Bug#947043: marked as done (cyrus-sasl2: CVE-2019-19906: Off-by-one in _sasl_add_string function)
Your message dated Thu, 26 Dec 2019 15:34:26 + with message-id and subject line Bug#947043: fixed in cyrus-sasl2 2.1.27+dfsg-2 has caused the Debian Bug report #947043, regarding cyrus-sasl2: CVE-2019-19906: Off-by-one in _sasl_add_string function to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 947043: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947043 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: cyrus-sasl2 Version: 2.1.27+dfsg-1 Severity: grave Tags: security upstream Forwarded: https://github.com/cyrusimap/cyrus-sasl/issues/587 Control: found -1 2.1.27~101-g0780600+dfsg-3 Hi, The following vulnerability was published for cyrus-sasl2. CVE-2019-19906[0]: Off by one in _sasl_add_string function If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-19906 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19906 [1] https://github.com/cyrusimap/cyrus-sasl/issues/587 Regards, Salvatore --- End Message --- --- Begin Message --- Source: cyrus-sasl2 Source-Version: 2.1.27+dfsg-2 We believe that the bug you reported is fixed in the latest version of cyrus-sasl2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 947...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Roberto C. Sanchez (supplier of updated cyrus-sasl2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 26 Dec 2019 09:48:32 -0500 Source: cyrus-sasl2 Architecture: source Version: 2.1.27+dfsg-2 Distribution: unstable Urgency: medium Maintainer: Debian Cyrus Team Changed-By: Roberto C. Sanchez Closes: 947043 Changes: cyrus-sasl2 (2.1.27+dfsg-2) unstable; urgency=medium . [ Salvatore Bonaccorso ] * Off-by-one in _sasl_add_string function (CVE-2019-19906) (Closes: #947043) Checksums-Sha1: 7eded1a6b91f448e68da0731631a56d336cba9f7 3393 cyrus-sasl2_2.1.27+dfsg-2.dsc 7894a977b1e783c67167be32c53626ad35790544 99956 cyrus-sasl2_2.1.27+dfsg-2.debian.tar.xz 59466b10c2ec027f7efeb52a5a8e21456181d736 15254 cyrus-sasl2_2.1.27+dfsg-2_amd64.buildinfo Checksums-Sha256: e7e09491a1c2589c9947164db091d0f9b21b7d122f128841b6eac1adfc51b6c2 3393 cyrus-sasl2_2.1.27+dfsg-2.dsc ee894aeee645e842e39b434d5130e1bd15ea24b84c8a3f5077511a87341a 99956 cyrus-sasl2_2.1.27+dfsg-2.debian.tar.xz 7370bc46893f9fb0f0e0e0bd28a8196d02b3699ec78a7ae8b09f6889ac3dd17a 15254 cyrus-sasl2_2.1.27+dfsg-2_amd64.buildinfo Files: 330dae7ecb6168f4062d82c31a21e822 3393 libs standard cyrus-sasl2_2.1.27+dfsg-2.dsc 2bfce9f9e38b8b804b4390057f67833d 99956 libs standard cyrus-sasl2_2.1.27+dfsg-2.debian.tar.xz b97c48f54e5ac0f84c955f4ae33f217d 15254 libs standard cyrus-sasl2_2.1.27+dfsg-2_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEIYZ1DR4ae5UL01q7ldFmTdL1kUIFAl4EzbkACgkQldFmTdL1 