Your message dated Sat, 26 Mar 2022 00:04:03 +0000
with message-id <e1nxtuv-000duc...@fasolo.debian.org>
and subject line Bug#1008265: fixed in zlib 1:1.2.11.dfsg-4
has caused the Debian Bug report #1008265,
regarding CVE-2018-25032: zlib memory corruption on deflate
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1008265: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008265
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: zlib
Version: 1:1.2.11.dfsg-2
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
This was assigned CVE-2018-25032:
https://www.openwall.com/lists/oss-security/2022/03/24/1
https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: zlib
Source-Version: 1:1.2.11.dfsg-4
Done: Mark Brown <broo...@debian.org>
We believe that the bug you reported is fixed in the latest version of
zlib, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1008...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mark Brown <broo...@debian.org> (supplier of updated zlib package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 25 Mar 2022 23:32:05 +0000
Source: zlib
Architecture: source
Version: 1:1.2.11.dfsg-4
Distribution: unstable
Urgency: medium
Maintainer: Mark Brown <broo...@debian.org>
Changed-By: Mark Brown <broo...@debian.org>
Closes: 1008265
Changes:
zlib (1:1.2.11.dfsg-4) unstable; urgency=medium
.
* Pick upstream patch for CVE-2018-25032 (closes: #1008265).
Checksums-Sha1:
d6fb58df5fcb6c8365b82240736ae26e3b7a74d8 2397 zlib_1.2.11.dfsg-4.dsc
7997cc9e7fffb7f29f50dd7ec7455a383ba192da 23316 zlib_1.2.11.dfsg-4.debian.tar.xz
Checksums-Sha256:
3ce1b7907cf1b35ffa95b06104d951314c48aa3463b78eddc0025ae59e9537cd 2397
zlib_1.2.11.dfsg-4.dsc
b2e66b33c5aeeafa1cd00b2e06e671faf1345fc1ac13e5e2dcb12360df2fd677 23316
zlib_1.2.11.dfsg-4.debian.tar.xz
Files:
9fa2b1dd1e8c011079a493f087c30abf 2397 libs optional zlib_1.2.11.dfsg-4.dsc
6f2c395b7aa8156dc8321f6e03082793 23316 libs optional
zlib_1.2.11.dfsg-4.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQFHBAEBCgAxFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAmI+U5gTHGJyb29uaWVA
ZGViaWFuLm9yZwAKCRAk1otyXVSH0Hx8B/0W9FUwM/qu8+QndlJ3SOvt5J7gZGzL
KC5DhsJOosdPXpqT/1ZMEAWw/QfYvfmGxHgrkGwx8sITG63fffz+Gr2XmiZl6JrW
aQJKsSrJnpgY5FhrK8MFnjDmS0nc3y44ZgVPNinYLpVgPvDKGH2y3PQRmzaGxr0W
P6u5a79HgfJ0028FALPxt/IHXWLTa2gGUQIAqrCcooDoUbqPCgUmjl9/6w41eE28
K5mvthkAutqRQWEJLKwnVyN0PG1WVjB+rmsIqg/pVIkBEsdcANVm+gr+7KivhZfa
WwraQOf6Dab1M4CclY17HGH6tmtf2JQUd5Fn7/yAoontJnppVWjkPDAE
=665W
-----END PGP SIGNATURE-----
--- End Message ---
