Your message dated Fri, 22 Apr 2022 06:17:07 +0000 with message-id <e1nhmbl-0004wq...@fasolo.debian.org> and subject line Bug#1009168: fixed in gzip 1.10-4+deb11u1 has caused the Debian Bug report #1009168, regarding gzip: CVE-2022-1271: zgrep: arbitrary-file-write vulnerability to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1009168: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009168 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: xz-utils Version: 5.2.5-2 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: clone -1 -2 Control: retitle -2 gzip: CVE-2022-1271: zgrep: arbitrary-file-write vulnerability Control: reassign -2 src:gzip 1.10-4 Control: found -2 1.9-3 Hi, The following vulnerability was published for xz-utils and gzip, both have to date assigned the same CVE, and cloning this bug as well for one for gzip. CVE-2022-1271[0]: | zgrep, xzgrep: arbitrary-file-write vulnerability If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-1271 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271 [1] https://www.openwall.com/lists/oss-security/2022/04/07/8 [2] https://git.tukaani.org/?p=xz.git;a=commit;h=69d1b3fc29677af8ade8dc15dba83f0589cb63d6 [3] https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: gzip Source-Version: 1.10-4+deb11u1 Done: Milan Kupcevic <mi...@debian.org> We believe that the bug you reported is fixed in the latest version of gzip, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1009...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Milan Kupcevic <mi...@debian.org> (supplier of updated gzip package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 10 Apr 2022 01:50:32 -0400 Source: gzip Architecture: source Version: 1.10-4+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: Milan Kupcevic <mi...@debian.org> Changed-By: Milan Kupcevic <mi...@debian.org> Closes: 1009168 Changes: gzip (1.10-4+deb11u1) bullseye-security; urgency=high . * zgrep: fix arbitrary-file-write vulnerability addressing CVE-2022-1271 (closes: #1009168) Checksums-Sha1: 594413de8fe673dd1b7d6f819455e5e5b973a902 1812 gzip_1.10-4+deb11u1.dsc 88ef05b5415b7124fdad9976cac8dd29cd915f69 1201421 gzip_1.10.orig.tar.gz 203d8a49717624ef22e35417cf590fd4cfcf5d5d 22952 gzip_1.10-4+deb11u1.debian.tar.xz 071a3f7bb8867017365bbda6aa20bc2b1d659d06 7569 gzip_1.10-4+deb11u1_amd64.buildinfo Checksums-Sha256: 0bcc813d124297ae741573b30db5faefec038aff92616d6ba014f859703f5acf 1812 gzip_1.10-4+deb11u1.dsc c91f74430bf7bc20402e1f657d0b252cb80aa66ba333a25704512af346633c68 1201421 gzip_1.10.orig.tar.gz 183338e989ad327fca8c3281e8452c571bafed0c3cca0b6cea269a34b8dc19d2 22952 gzip_1.10-4+deb11u1.debian.tar.xz d6eabc3167290e67f01f561a09146596a0896578fe86863f91f6cb9d1703e3ea 7569 gzip_1.10-4+deb11u1_amd64.buildinfo Files: 72ba9d8d8a976ecc709c4a2b0c6ed875 1812 utils required gzip_1.10-4+deb11u1.dsc cf9ee51aff167ff69844d5d7d71c8b20 1201421 utils required gzip_1.10.orig.tar.gz 7af1a1f7352fbfd60a24a98798eaab18 22952 utils required gzip_1.10-4+deb11u1.debian.tar.xz 2ee36dac9d3688847c823047eced8414 7569 utils required gzip_1.10-4+deb11u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQHFBAEBCgAvFiEEVkf/m69krCYf+z+G6e1ngbRVCQ4FAmJUJmgRHG1pbGFuQGRl Ymlhbi5vcmcACgkQ6e1ngbRVCQ4lPAv+Pt76RpCVJJI6pYfaLeRButt3HXjgOm96 t4KttNiRkH5knRAP9cyS4RhPLe4sxTlEVd1zGHvL4zPr3xJLnyfEzB2mgmKngpci ILCf7uPv8p2iBB5CjfFfb2FRb0RJVwbxzCe9bqRHrK0BuIlKvfrIqXHuPSHTBRT8 DS34UVCQlQkj9u9IWTHsjuoYbF5MrfJ25R7Cj98snhYQhm9JQZYnbEM1WZ5ugAEM A5bS9xWhonQaDrhFFppneFBzZyWn/0FeXC2v7mw/TdF4bx/7m3AKP32FrO6fa4Wc QUQ51YX2LMccxUQoWQP/yaGBJzavRcJGOQiFskvap2H8Xfi6IlttdBYeg160r6nV 2gCcnT48CaR7xNAedESlx9ra7oGzk4iXalil51139iAi7PebnNp+fVaV95xpbApu 8FSVFXc9RWzty/obdZb0cyqz4zysFYld3wAAPa5E1jQwa03rRwoaZ6CQ+hUarpbN atY1KsmUb0NDxApZZhrIKE6tAZx62H8N =VdZY -----END PGP SIGNATURE-----
--- End Message ---
