Your message dated Mon, 24 Oct 2022 04:20:44 +0000 with message-id <e1omoxa-002srp...@fasolo.debian.org> and subject line Bug#1022557: fixed in shapelib 1.5.0-3 has caused the Debian Bug report #1022557, regarding shapelib: CVE-2022-0699 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1022557: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022557 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: shapelib X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for shapelib. CVE-2022-0699[0]: | A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 | and older releases. This issue may allow an attacker to cause a denial | of service or have other unspecified impact via control over malloc. https://github.com/OSGeo/shapelib/issues/39 https://github.com/OSGeo/shapelib/commit/c75b9281a5b9452d92e1682bdfe6019a13ed819f If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-0699 https://www.cve.org/CVERecord?id=CVE-2022-0699 Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---Source: shapelib Source-Version: 1.5.0-3 Done: Bas Couwenberg <sebas...@debian.org> We believe that the bug you reported is fixed in the latest version of shapelib, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1022...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bas Couwenberg <sebas...@debian.org> (supplier of updated shapelib package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 24 Oct 2022 05:38:54 +0200 Source: shapelib Architecture: source Version: 1.5.0-3 Distribution: unstable Urgency: high Maintainer: Debian GIS Project <pkg-grass-de...@lists.alioth.debian.org> Changed-By: Bas Couwenberg <sebas...@debian.org> Closes: 1022557 Changes: shapelib (1.5.0-3) unstable; urgency=high . * Bump watch file version to 4. * Update lintian overrides. * Bump Standards-Version to 4.6.1, no changes. * Bump debhelper compat to 12, changes: - Drop --list-missing from dh_install * Add upstream patch to fix CVE-2022-0699. (closes: #1022557) Checksums-Sha1: f4fc78716259ca9577f3a08559012ff63c4248d0 2081 shapelib_1.5.0-3.dsc 533c26632a489e7f4289e348ecb0ccacfbb246cd 16060 shapelib_1.5.0-3.debian.tar.xz 4fffe9dc53db6b6de220b2db869dc57fbeae06b8 9211 shapelib_1.5.0-3_amd64.buildinfo Checksums-Sha256: cc50607e91f60fe5eb4dd028df45934d91af83b8511e411a481ce11f7e164d42 2081 shapelib_1.5.0-3.dsc b9df27d84148e0a136bd05ac7ccdad7240a6e7223addd06ce827048ececa8b2b 16060 shapelib_1.5.0-3.debian.tar.xz 3f80effc2588b60014d112ed92aa69b48f0a6709dd3381f3c0498da3725b6fdc 9211 shapelib_1.5.0-3_amd64.buildinfo Files: da0101abdba9f029a10b0a2b21ac036c 2081 libs optional shapelib_1.5.0-3.dsc f5bce03d79dd86504c6fa888dd7a9755 16060 libs optional shapelib_1.5.0-3.debian.tar.xz 17b51019604d78fadc5ac03c04576f5b 9211 libs optional shapelib_1.5.0-3_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEgYLeQXBWQI1hRlDRZ1DxCuiNSvEFAmNWD28ACgkQZ1DxCuiN SvEn1Q//V0KYPc+WE+IHjcVmA3tQhAO8GYnVLdMp6Zh1CODs/g5FkzqexYmJ3xJ3 USixggXtyvjfIL61aiBiddgaZWhFgca5A3tNkNlFajdO7LdPCxwHKg69MjVXe9bx YEEUs+BvWQYUlkK5NZAFyKZba6w1EgaNkdQofGXmVq/oPrjF1zssvvo+kklOrPTp WIoyKX+O8lLzpLoVFaTJw+ztrBN4PrjeriqOwGZyMXLjw0D2x39KCFbonKALItcM WmE0L0dqa/uZQA7t3lJnQwgaA23XRSahIBNRKSD/16PhuCtJOO7Vx5j5nkddxNLm K7lrPwo2Yb/b9rmhGFZtKOkS4p7wmWtjeDMOyi/kgpw93ga7/U0NDfoKO0X2s0F5 AhsqM4Qpm6IqYwi9w1JuzG/U72pV0OfoQzwckkce2U6+h7k3k8BgI5k4jSacmQz7 yf/9l3hDGTvb1oZCTRDqlUkD5cvyAuZTYcsR5AqSwnmtLxEeY1Y7swVZplkJS/Gi ZlUrEZJqQNtt4UBnUKoWOUXyUKLxOEwNwVPLk+eE81C6MJpqvLJg6zsyqxM327UB yCgPBnmr2zquIO/AGUNYiYqrKsjvu3eztiMjh7Xm4E3hmLCvcMWB89WBgf9T4M7U Ofy6MccTZlrwY3iTEAh4Bx4qNZ66FfLNHdyyV3037wZt/ul7vNI= =5KO+ -----END PGP SIGNATURE-----
--- End Message ---