kUJB/A//e4nEpB+rK3oENGSgb44ECqZEpwa9rN3fMPBbObDovfRNm3Q3eCeEahh/ k29Shl/f0bvWkHUdhz1tiaqSUPd6cvUh0idSPjg8dUZmcbb1yUe1nEOm5oHII4MX 63KbjEsLgiMXvZaNddkVxPtOpTqv/PxYNTLYGc31lNLwF9ooI3B1tduC5zs6XOgb qe2W15oj8v6ej5/inQOY3kZ6jh3MKVuRoBnKI4UnD0+F1+RlMnndiSqO+RSlbfWo jqpWdC56L/aYbrPjHzV5OF/vptNaPIM11YoHMAo1I5AP1uR5U0kNqhUkjxHil0yk cGWweZ2SfuCnJIIBSX22KCWlJUQDm3MCum7tBmAwogdf11Umj9mv9MnvyJ7zU3yy Xn3wsTrm+y5yPiaMZHSDrodiA1/mXB4HSPngnABPx1hgVq3bRT4K2g6gXhD1YAA5 O8K5MHyw/n4XNNHmh4YnSpv0JxaY4OwubRYY6cL2d8GKJa9Pssc1xopYWW3LOAZt FCCWkcGqDX/juRVxzRtWvfJMITU6AEVs3mhbdxsZV30/XyFPBSTxlpfbbt9KtTjQ 2/EwXYUJh6mlSw2nuGa0/vJupi/EyeZVC1y9zFu2BA5rC/VSZQveXpRw1XvzK5pr P0xNsFPcm4ERyxJ88kEwGTZtC3Lj5c9XzYOf1ouCxM2ZygYzOKI= =up/F -END PGP SIGNATURE End Message ---
Bug#947043: marked as done (cyrus-sasl2: CVE-2019-19906: Off-by-one in _sasl_add_string function)
Your message dated Sat, 21 Dec 2019 16:33:40 + with message-id and subject line Bug#947043: fixed in cyrus-sasl2 2.1.27~101-g0780600+dfsg-3+deb9u1 has caused the Debian Bug report #947043, regarding cyrus-sasl2: CVE-2019-19906: Off-by-one in _sasl_add_string function to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 947043: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947043 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: cyrus-sasl2 Version: 2.1.27+dfsg-1 Severity: grave Tags: security upstream Forwarded: https://github.com/cyrusimap/cyrus-sasl/issues/587 Control: found -1 2.1.27~101-g0780600+dfsg-3 Hi, The following vulnerability was published for cyrus-sasl2. CVE-2019-19906[0]: Off by one in _sasl_add_string function If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-19906 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19906 [1] https://github.com/cyrusimap/cyrus-sasl/issues/587 Regards, Salvatore --- End Message --- --- Begin Message --- Source: cyrus-sasl2 Source-Version: 2.1.27~101-g0780600+dfsg-3+deb9u1 We believe that the bug you reported is fixed in the latest version of cyrus-sasl2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 947...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso (supplier of updated cyrus-sasl2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 19 Dec 2019 23:13:43 +0100 Source: cyrus-sasl2 Architecture: source Version: 2.1.27~101-g0780600+dfsg-3+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Debian Cyrus SASL Team Changed-By: Salvatore Bonaccorso Closes: 947043 Changes: cyrus-sasl2 (2.1.27~101-g0780600+dfsg-3+deb9u1) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * Off-by-one in _sasl_add_string function (CVE-2019-19906) (Closes: #947043) Checksums-Sha1: dc9b60273777b625263abd376136cf5c2b19cc84 3381 