Your message dated Fri, 26 Jan 2024 08:34:48 +0000
with message-id <e1rthfk-007uej...@fasolo.debian.org>
and subject line Bug#1059256: fixed in falcosecurity-libs 0.14.1-1
has caused the Debian Bug report #1059256,
regarding falcosecurity-libs: CVE-2023-49287
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1059256: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059256
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: falcosecurity-libs
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerability was published for falcosecurity-libs.

CVE-2023-49287[0]:
| TinyDir is a lightweight C directory and file reader. Buffer
| overflows in the `tinydir_file_open()` function. This vulnerability
| has been patched in version 1.2.6.

https://github.com/cxong/tinydir/security/advisories/GHSA-jf5r-wgf4-qhxf
https://github.com/cxong/tinydir/commit/8124807260735a837226fa151493536591f6715d
https://github.com/hnsecurity/vulns/blob/main/HNS-2023-04-tinydir.txt

falcosecurity-libs embeds a copy of tinydir, if it's not used to
open files from potentially untrusted paths, feel free to downgrade.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-49287
    https://www.cve.org/CVERecord?id=CVE-2023-49287

Please adjust the affected versions in the BTS as needed.

--- End Message ---
--- Begin Message ---
Source: falcosecurity-libs
Source-Version: 0.14.1-1
Done: Dima Kogan <dko...@debian.org>

