Your message dated Fri, 22 Apr 2022 06:02:29 +0000 with message-id <e1nhmnb-0002vl...@fasolo.debian.org> and subject line Bug#1009168: fixed in gzip 1.9-3+deb10u1 has caused the Debian Bug report #1009168, regarding gzip: CVE-2022-1271: zgrep: arbitrary-file-write vulnerability to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1009168: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009168 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: xz-utils Version: 5.2.5-2 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: clone -1 -2 Control: retitle -2 gzip: CVE-2022-1271: zgrep: arbitrary-file-write vulnerability Control: reassign -2 src:gzip 1.10-4 Control: found -2 1.9-3 Hi, The following vulnerability was published for xz-utils and gzip, both have to date assigned the same CVE, and cloning this bug as well for one for gzip. CVE-2022-1271[0]: | zgrep, xzgrep: arbitrary-file-write vulnerability If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-1271 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271 [1] https://www.openwall.com/lists/oss-security/2022/04/07/8 [2] https://git.tukaani.org/?p=xz.git;a=commit;h=69d1b3fc29677af8ade8dc15dba83f0589cb63d6 [3] https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: gzip Source-Version: 1.9-3+deb10u1 Done: Milan Kupcevic <mi...@debian.org> We believe that the bug you reported is fixed in the latest version of gzip, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1009...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Milan Kupcevic <mi...@debian.org> (supplier of updated gzip package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 15 Apr 2022 14:16:55 -0400 Source: gzip Architecture: source Version: 1.9-3+deb10u1 Distribution: buster-security Urgency: high Maintainer: Bdale Garbee <bd...@gag.com> Changed-By: Milan Kupcevic <mi...@debian.org> Closes: 1009168 Changes: gzip (1.9-3+deb10u1) buster-security; urgency=high . * zgrep: fix arbitrary-file-write vulnerability addressing CVE-2022-1271 (closes: #1009168) * debian/rules: set execute mode bit on test scripts Checksums-Sha1: feb7374a5e034f3782e992c6001c8fdc45e4a01c 1842 gzip_1.9-3+deb10u1.dsc 7d32532059ff1fcec87cc44b86f9456719e0485f 1181937 gzip_1.9.orig.tar.gz 74b8550625dce878120f065390b58c0e2c0811ee 17984 gzip_1.9-3+deb10u1.debian.tar.xz a451a46e6ec7be97cfc3d27e31d2d3fa6dc1992e 6661 gzip_1.9-3+deb10u1_amd64.buildinfo Checksums-Sha256: 9d59e20581097941df44eff5cafb2ed8f3fd416278fbd08723048f6020ccc052 1842 gzip_1.9-3+deb10u1.dsc 5d2d3a3432ef32f24cdb060d278834507b481a75adeca18850c73592f778f6ad 1181937 gzip_1.9.orig.tar.gz 47e692e16f5e1d950fc7a259dc1418c7988dd33f659109e59af90a3384ec01ae 17984 gzip_1.9-3+deb10u1.debian.tar.xz 9b88ad72e38a6ffda804030b53902b9e840b04b11ba7d75764be061b70122839 6661 gzip_1.9-3+deb10u1_amd64.buildinfo Files: 789b70393726b2e2b4203a61da61d82b 1842 utils required gzip_1.9-3+deb10u1.dsc 929d6a6b832f75b28e3eeeafb30c1d9b 1181937 utils required gzip_1.9.orig.tar.gz 4671c1899db302a584e2f1f72bdf0856 17984 utils required gzip_1.9-3+deb10u1.debian.tar.xz 8691b98f7b3066854d7da26c89228621 6661 utils required gzip_1.9-3+deb10u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQHFBAEBCgAvFiEEVkf/m69krCYf+z+G6e1ngbRVCQ4FAmJa6d4RHG1pbGFuQGRl Ymlhbi5vcmcACgkQ6e1ngbRVCQ4eSwwAkwPLIBj6EXQ7cK3uOWj8h4d0BmAj85u5 /lB3ti+iUUeBxrieDw6eU2moVWbob9uXVrzerJmD2H8P8G1a5UsGHO7yGh64zVt7 BaseqH2bhiLOnsKvQ+3Z+W+u3Q16T+bnSjQT6mRMzni8JEK0PaQYHdnMJ0LzVH5V j3/p2U30L+IcEwibz9lOr0qdetIdvOncZU+nLArU0dufl5PzLDst+WI88Q1C9c5H h96/gEXvvw1ypDzytzqgR/pmXuTT4Bb6ItO3B9wn+c2MLlYhGPo/gKA5kAc5ytHa ERgwAb64nDxveI2eXwShQWoE3BchM35v3QjN2y1sW9BZNTe8MXuaepoGrzenH9ul nlVTZ93DwxJ38UguUnjjFxsyjO8OpHJA8Kdi0X3Xp4+pfvaLvr9jEnm14Gb2hLbM LTSfq/1SEQc+cEGSJeWYnVPvziIPBSAtbycvayqwZFFUS63wiEpJehX73v/V/2d8 94spqtY/mQKOTXFWS2rHLWkAV456LXQc =VDTe -----END PGP SIGNATURE-----
--- End Message ---