cyrus-sasl2_2.1.27~101-g0780600+dfsg-3+deb9u1.dsc 627ff1c0d62984d60f7f98d6b14f6c36d6a9b0d9 1143888 cyrus-sasl2_2.1.27~101-g0780600+dfsg.orig.tar.xz d48a36988dc3604eeb198ea7b554e342cb9bfde6 94992 cyrus-sasl2_2.1.27~101-g0780600+dfsg-3+deb9u1.debian.tar.xz Checksums-Sha256: a331441098ece65be5bf13d871b486115af68daf06a0145adf6cda8ef71d73e4 3381 cyrus-sasl2_2.1.27~101-g0780600+dfsg-3+deb9u1.dsc 69f34971f768e7ee6a6b647ec2d16a5a72a854ecd4602b019d5f79ba61063fdc 1143888 cyrus-sasl2_2.1.27~101-g0780600+dfsg.orig.tar.xz be1ba4b3bfcc4740354342686deac73ca2e46c4871219599229efe8cfe98df6f 94992 cyrus-sasl2_2.1.27~101-g0780600+dfsg-3+deb9u1.debian.tar.xz Files: 71db97fd10e2727beddc112439fbe256 3381 libs standard cyrus-sasl2_2.1.27~101-g0780600+dfsg-3+deb9u1.dsc 4ca5bf3e08c62df06c3a5ffadcd9ab13 1143888 libs standard cyrus-sasl2_2.1.27~101-g0780600+dfsg.orig.tar.xz e88a9640371f49af4f8e95a42ba9ed21 94992 libs standard cyrus-sasl2_2.1.27~101-g0780600+dfsg-3+deb9u1.debian.tar.xz -BEGIN PGP SIGNATURE- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl3792RfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89E7BsP/08u143qVzZdjR/Gs9AjgRd5W2CAWMyL WMvJb9ITtiHtDHXEgJ6N0XdjqRhGCUHWWVrJ+c5pTl1Y5HukXeEVZgGB3zO8MwMz xW5UNL09mZcQ6fhXgHB7DSarrG9mupgHDBnmojzIz84VQDyECS9CGy3g8KPraqpv /o70Xm2opBpt/2v6jJy+cGe5HMw2dVuSGiwKOrhQ7qSkfYLjON7CwDVNXTcqD3JS xg6fkmGsxktdPV88at1INOF9Xb+kOklrRj1HqVEo+NmvwqR/wg64xj4StHGchNjX C+vDDgbJhQ0M2YImFMsicbCKV7wxt2CY0gF/ruyc0mPR5EnUsAyuEICzIRNVePwb 616HIjnxQ3IBvrMhdZTwLP3X6yvxsgVKacXwROpgEuo3MuyolTWXT1Ds9b9o5oCA mJOoghSkpQd+zUwLWqp37pKtIG5hVK2XfwDCN8Tw3OlZAKZRRErslp8mCgLdUS0P wEFc+rwH3+NzKk67Q5HgymzmlACR//RM3cOu6wZQt6IyA86rn6WRatA8CJbQWl2H Ljjz+borrD/hPFDdBRijq0k5q9RrQ2yrhi4z8iH99qGbNK7dMb5wXqoSwTvAD2iM RrWamA4tHAZ+S+AfDN7jkdMYzKMgyPgFbST0vov8gRgrswHRTqIcOOyb5Q0xjJIc Ao/Sm2HTJVdq =pspV -END PGP SIGNATURE End Message ---
Bug#947043: marked as done (cyrus-sasl2: CVE-2019-19906: Off-by-one in _sasl_add_string function)
Your message dated Sat, 21 Dec 2019 16:32:27 + with message-id and subject line Bug#947043: fixed in cyrus-sasl2 2.1.27+dfsg-1+deb10u1 has caused the Debian Bug report #947043, regarding cyrus-sasl2: CVE-2019-19906: Off-by-one in _sasl_add_string function to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 947043: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947043 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: cyrus-sasl2 Version: 2.1.27+dfsg-1 Severity: grave Tags: security upstream Forwarded: https://github.com/cyrusimap/cyrus-sasl/issues/587 Control: found -1 2.1.27~101-g0780600+dfsg-3 Hi, The following vulnerability was published for cyrus-sasl2. CVE-2019-19906[0]: Off by one in _sasl_add_string function If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-19906 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19906 [1] https://github.com/cyrusimap/cyrus-sasl/issues/587 Regards, Salvatore --- End Message --- --- Begin Message --- Source: cyrus-sasl2 Source-Version: 2.1.27+dfsg-1+deb10u1 We believe that the bug you reported is fixed in the latest version of cyrus-sasl2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 947...