We believe that the bug you reported is fixed in the latest version of
falcosecurity-libs, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1059...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dima Kogan <dko...@debian.org> (supplier of updated falcosecurity-libs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 24 Jan 2024 22:25:38 -0800
Source: falcosecurity-libs
Binary: falcosecurity-scap-dkms libfalcosecurity0 libfalcosecurity0-dbgsym 
libfalcosecurity0-dev
Architecture: source all amd64
Version: 0.14.1-1
Distribution: unstable
Urgency: medium
Maintainer: Dima Kogan <dko...@debian.org>
Changed-By: Dima Kogan <dko...@debian.org>
Description:
 falcosecurity-scap-dkms - Kernel driver for Falco and Sysdig
 libfalcosecurity0 - Core libraries for Falco and Sysdig
 libfalcosecurity0-dev - Core libraries for Falco and Sysdig
Closes: 1056157 1057449 1059256
Changes:
 falcosecurity-libs (0.14.1-1) unstable; urgency=medium
 .
   * New upstream release (Closes: #1059256, #1057449, #1056157)
Checksums-Sha1:
 f3dbffc3ae82bc152b11cd0ab22bb2c1d5273ed6 2571 falcosecurity-libs_0.14.1-1.dsc
 83631d98843044cfc00a59b1914c47f7dbef672c 3866049 
falcosecurity-libs_0.14.1.orig.tar.gz
 b55d4c4c02b352ee075e84554c68109dc0c4d2eb 9292 
falcosecurity-libs_0.14.1-1.debian.tar.xz
 3a577a15b7480e8dab36831f2ba0f1f0968ed882 14859 
falcosecurity-libs_0.14.1-1_amd64.buildinfo
 a5b143fed07e0aebcd03c6f0e885aca8f106a4c7 135384 
falcosecurity-scap-dkms_0.14.1-1_all.deb
 b14a187d154ea0f86b3ddfd8bda2411226d65260 24216508 
libfalcosecurity0-dbgsym_0.14.1-1_amd64.deb
 1f1108c399b9fe5761c47bb693326a1c46ea2277 216084 
libfalcosecurity0-dev_0.14.1-1_amd64.deb
 10f5660ae173d372b3fceed43ee859578c10bf46 1545572 
libfalcosecurity0_0.14.1-1_amd64.deb
Checksums-Sha256:
 d91a50aa01278564c6b5aa5147660b05ee024d3a3413b8f928bd9e22f98c38e3 2571 
falcosecurity-libs_0.14.1-1.dsc
 defdea24bf3b176c63f10900d3716fe4373151965cc09d3fe67a31a3a9af0b13 3866049 
falcosecurity-libs_0.14.1.orig.tar.gz
 29329965a712448b4ef8301777f85e31cb1358ff570e12eb3d565345c0c17064 9292 
falcosecurity-libs_0.14.1-1.debian.tar.xz
 b8feb322582f806c2f086f8a2e563ccd0b4bfeaa0c41808d9f93ee82550387df 14859 
falcosecurity-libs_0.14.1-1_amd64.buildinfo
 fcfecd4f5a26f6dd76b079e8c9431f770e8a03e92ef519fc346b9b764849e435 135384 
falcosecurity-scap-dkms_0.14.1-1_all.deb
 9b15fbd7960a4d9520826c791834e5902323cdaf076b700a1af5436723fd8db1 24216508 
libfalcosecurity0-dbgsym_0.14.1-1_amd64.deb
 a7f3911f2af80e7ea9c839ca28bb15ae39e4c4f2d9ad34a010bc95a111bc66b4 216084 
libfalcosecurity0-dev_0.14.1-1_amd64.deb
 be651ee196363196293b0f6d6e5ef9c9d04c27c956273fdd18734c32e6624d7f 1545572 
libfalcosecurity0_0.14.1-1_amd64.deb
Files:
 c19e6d4bdf46d9ed64ee0c15908f3936 2571 libdevel optional 
falcosecurity-libs_0.14.1-1.dsc
 af8984dced50d09cd8fca4ae6a977dd8 3866049 libdevel optional 
falcosecurity-libs_0.14.1.orig.tar.gz
 26ce2e085502862b85a7ed495690db59 9292 libdevel optional 
falcosecurity-libs_0.14.1-1.debian.tar.xz
 0f1daffadae730c720489fce66bac434 14859 libdevel optional 
falcosecurity-libs_0.14.1-1_amd64.buildinfo
 e62ff91a5401d47063a152c3a09f8ebc 135384 kernel optional 
falcosecurity-scap-dkms_0.14.1-1_all.deb
 53209fc49fcc07f30f91bebdd44c0e5c 24216508 debug optional 
libfalcosecurity0-dbgsym_0.14.1-1_amd64.deb
 46fff72de4487fea40c6c873b730a5ef 216084 libdevel optional 
libfalcosecurity0-dev_0.14.1-1_amd64.deb
 f5a8c50484ba591b6d270531ce509b20 1545572 libs optional 
libfalcosecurity0_0.14.1-1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEteL6GQ/fmv4hiInPrMfCzzCUEYgFAmWzaDUACgkQrMfCzzCU
EYjxWBAAiDNN9+AgAMeNfH3zTmtKTBr877LOhuBKzPV9HWSZ3gRgzmxpdoF1QZdR
Ynw3fKyzB2AsLrfCtRK6rnELRflOb8Hkwj0ucWbHIBV1OMdcI8reOONHoV0dfH6E
YQQrtuKQegXLYNEcpQ7/OkqsDOUCufXTmxaJb7Sh30FzwktfyN3//RpKy5pDFY89
YsQMegRIIo2yLf4UpfMGOTQL3bCL92tobbtwS3EIJmuPquWqh44BVDLl2ZEcFurU
xk6OkZIG1Y451hRXPcHAxw7QvM5U1uC0fS7tQN/kigleQcP4iFn5kIthgI9+xi4j
wBvA+kZMuD/C1dkqDCwulqLE907gtMnrYUqDT96tdc1TubAaFQaCG6sg6RkcZY+3
M2P86yKCS5N72mgFmToIcXMRtnL27mcOkXD5Nfc0B8OB9NevdbxyehzrJRQ755BC
us+e+p/1fFODIhXc77oeZ+TM1x3SGO+IXIa+hdApuVoxSFG65LpXG4adFYgaoBqJ
/Q1DcDWB1j5JngY8Xx1byxhXTbSMy+xJPKMEjkl1X2pCNBmbVxIFZ3lvnydAlj2n
5YvxdUN+Wf/0U0TbZPjVEA7GxjxbyurQP3gSwWNWkNrglZgwDiQCnyqthiVG+bth
YPHGedyReMa5LS3nx+LO3Q0EJcW+JiH9s/yzZcmcG0mkwCAGFo8=
=DyBf
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to