Your message dated Thu, 28 Jul 2022 09:23:17 +0200
with message-id <875yjhsntm....@msgid.hilluzination.de>
and subject line Re: Bug#1014764: guestfs-tools: CVE-2022-2211
has caused the Debian Bug report #1014764,
regarding guestfs-tools: CVE-2022-2211
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1014764: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014764
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: guestfs-tools
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for guestfs-tools.
CVE-2022-2211[0]:
Buffer overflow in get_keys leads to Dos
https://bugzilla.redhat.com/show_bug.cgi?id=2100862
https://listman.redhat.com/archives/libguestfs/2022-June/029274.html
https://listman.redhat.com/archives/libguestfs/2022-June/029277.html
https://github.com/libguestfs/libguestfs-common/commit/35467027f657de76aca34b48a6f23e9608b23a57
Documentation:
https://github.com/libguestfs/libguestfs/commit/99844660b48ed809e37378262c65d63df6ce4a53
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-2211
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2211
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
It turned out that triggering rebuilds was enough to get guestfs-tools
built, so it can migrate now. Closing the issue.
Cheers,
-Hilko
--- End Message ---