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso (supplier of updated cyrus-sasl2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 19 Dec 2019 22:59:30 +0100 Source: cyrus-sasl2 Architecture: source Version: 2.1.27+dfsg-1+deb10u1 Distribution: buster-security Urgency: high Maintainer: Debian Cyrus Team Changed-By: Salvatore Bonaccorso Closes: 947043 Changes: cyrus-sasl2 (2.1.27+dfsg-1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Off-by-one in _sasl_add_string function (CVE-2019-19906) (Closes: #947043) Checksums-Sha1: c2af544a3fb6d6735dbf11958aaa772a07c8801b 3580 cyrus-sasl2_2.1.27+dfsg-1+deb10u1.dsc 6da3baff1685e96b93b46cdd47e13ecc34a632df 2058596 cyrus-sasl2_2.1.27+dfsg.orig.tar.xz 7535cdb01b04cfa4b2a5d9619aa2e837f0291dc9 99972 cyrus-sasl2_2.1.27+dfsg-1+deb10u1.debian.tar.xz Checksums-Sha256: 4537e3acdf1e009c402110aa47d6f5acef87594b4ad7e13733d3956d85b2d110 3580 cyrus-sasl2_2.1.27+dfsg-1+deb10u1.dsc 108b0c691c423837264f05abb559ea76c3dfdd91246555e8abe87c129a6e37cd 2058596 cyrus-sasl2_2.1.27+dfsg.orig.tar.xz df71d3cd6c623702c5daeab440c91899c8d4e7955cf632e6bd07de3a65cb8538 99972 cyrus-sasl2_2.1.27+dfsg-1+deb10u1.debian.tar.xz Files: 5f4931df32fa8c405220d05c1f26925e 3580 libs standard cyrus-sasl2_2.1.27+dfsg-1+deb10u1.dsc ce30955361d1cdde3c31d0ee742e338d 2058596 libs standard cyrus-sasl2_2.1.27+dfsg.orig.tar.xz ba6707c9b3f82742a8b25d5d95fd6dd3 99972 libs standard cyrus-sasl2_2.1.27+dfsg-1+deb10u1.debian.tar.xz -BEGIN PGP SIGNATURE- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl379AdfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89En3AP/j/ZLqYssVCDeD358qGOdFwPB/m88w/E Mwe1e3kwsXiItNuj7eZqiOVGdb4H2e102mH+h5NxBkruSGinBRSdcY2/4Cg39hKX eXU8bH66O1HlLvsuvbP9PeMZ/3xQ7qktBLfIyAUQippTVcH2voqPj06kvInVsjOq tTeVL12I2s70qUSgzI4C3ziSm4bx4qhRJ6YKoFjIflPXD3wSjItnFpSKTXVtQSvB HNxT9dH55YdJz1U7KViMNvENjkf600izYi2QJLdVLfI+/YCyxDJRJj6JXzZbnCPD Zfjeinxwztd+/U5lsT8/0JfEAEzGUXGaZvAKmYqIO3AKe+d2x0wpfOvgCoDGEgQV mOUU2q6Iz6F9h0dll1nWXqFIcoXnYDO+LgHHVxskW2EJ5jTXfHaOu7bKG/rh18jf dZZ+YYirfhA3YaCvp8URM1buvVL1klCD9hjO+ptScEhOi2EbN+6qVdYUPw9rj771 rrPxOFcx22NN+xjo2Hao8ennGtxKLmwjBTIGbYlNkHGUJ/0ai1t62HUUqLX2wRH5 EqpEtMxLqSgy1+fb0y/+qvnsJbiTJIa0ZriZh7O1igW473FHozT1oZjrJB9b+tQG CLuELxucix+2s51y4D7aarqgEhpTNld5YnA0zaBd8iQgklZoLF59L5joFZDyiOdR 8qpQdx/5KtLO =xA/a -END PGP SIGNATURE End Message ---
