Your message dated Thu, 18 Mar 2021 19:48:35 +0000 with message-id <e1lmydh-0000zx...@fasolo.debian.org> and subject line Bug#983610: fixed in zint 2.9.1-1.1 has caused the Debian Bug report #983610, regarding zint: CVE-2021-27799 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 983610: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983610 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: zint Version: 2.9.1-1 Severity: serious Tags: security upstream Forwarded: https://sourceforge.net/p/zint/tickets/218/ X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for zint. CVE-2021-27799[0]: | ean_leading_zeroes in backend/upcean.c in Zint Barcode Generator | 2.19.1 has a stack-based buffer overflow that is reachable from the C | API through an application that includes the Zint Barcode Generator | library code. Reasoning for making it RC: it is in the library part and ideally this should go into the bullseye release fixed. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-27799 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27799 [1] https://sourceforge.net/p/zint/tickets/218/ [2] https://sourceforge.net/p/zint/code/ci/7f8c8114f31c09a986597e0ba63a49f96150368a/ Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: zint Source-Version: 2.9.1-1.1 Done: Gunnar Wolf <gw...@debian.org> We believe that the bug you reported is fixed in the latest version of zint, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 983...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Gunnar Wolf <gw...@debian.org> (supplier of updated zint package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 11 Mar 2021 12:37:31 -0600 Source: zint Architecture: source Version: 2.9.1-1.1 Distribution: unstable Urgency: medium Maintainer: Dmitry Smirnov <only...@debian.org> Changed-By: Gunnar Wolf <gw...@debian.org> Closes: 983610 Changes: zint (2.9.1-1.1) unstable; urgency=medium . * Non-maintainer upload. * Fix stack-based buffer overflow in ean_leading_zeroes (see CVE-2021- 27799) (Closes: #983610) Checksums-Sha1: 22b4b76e5a9a2b5bfac23d566c34d25afe10f48d 1438 zint_2.9.1-1.1.dsc ea8ff53dbfcf40b80afdb24b2088703fc281a2f2 9976 zint_2.9.1-1.1.debian.tar.xz 696b0394a33f5519a5d88a289871e415d567819a 11097 zint_2.9.1-1.1_source.buildinfo Checksums-Sha256: c2bb109e8e9599bd9762469610a6b3d410a3a83cc2c6c430b6cd4bfcd0263932 1438 zint_2.9.1-1.1.dsc 6579974582df9084231bd14ec127f94bd85bee649bc86c2fdc583ec29735975c 9976 zint_2.9.1-1.1.debian.tar.xz 07dc6fdbbd4bdb130f08d6252f3c0efeb4bd3c092b0a779dec732a04bc215a2c 11097 zint_2.9.1-1.1_source.buildinfo Files: 37518ff1fb6ae0517fb1b8d6129a15df 1438 graphics optional zint_2.9.1-1.1.dsc ac583a524b9eca436e963a33fcdeeda9 9976 graphics optional zint_2.9.1-1.1.debian.tar.xz 486a4338a27640de371e0caf6dcea86d 11097 graphics optional zint_2.9.1-1.1_source.buildinfo -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQRgswk9lhCOXLlxQu/i9jtDU/RZiQUCYEpongAKCRDi9jtDU/RZ ift7AP4/qP6qNdYLgJqdjnVjEgusXYIv1vQaDVopSgnjKw8UBwEA76zms8hDVZkO Xx06wLFi2Tb0iXzds7qySGDmzZje5w0= =1kOt -----END PGP SIGNATURE-----
--- End Message ---
