Your message dated Sat, 07 Sep 2024 09:19:12 +0000
with message-id <e1smrb6-003hgu...@fasolo.debian.org>
and subject line Bug#1080375: fixed in apr 1.7.5-1
has caused the Debian Bug report #1080375,
regarding apr: CVE-2023-49582
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1080375: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1080375
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: apr
Version: 1.7.2-3
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for apr.
CVE-2023-49582[0]:
| Lax permissions set by the Apache Portable Runtime library on Unix
| platforms would allow local users read access to named shared memory
| segments, potentially revealing sensitive application data. This
| issue does not affect non-Unix platforms, or builds
| with APR_USE_SHMEM_SHMGET=1 (apr.h) Users are recommended to
| upgrade to APR version 1.7.5, which fixes this issue.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-49582
https://www.cve.org/CVERecord?id=CVE-2023-49582
[1] https://lists.apache.org/thread/h5f1c2dqm8bf5yfosw3rg85927p612l0
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: apr
Source-Version: 1.7.5-1
Done: Stefan Fritsch <s...@debian.org>
We believe that the bug you reported is fixed in the latest version of
apr, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1080...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Stefan Fritsch <s...@debian.org> (supplier of updated apr package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 07 Sep 2024 11:01:36 +0200
Source: apr
Architecture: source
Version: 1.7.5-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Stefan Fritsch <s...@debian.org>
Closes: 1080375
Changes:
apr (1.7.5-1) unstable; urgency=medium
.
* New usptream version
- CVE-2023-49582: Unexpected lax shared memory permissions
Closes: #1080375
Checksums-Sha1:
bb870bcb88a157f225ee41f9304791ccc06a50bc 2289 apr_1.7.5-1.dsc
b6acc2ea8048d582136c93512bff520fe446d095 898264 apr_1.7.5.orig.tar.bz2
d58e0669fdae490014903e3f7afc85bbea2a90e0 833 apr_1.7.5.orig.tar.bz2.asc
ca604d959fb1d851d88d2e8be19a02ebd6fc4309 64960 apr_1.7.5-1.debian.tar.xz
f748d7dcb253fdf923468b87b92a60f8f83b1d51 8167 apr_1.7.5-1_source.buildinfo
Checksums-Sha256:
e31e60f2e81d7ed9b0d65ba386e546769d29b31426aeae69bddbd43ee6d03786 2289
apr_1.7.5-1.dsc
cd0f5d52b9ab1704c72160c5ee3ed5d3d4ca2df4a7f8ab564e3cb352b67232f2 898264
apr_1.7.5.orig.tar.bz2
28b73a98834d022d52c8faae919aa4b9aefe3ebd6d6e78bb74e68a53bdc26ec3 833
apr_1.7.5.orig.tar.bz2.asc
d511152126b62b2904637dda119aa7544c4a726502bf4ee1a6a2da5eed4a3d8d 64960
apr_1.7.5-1.debian.tar.xz
71fce958caf378ec5d85fecf788b839932fd3ce19ad00a15614dced6c96aa23a 8167
apr_1.7.5-1_source.buildinfo
Files:
8d35da39c702772f9c7958373a554384 2289 libs optional apr_1.7.5-1.dsc
8b156d4d0e804cb1f172312ffe087c25 898264 libs optional apr_1.7.5.orig.tar.bz2
c16b943d95335a8566a487af0c77fa46 833 libs optional apr_1.7.5.orig.tar.bz2.asc
9f7bb02cffc16b7d04a6e6e1711b5192 64960 libs optional apr_1.7.5-1.debian.tar.xz
1bb314400aa7079d7fcdfdb849126aa3 8167 libs optional
apr_1.7.5-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOpiNza8JqByyYYsxxodfNUHO/eAFAmbcFvIACgkQxodfNUHO
/eDJZA/+MeblIHzxxeryZg8xa8+Vm1tkvSU6fgWHIEjiar1F98SdbaiaqiwwlyuG
DVZkGgA8PCOE2Icv7XajSB5Y5U2KevqV8RP+dREwQigv499tmpgHRhf0PJa7mKit
5Gus6fQDdUAv8WEsPUx/VaO1wDG6+HhWMIaVO7O4G+JuS7PP1IZcKuYZhYi4dYlJ
7rl0IVaPxnyx4ilsyaFZMZH/1pOxYkGKoF/95TC2wtfrnwkugnW9xlL+yMfXr/cQ
eSDwDPuz5MtyHPDY+O3ibFrzBZVzWJbhV6758sQSghf6DxypZ7DdYMVFcgiBaAkF
qBSgGVK593eVJ768jTMLxaVbRGA+QeRuiCjiMzTpiqBK+Hf2/wFapCUHU7WynNia
yJROajHqWPQ3qDiFTf/G5xxWU4twj3AZy6YC2tjUZHL2eqr4p1Yh18yR4nIH7Pbj
xhkAPLk/yRitEcsyllEnUxWv68odlrMozNHpOTBQilpo83MYUwyZJAPgYZSRlBcb
MIcnUff7X6UO7Q5M2/oBiTDO4Rqr0dwxEiG/GKLSkfBRTVuklWmQyv5JBCJYoJrn
0o78k/AzBXkdn5b+y1+TY7thWJHscHCUKFlxv6hMmiFErlUSNERjZWQI50oapeM2
HY+uCHc4pFvtFol0Iez+zCp9Spir386fyU6E3h2Dxx2rJUqralo=
=8oaH
-----END PGP SIGNATURE-----
pgpSgZ6mw1Se9.pgp
Description: PGP signature
--- End Message ---
