Your message dated Mon, 25 Mar 2024 01:27:41 +0000
with message-id <e1roz7l-00acnp...@fasolo.debian.org>
and subject line Bug#1067115: fixed in gross 1.0.2-4.1
has caused the Debian Bug report #1067115,
regarding gross: CVE-2023-52159
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1067115: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067115
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: gross
Version: 1.0.2-4
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for gross.
CVE-2023-52159[0]:
| A stack-based buffer overflow vulnerability in gross 0.9.3 through
| 1.x before 1.0.4 allows remote attackers to trigger a denial of
| service (grossd daemon crash) or potentially execute arbitrary code
| in grossd via crafted SMTP transaction parameters that cause an
| incorrect strncat for a log entry.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-52159
https://www.cve.org/CVERecord?id=CVE-2023-52159
[1]
https://codeberg.org/bizdelnick/gross/wiki/Known-vulnerabilities#cve-2023-52159
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: gross
Source-Version: 1.0.2-4.1
Done: Adrian Bunk <b...@debian.org>
We believe that the bug you reported is fixed in the latest version of
gross, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1067...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Adrian Bunk <b...@debian.org> (supplier of updated gross package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 23 Mar 2024 23:23:34 +0200
Source: gross
Architecture: source
Version: 1.0.2-4.1
Distribution: unstable
Urgency: high
Maintainer: Antonio Radici <anto...@debian.org>
Changed-By: Adrian Bunk <b...@debian.org>
Closes: 1067115
Changes:
gross (1.0.2-4.1) unstable; urgency=high
.
* Non-maintainer upload.
* CVE-2023-52159: Stack-based buffer overflow (Closes: #1067115)
Checksums-Sha1:
29c60c2c7df7f799c095ed39d9396697946d450e 1837 gross_1.0.2-4.1.dsc
4f41f1324bf79575a04b7d4c0628dc093d88373d 6988 gross_1.0.2-4.1.debian.tar.xz
Checksums-Sha256:
21539be0b6a4d6caf71599789ac51f457fb55ecd20b9505f1bb53522850f762e 1837
gross_1.0.2-4.1.dsc
debd41349767afc70ad4467ef88f1f883b3274107a178aae26f693307325e36d 6988
gross_1.0.2-4.1.debian.tar.xz
Files:
b9377c84fa10687c5f512b26b9b73e8c 1837 mail extra gross_1.0.2-4.1.dsc
63477089d532cc0c9892e073aa8755b5 6988 mail extra gross_1.0.2-4.1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmX/TR8ACgkQiNJCh6LY
mLFbihAAwBP48VQCh3bt+kSBra0Y53eK4ycJfPcv9sTQCj0jaENZ/7tR7ZuUQ6FF
OJfHMLTtnvOYFEMkeVa0HHPm+D23uapu9J8t9DHpcKR20LmmTPx8GX79Uuzwo/rn
laVye8qakNh8R7QQP2ZFh28+2eJTljiE7YBPKO+6ADZAFiryPyMITuS/7MOYToLs
mheBl3A+cT3HqEh67nMF1AWOIWIDXZflEQdH3cRGgByKBROor9JOVa2blURn12KV
LwapLeEYi5m963nUDAhb431BGxUHtU7Bb3sTJEMA1l6OLLEcaIS0rvsPKRes8IfO
Mup2Kh3/ckgiw/D0Mu+eHh47Vn50+9DRD+EOUvixdDogHGbGWV/7wuLJ8fUk7Cu5
HnNDG5fnCQFpmNg3gp7e0okHuXDgaJfvhD1BDt65y4DGyuzWb0mdR4NhISHCYIF0
4MuiKoTERfmRd5NbS6XmOq0wOs7GboI04RBwP44jiOnaPjjBcDNgdsrRNVAxfN4f
i+BPnVdJ2N+yx3xSV67XSxkB4vuimJhgGD9jlYmdrS7d82lnxW3BBlxkB35NCVn4
Gad37Bba+0k5+MGxJ7ZvoZlTAoGLOfepwVnG0oSrrJoZ2WebiRPfP3kWKqyG2pX9
zu13NFKDpfwQTt9UiTEtKWG+Zgf4+/wLc9axtYMDZgmdPLBVfeU=
=yaXr
-----END PGP SIGNATURE-----
pgp_bjpEqmrr3.pgp
Description: PGP signature
--- End Message ---
