Your message dated Mon, 01 Apr 2024 11:47:08 +0000
with message-id <e1rrg84-00c3tn...@fasolo.debian.org>
and subject line Bug#1067115: fixed in gross 1.0.2-4.1~deb12u1
has caused the Debian Bug report #1067115,
regarding gross: CVE-2023-52159
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1067115: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067115
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: gross
Version: 1.0.2-4
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for gross.
CVE-2023-52159[0]:
| A stack-based buffer overflow vulnerability in gross 0.9.3 through
| 1.x before 1.0.4 allows remote attackers to trigger a denial of
| service (grossd daemon crash) or potentially execute arbitrary code
| in grossd via crafted SMTP transaction parameters that cause an
| incorrect strncat for a log entry.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-52159
https://www.cve.org/CVERecord?id=CVE-2023-52159
[1]
https://codeberg.org/bizdelnick/gross/wiki/Known-vulnerabilities#cve-2023-52159
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: gross
Source-Version: 1.0.2-4.1~deb12u1
Done: Adrian Bunk <b...@debian.org>
We believe that the bug you reported is fixed in the latest version of
gross, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1067...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Adrian Bunk <b...@debian.org> (supplier of updated gross package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 29 Mar 2024 22:52:55 +0200
Source: gross
Architecture: source
Version: 1.0.2-4.1~deb12u1
Distribution: bookworm
Urgency: high
Maintainer: Antonio Radici <anto...@debian.org>
Changed-By: Adrian Bunk <b...@debian.org>
Closes: 1067115
Changes:
gross (1.0.2-4.1~deb12u1) bookworm; urgency=medium
.
* Non-maintainer upload.
* Rebuild for bookworm.
.
gross (1.0.2-4.1) unstable; urgency=high
.
* Non-maintainer upload.
* CVE-2023-52159: Stack-based buffer overflow (Closes: #1067115)
Checksums-Sha1:
bae100e2f26a5a73e74b5856aec709072dd25696 1869 gross_1.0.2-4.1~deb12u1.dsc
00961feb7b9c8330bb6db2a33b8d5c378c1eaee2 317461 gross_1.0.2.orig.tar.gz
9e4a6b15539d88a8d575eda307c164596fc49e07 7036
gross_1.0.2-4.1~deb12u1.debian.tar.xz
Checksums-Sha256:
4aeb80cc898ba43fa203e38fdd37fdf5668f4d3b6c9877f4330fd93d5b176ed8 1869
gross_1.0.2-4.1~deb12u1.dsc
8443b9ba46537ed6470bda60109df68d40d3dd11b9f5a07c9180cb01af7147f9 317461
gross_1.0.2.orig.tar.gz
f939750976aaa43c21061869b1d94ee677c7e138f8cd473d5f153f833e2e6264 7036
gross_1.0.2-4.1~deb12u1.debian.tar.xz
Files:
92992bb50c38e4aa96f2374a78e876aa 1869 mail extra gross_1.0.2-4.1~deb12u1.dsc
cb88d88553161c01e9bed7a74c3e9263 317461 mail extra gross_1.0.2.orig.tar.gz
e4b6aa33fa6b2caab03018e75c1cac22 7036 mail extra
gross_1.0.2-4.1~deb12u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmYHLBoACgkQiNJCh6LY
mLGjcxAAliyTQjMcFCzTDsd0vHwLcNuby0r+bYHciFv3b7ybAGX69Pzqw9Dk7qAK
PqvINaRI6GRW1xlnGB4r30FbgeokTD7COVkfyeII8CojgaEkqWRWvH4mwj+7kliS
jS1BZcw7iyXBEQHxYHAiv5t/H5mUEW0Rb26LgrFrVPdBdprWoUvjNfzoFBWPhj+l
uN3YHRbfI/G1Y4o4aumia70OA7ToGbotRM3DYe20LTi5RlbMbqwwKtaTf1fMT8mF
VbOnwtGVu+MvtWOp6nKvY3KJ3Vdr3jjeJur73F71eD3GzPb4n/rR+2VoTTQ5m5Bz
tnJEU80JX1XjU1JVhttgyxeUcOrjf9hvSdom1nr5B5CIPNKb9LtLoH782bvif3H1
2wM85p65cZXqDDx35Fyk/kjYCFB2OUHCaWoa4DXiDKzWF2zEIilDDtOuWD6qod3q
22Onc+ZqWxxJYTQ8jjDjrOggoQQW9kqnPpsKvxFgMW/YD5FP04cUmMaDx1RxWRlr
h1xTaNAQocqcY50wrRDU6gpmnbfPBfK+9leN4/MuLvWKJ8so4KvQAur+reJJir3x
M5nR6ZF2x4AMKCc3kKEfzjLE05J5Ma6NnlsoPRBXIQkVsfWciGGLuuNvzziSvfY8
iHsvOkQ09UovJx/6jR77E7s1PvsiDsojprwbHKR/2qtm3kDTRDo=
=OXb5
-----END PGP SIGNATURE-----
pgpAi7PruHb8O.pgp
Description: PGP signature
--- End Message ---
