1osU5zzu9edf/JQSqCAR5FGSOtrrZ9ia VUSws6F14EEQEKPAvKE/3s7GgaHyi4mtzo0TScyioSCCp4DMx04= =SQ3h -----END PGP SIGNATURE-----
--- End Message ---
