Your message dated Mon, 01 Apr 2024 11:47:08 +0000 with message-id <e1rrg84-00c3tn...@fasolo.debian.org> and subject line Bug#1067115: fixed in gross 1.0.2-4.1~deb12u1 has caused the Debian Bug report #1067115, regarding gross: CVE-2023-52159 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1067115: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067115 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: gross Version: 1.0.2-4 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for gross. CVE-2023-52159[0]: | A stack-based buffer overflow vulnerability in gross 0.9.3 through | 1.x before 1.0.4 allows remote attackers to trigger a denial of | service (grossd daemon crash) or potentially execute arbitrary code | in grossd via crafted SMTP transaction parameters that cause an | incorrect strncat for a log entry. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-52159 https://www.cve.org/CVERecord?id=CVE-2023-52159 [1] https://codeberg.org/bizdelnick/gross/wiki/Known-vulnerabilities#cve-2023-52159 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: gross Source-Version: 1.0.2-4.1~deb12u1 Done: Adrian Bunk <b...@debian.org> We believe that the bug you reported is fixed in the latest version of gross, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1067...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Adrian Bunk <b...@debian.org> (supplier of updated gross package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 29 Mar 2024 22:52:55 +0200 Source: gross Architecture: source Version: 1.0.2-4.1~deb12u1 Distribution: bookworm Urgency: high Maintainer: Antonio Radici <anto...@debian.org> Changed-By: Adrian Bunk <b...@debian.org> Closes: 1067115 Changes: gross (1.0.2-4.1~deb12u1) bookworm; urgency=medium . * Non-maintainer upload. * Rebuild for bookworm. . gross (1.0.2-4.1) unstable; urgency=high . * Non-maintainer upload. * CVE-2023-52159: Stack-based buffer overflow (Closes: #1067115) Checksums-Sha1: bae100e2f26a5a73e74b5856aec709072dd25696 1869 gross_1.0.2-4.1~deb12u1.dsc 00961feb7b9c8330bb6db2a33b8d5c378c1eaee2 317461 gross_1.0.2.orig.tar.gz 9e4a6b15539d88a8d575eda307c164596fc49e07 7036 gross_1.0.2-4.1~deb12u1.debian.tar.xz Checksums-Sha256: 4aeb80cc898ba43fa203e38fdd37fdf5668f4d3b6c9877f4330fd93d5b176ed8 1869 gross_1.0.2-4.1~deb12u1.dsc 8443b9ba46537ed6470bda60109df68d40d3dd11b9f5a07c9180cb01af7147f9 317461 gross_1.0.2.orig.tar.gz f939750976aaa43c21061869b1d94ee677c7e138f8cd473d5f153f833e2e6264 7036 gross_1.0.2-4.1~deb12u1.debian.tar.xz Files: 92992bb50c38e4aa96f2374a78e876aa 1869 mail extra gross_1.0.2-4.1~deb12u1.dsc cb88d88553161c01e9bed7a74c3e9263 317461 mail extra gross_1.0.2.orig.tar.gz e4b6aa33fa6b2caab03018e75c1cac22 7036 mail extra gross_1.0.2-4.1~deb12u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmYHLBoACgkQiNJCh6LY mLGjcxAAliyTQjMcFCzTDsd0vHwLcNuby0r+bYHciFv3b7ybAGX69Pzqw9Dk7qAK PqvINaRI6GRW1xlnGB4r30FbgeokTD7COVkfyeII8CojgaEkqWRWvH4mwj+7kliS jS1BZcw7iyXBEQHxYHAiv5t/H5mUEW0Rb26LgrFrVPdBdprWoUvjNfzoFBWPhj+l uN3YHRbfI/G1Y4o4aumia70OA7ToGbotRM3DYe20LTi5RlbMbqwwKtaTf1fMT8mF VbOnwtGVu+MvtWOp6nKvY3KJ3Vdr3jjeJur73F71eD3GzPb4n/rR+2VoTTQ5m5Bz tnJEU80JX1XjU1JVhttgyxeUcOrjf9hvSdom1nr5B5CIPNKb9LtLoH782bvif3H1 2wM85p65cZXqDDx35Fyk/kjYCFB2OUHCaWoa4DXiDKzWF2zEIilDDtOuWD6qod3q 22Onc+ZqWxxJYTQ8jjDjrOggoQQW9kqnPpsKvxFgMW/YD5FP04cUmMaDx1RxWRlr h1xTaNAQocqcY50wrRDU6gpmnbfPBfK+9leN4/MuLvWKJ8so4KvQAur+reJJir3x M5nR6ZF2x4AMKCc3kKEfzjLE05J5Ma6NnlsoPRBXIQkVsfWciGGLuuNvzziSvfY8 iHsvOkQ09UovJx/6jR77E7s1PvsiDsojprwbHKR/2qtm3kDTRDo= =OXb5 -----END PGP SIGNATURE-----pgpAi7PruHb8O.pgp
Description: PGP signature
--- End Message ---