Your message dated Tue, 02 Apr 2024 20:32:32 +0000 with message-id <e1rrko4-001drb...@fasolo.debian.org> and subject line Bug#1067115: fixed in gross 1.0.2-4.1~deb11u1 has caused the Debian Bug report #1067115, regarding gross: CVE-2023-52159 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1067115: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067115 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: gross Version: 1.0.2-4 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for gross. CVE-2023-52159[0]: | A stack-based buffer overflow vulnerability in gross 0.9.3 through | 1.x before 1.0.4 allows remote attackers to trigger a denial of | service (grossd daemon crash) or potentially execute arbitrary code | in grossd via crafted SMTP transaction parameters that cause an | incorrect strncat for a log entry. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-52159 https://www.cve.org/CVERecord?id=CVE-2023-52159 [1] https://codeberg.org/bizdelnick/gross/wiki/Known-vulnerabilities#cve-2023-52159 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: gross Source-Version: 1.0.2-4.1~deb11u1 Done: Adrian Bunk <b...@debian.org> We believe that the bug you reported is fixed in the latest version of gross, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1067...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Adrian Bunk <b...@debian.org> (supplier of updated gross package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 29 Mar 2024 23:02:44 +0200 Source: gross Architecture: source Version: 1.0.2-4.1~deb11u1 Distribution: bullseye Urgency: high Maintainer: Antonio Radici <anto...@debian.org> Changed-By: Adrian Bunk <b...@debian.org> Closes: 1067115 Changes: gross (1.0.2-4.1~deb11u1) bullseye; urgency=medium . * Non-maintainer upload. * Rebuild for bullseye. . gross (1.0.2-4.1) unstable; urgency=high . * Non-maintainer upload. * CVE-2023-52159: Stack-based buffer overflow (Closes: #1067115) Checksums-Sha1: 87933f0fd7c19768ef9a378e0b288cd25ef121b0 1869 gross_1.0.2-4.1~deb11u1.dsc 00961feb7b9c8330bb6db2a33b8d5c378c1eaee2 317461 gross_1.0.2.orig.tar.gz 4098437e9f84970f1c43c3df2699f78eebe68915 7024 gross_1.0.2-4.1~deb11u1.debian.tar.xz Checksums-Sha256: 1ce55dfb6b85c0710c374db83ec40a5300dc3488b4a6f43a7f5e267a92f71c3c 1869 gross_1.0.2-4.1~deb11u1.dsc 8443b9ba46537ed6470bda60109df68d40d3dd11b9f5a07c9180cb01af7147f9 317461 gross_1.0.2.orig.tar.gz d9eec296a55d140deb5b525ed9e93d9bf767239b23e8828fe961b5d07f37a948 7024 gross_1.0.2-4.1~deb11u1.debian.tar.xz Files: 9ce1eaa1da132e4eb44634cc16e9a69a 1869 mail extra gross_1.0.2-4.1~deb11u1.dsc cb88d88553161c01e9bed7a74c3e9263 317461 mail extra gross_1.0.2.orig.tar.gz 8c360f13264f1d8098dc51c01a4d779c 7024 mail extra gross_1.0.2-4.1~deb11u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmYHLWAACgkQiNJCh6LY mLGTexAAjVy3+rghJcTR26UweRS+P1/NuUIwTHqLfAAoSYmZQMLHnVQdodxabwzW No7F+tmVkUvr1oNCkjmXUnSSKG2BPki2w5lb4oBoDrZxZ0wwOLw8Xg6r5HEVpTev 4UxjOeKZFrJiHPtmBfSDEADlC3CqcuEnE19E6P0LFdiOgvvVflqpWaDb6Yyik0X7 jST6OnbxuTNuQJhSS8pXfqOuqE5KapUjIzkeMK3ljoe+zNblY32QCQL6+IMAyJBN fGEqV6wYrcfr6SeF2XMCia2se7eyRyQCrigyVrMUSPjMg+4PowvTL/Etb2J9edR5 J5J/qSMf3WxSuW6a9O15+paM7Hfe259Z/BfzYxwi8bU9FW9BPijiXLAfSB3uMDWM cX78hla2UDll/B1yhUkN1gUR2CLcQUGGBKXirExGYROfPbWlQwSgcJuIgKrvi+az lGbYJEX2orrOVgPBXYDN8goDLRey9tCi+ZX5IpqNiUFjiF2oQBykVMdyRmdKpLA6 twujVx6uC7uiodXsUJHghLq+N5RV3CeopB+7S7GEvfvNRG0ZM9qeitnLK9CJtVDs WS1tAzUR+JqwOULK0savfzVbDpsOKyfbmYH9PfOVbh2NxNn96aP/KspmGnMFFxxJ fdsCcRIqE+cdbdD7dmIW6BVV+KUTLezUoC2IOKmd4p6lfNJRxoo= =Lcwv -----END PGP SIGNATURE-----pgplMc6V6Nt3o.pgp
Description: PGP signature
--- End Message ---