Your message dated Tue, 02 Apr 2024 20:32:32 +0000
with message-id <e1rrko4-001drb...@fasolo.debian.org>
and subject line Bug#1067115: fixed in gross 1.0.2-4.1~deb11u1
has caused the Debian Bug report #1067115,
regarding gross: CVE-2023-52159
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1067115: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067115
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: gross
Version: 1.0.2-4
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for gross.
CVE-2023-52159[0]:
| A stack-based buffer overflow vulnerability in gross 0.9.3 through
| 1.x before 1.0.4 allows remote attackers to trigger a denial of
| service (grossd daemon crash) or potentially execute arbitrary code
| in grossd via crafted SMTP transaction parameters that cause an
| incorrect strncat for a log entry.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-52159
https://www.cve.org/CVERecord?id=CVE-2023-52159
[1]
https://codeberg.org/bizdelnick/gross/wiki/Known-vulnerabilities#cve-2023-52159
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: gross
Source-Version: 1.0.2-4.1~deb11u1
Done: Adrian Bunk <b...@debian.org>
We believe that the bug you reported is fixed in the latest version of
gross, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1067...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Adrian Bunk <b...@debian.org> (supplier of updated gross package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 29 Mar 2024 23:02:44 +0200
Source: gross
Architecture: source
Version: 1.0.2-4.1~deb11u1
Distribution: bullseye
Urgency: high
Maintainer: Antonio Radici <anto...@debian.org>
Changed-By: Adrian Bunk <b...@debian.org>
Closes: 1067115
Changes:
gross (1.0.2-4.1~deb11u1) bullseye; urgency=medium
.
* Non-maintainer upload.
* Rebuild for bullseye.
.
gross (1.0.2-4.1) unstable; urgency=high
.
* Non-maintainer upload.
* CVE-2023-52159: Stack-based buffer overflow (Closes: #1067115)
Checksums-Sha1:
87933f0fd7c19768ef9a378e0b288cd25ef121b0 1869 gross_1.0.2-4.1~deb11u1.dsc
00961feb7b9c8330bb6db2a33b8d5c378c1eaee2 317461 gross_1.0.2.orig.tar.gz
4098437e9f84970f1c43c3df2699f78eebe68915 7024
gross_1.0.2-4.1~deb11u1.debian.tar.xz
Checksums-Sha256:
1ce55dfb6b85c0710c374db83ec40a5300dc3488b4a6f43a7f5e267a92f71c3c 1869
gross_1.0.2-4.1~deb11u1.dsc
8443b9ba46537ed6470bda60109df68d40d3dd11b9f5a07c9180cb01af7147f9 317461
gross_1.0.2.orig.tar.gz
d9eec296a55d140deb5b525ed9e93d9bf767239b23e8828fe961b5d07f37a948 7024
gross_1.0.2-4.1~deb11u1.debian.tar.xz
Files:
9ce1eaa1da132e4eb44634cc16e9a69a 1869 mail extra gross_1.0.2-4.1~deb11u1.dsc
cb88d88553161c01e9bed7a74c3e9263 317461 mail extra gross_1.0.2.orig.tar.gz
8c360f13264f1d8098dc51c01a4d779c 7024 mail extra
gross_1.0.2-4.1~deb11u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmYHLWAACgkQiNJCh6LY
mLGTexAAjVy3+rghJcTR26UweRS+P1/NuUIwTHqLfAAoSYmZQMLHnVQdodxabwzW
No7F+tmVkUvr1oNCkjmXUnSSKG2BPki2w5lb4oBoDrZxZ0wwOLw8Xg6r5HEVpTev
4UxjOeKZFrJiHPtmBfSDEADlC3CqcuEnE19E6P0LFdiOgvvVflqpWaDb6Yyik0X7
jST6OnbxuTNuQJhSS8pXfqOuqE5KapUjIzkeMK3ljoe+zNblY32QCQL6+IMAyJBN
fGEqV6wYrcfr6SeF2XMCia2se7eyRyQCrigyVrMUSPjMg+4PowvTL/Etb2J9edR5
J5J/qSMf3WxSuW6a9O15+paM7Hfe259Z/BfzYxwi8bU9FW9BPijiXLAfSB3uMDWM
cX78hla2UDll/B1yhUkN1gUR2CLcQUGGBKXirExGYROfPbWlQwSgcJuIgKrvi+az
lGbYJEX2orrOVgPBXYDN8goDLRey9tCi+ZX5IpqNiUFjiF2oQBykVMdyRmdKpLA6
twujVx6uC7uiodXsUJHghLq+N5RV3CeopB+7S7GEvfvNRG0ZM9qeitnLK9CJtVDs
WS1tAzUR+JqwOULK0savfzVbDpsOKyfbmYH9PfOVbh2NxNn96aP/KspmGnMFFxxJ
fdsCcRIqE+cdbdD7dmIW6BVV+KUTLezUoC2IOKmd4p6lfNJRxoo=
=Lcwv
-----END PGP SIGNATURE-----
pgplMc6V6Nt3o.pgp
Description: PGP signature
--- End Message ---
