Your message dated Sun, 09 Jun 2024 22:32:09 +0000 with message-id <e1sgr57-00e0jj...@fasolo.debian.org> and subject line Bug#1072107: fixed in libarchive 3.6.2-1+deb12u1 has caused the Debian Bug report #1072107, regarding libarchive: CVE-2024-26256 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1072107: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072107 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libarchive Version: 3.7.2-2 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 3.6.2-1 Hi, The following vulnerability was published for libarchive. CVE-2024-26256[0]: | libarchive Remote Code Execution Vulnerability If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-26256 https://www.cve.org/CVERecord?id=CVE-2024-26256 [1] https://github.com/advisories/GHSA-2jc9-36w4-pmqw [2] https://github.com/libarchive/libarchive/commit/eb7939b24a681a04648a59cdebd386b1e9dc9237 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libarchive Source-Version: 3.6.2-1+deb12u1 Done: Salvatore Bonaccorso <car...@debian.org> We believe that the bug you reported is fixed in the latest version of libarchive, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1072...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated libarchive package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 02 Jun 2024 16:38:00 +0200 Source: libarchive Architecture: source Version: 3.6.2-1+deb12u1 Distribution: bookworm-security Urgency: high Maintainer: Peter Pentchev <r...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 1068047 1072107 Changes: libarchive (3.6.2-1+deb12u1) bookworm-security; urgency=high . [ Peter Pentchev ] * Add the robust-error-reporting upstream patch. Closes: #1068047 . [ Salvatore Bonaccorso ] * fix: OOB in rar e8 filter (CVE-2024-26256) (Closes: #1072107) * fix: OOB in rar delta filter * fix: OOB in rar audio filter Checksums-Sha1: e6e5f6b4c5fed869bf40f1a0113cf5684c0b02c5 2695 libarchive_3.6.2-1+deb12u1.dsc 35c971132e4ecb1679418d1713e328e415aac569 5213196 libarchive_3.6.2.orig.tar.xz 9c5ae31f3a3850ea301c1db8ccbd312f01e572ff 659 libarchive_3.6.2.orig.tar.xz.asc 07d4afb2b8e42d113a1d2732ef81df40d949931b 26708 libarchive_3.6.2-1+deb12u1.debian.tar.xz Checksums-Sha256: 48516b52965a717d939b65493b7b148b1620045e4c69e4ace2caa199f9ec6b8d 2695 libarchive_3.6.2-1+deb12u1.dsc 9e2c1b80d5fbe59b61308fdfab6c79b5021d7ff4ff2489fb12daf0a96a83551d 5213196 libarchive_3.6.2.orig.tar.xz c6f1cdc29571dd6b09d3776ae98404a81b2dbe970a2bd9dc0bd9ed183ca49b71 659 libarchive_3.6.2.orig.tar.xz.asc 41de35dcf0e1b69654ecdb43de18d3f8ba531340b45555a3e0ba2d822903623e 26708 libarchive_3.6.2-1+deb12u1.debian.tar.xz Files: 9ddad72db13414cb29f3b880e4514662 2695 libs optional libarchive_3.6.2-1+deb12u1.dsc 72cbb3c085624c825f627bfc8f52ce53 5213196 libs optional libarchive_3.6.2.orig.tar.xz fce14a9cae1725d38f714aa23a48e7da 659 libs optional libarchive_3.6.2.orig.tar.xz.asc 3b8b3bea2e56e1fe7d21e1083016d8f6 26708 libs optional libarchive_3.6.2-1+deb12u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmZchLFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EIxMQAIVQztvCD+HoX2yDSqSgxOXycQ+mm6TJ hAaY/9GgJOghFUY+riDwvUi8e0hTG1BDuuUPp6Qn1mGxWkR5+oS39Wvn/ecoZgA1 Sox5SiyUYZ6sjlL/mBLms+cRWrSoIsEKFxtZctWSgvTlB7Azkv4gF4fGYcsENJdq cgBmJoh7wGYquSMggkXxUoL+tfmWJlWe2CMhU+N7RvRqHhSeCn/zVycEDsH1VHgE 3/KbqAGdoqJ6jazFkou3J/DnZuZxX+CVDp6QFaKldmdD+A5fEsXT86lzDtM2y1LA J06SUDiENJ913kmYhH0k3qdkUnoOPKkJyLu5s4YZn4rd2KOsbRxwqeEMcRbe+oIK 0ktnTUDLRZfZpDClxY1jNPrxIh8IUJ0OWN6W1vIJhyzAQ0raj7qzAKLXc8aHyWv/ qh9JBtKsZWQh9Dx72LMiNt655M0z4fpi0aWuBa7r9VObXJcqvKLXdzN8eTAJd2SU Idy0qAUVdCpTVNrxONfysVxYEQV4/c+EQ18YpElQP+fCsKNA8gZrKxg1Jg4sZvzd A2XGByLdTzCoZ+RrM5ekJT35+hgNbyZIJPcbnM33KvslttHim4Myrx0mGqghfZj4 8IQWpj5acIhIpQjifN2/tAmf8Eut3iiLgKizBgz1HXYhJIHwdr2HwL4B0txSg3nN DilLS/tVX7e3 =Lu6c -----END PGP SIGNATURE-----pgp7fxC_e6HJR.pgp
Description: PGP signature
--- End Message ---