Your message dated Thu, 26 Dec 2019 15:34:26 +0000
with message-id <e1ikv9e-0003gy...@fasolo.debian.org>
and subject line Bug#947043: fixed in cyrus-sasl2 2.1.27+dfsg-2
has caused the Debian Bug report #947043,
regarding cyrus-sasl2: CVE-2019-19906: Off-by-one in _sasl_add_string function
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
947043: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947043
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: cyrus-sasl2
Version: 2.1.27+dfsg-1
Severity: grave
Tags: security upstream
Forwarded: https://github.com/cyrusimap/cyrus-sasl/issues/587
Control: found -1 2.1.27~101-g0780600+dfsg-3
Hi,
The following vulnerability was published for cyrus-sasl2.
CVE-2019-19906[0]:
Off by one in _sasl_add_string function
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-19906
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19906
[1] https://github.com/cyrusimap/cyrus-sasl/issues/587
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: cyrus-sasl2
Source-Version: 2.1.27+dfsg-2
We believe that the bug you reported is fixed in the latest version of
cyrus-sasl2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 947...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Roberto C. Sanchez <robe...@debian.org> (supplier of updated cyrus-sasl2
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 26 Dec 2019 09:48:32 -0500
Source: cyrus-sasl2
Architecture: source
Version: 2.1.27+dfsg-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Cyrus Team <team+cy...@tracker.debian.org>
Changed-By: Roberto C. Sanchez <robe...@debian.org>
Closes: 947043
Changes:
cyrus-sasl2 (2.1.27+dfsg-2) unstable; urgency=medium
.
[ Salvatore Bonaccorso ]
* Off-by-one in _sasl_add_string function (CVE-2019-19906) (Closes: #947043)
Checksums-Sha1:
7eded1a6b91f448e68da0731631a56d336cba9f7 3393 cyrus-sasl2_2.1.27+dfsg-2.dsc
7894a977b1e783c67167be32c53626ad35790544 99956
cyrus-sasl2_2.1.27+dfsg-2.debian.tar.xz
59466b10c2ec027f7efeb52a5a8e21456181d736 15254
cyrus-sasl2_2.1.27+dfsg-2_amd64.buildinfo
Checksums-Sha256:
e7e09491a1c2589c9947164db091d0f9b21b7d122f128841b6eac1adfc51b6c2 3393
cyrus-sasl2_2.1.27+dfsg-2.dsc
ee894aeee645e842e39b434d5130e1bd15ea24b84c8eeeea3f5077511a87341a 99956
cyrus-sasl2_2.1.27+dfsg-2.debian.tar.xz
7370bc46893f9fb0f0e0e0bd28a8196d02b3699ec78a7ae8b09f6889ac3dd17a 15254
cyrus-sasl2_2.1.27+dfsg-2_amd64.buildinfo
Files:
330dae7ecb6168f4062d82c31a21e822 3393 libs standard
cyrus-sasl2_2.1.27+dfsg-2.dsc
2bfce9f9e38b8b804b4390057f67833d 99956 libs standard
cyrus-sasl2_2.1.27+dfsg-2.debian.tar.xz
b97c48f54e5ac0f84c955f4ae33f217d 15254 libs standard
cyrus-sasl2_2.1.27+dfsg-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEIYZ1DR4ae5UL01q7ldFmTdL1kUIFAl4EzbkACgkQldFmTdL1
kUJB/A//e4nEpB+rK3oENGSgb44ECqZEpwa9rN3fMPBbObDovfRNm3Q3eCeEahh/
k29Shl/f0bvWkHUdhz1tiaqSUPd6cvUh0idSPjg8dUZmcbb1yUe1nEOm5oHII4MX
63KbjEsLgiMXvZaNddkVxPtOpTqv/PxYNTLYGc31lNLwF9ooI3B1tduC5zs6XOgb
qe2W15oj8v6ej5/inQOY3kZ6jh3MKVuRoBnKI4UnD0+F1+RlMnndiSqO+RSlbfWo
jqpWdC56L/aYbrPjHzV5OF/vptNaPIM11YoHMAo1I5AP1uR5U0kNqhUkjxHil0yk
cGWweZ2SfuCnJIIBSX22KCWlJUQDm3MCum7tBmAwogdf11Umj9mv9MnvyJ7zU3yy
Xn3wsTrm+y5yPiaMZHSDrodiA1/mXB4HSPngnABPx1hgVq3bRT4K2g6gXhD1YAA5
O8K5MHyw/n4XNNHmh4YnSpv0JxaY4OwubRYY6cL2d8GKJa9Pssc1xopYWW3LOAZt
FCCWkcGqDX/juRVxzRtWvfJMITU6AEVs3mhbdxsZV30/XyFPBSTxlpfbbt9KtTjQ
2/EwXYUJh6mlSw2nuGa0/vJupi/EyeZVC1y9zFu2BA5rC/VSZQveXpRw1XvzK5pr
P0xNsFPcm4ERyxJ88kEwGTZtC3Lj5c9XzYOf1ouCxM2ZygYzOKI=
=up/F
-----END PGP SIGNATURE-----
--- End Message ---
