Your message dated Fri, 25 Nov 2022 21:34:10 +0000 with message-id <e1oygko-003cti...@fasolo.debian.org> and subject line Bug#1019592: fixed in advancecomp 2.4-1 has caused the Debian Bug report #1019592, regarding advancecomp: CVE-2022-35020 CVE-2022-35019 CVE-2022-35018 CVE-2022-35017 CVE-2022-35016 CVE-2022-35015 CVE-2022-35014 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1019592: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019592 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: advancecomp X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerabilities were published for advancecomp. Multiple issues in advancement, I suppose none of these have actually been forwarded upstream by the reporter: CVE-2022-35020[0]: | Advancecomp v2.3 was discovered to contain a heap buffer overflow via | the component __interceptor_memcpy at | /sanitizer_common/sanitizer_common_interceptors.inc. https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35020.md CVE-2022-35019[1]: | Advancecomp v2.3 was discovered to contain a segmentation fault. https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35019.md CVE-2022-35018[2]: | Advancecomp v2.3 was discovered to contain a segmentation fault. https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35018.md CVE-2022-35017[3]: | Advancecomp v2.3 was discovered to contain a heap buffer overflow. https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35017.md CVE-2022-35016[4]: | Advancecomp v2.3 was discovered to contain a heap buffer overflow. https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35016.md CVE-2022-35015[5]: | Advancecomp v2.3 was discovered to contain a heap buffer overflow via | le_uint32_read at /lib/endianrw.h. https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35015.md CVE-2022-35014[6]: | Advancecomp v2.3 contains a segmentation fault. https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35014.md If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-35020 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35020 [1] https://security-tracker.debian.org/tracker/CVE-2022-35019 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35019 [2] https://security-tracker.debian.org/tracker/CVE-2022-35018 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35018 [3] https://security-tracker.debian.org/tracker/CVE-2022-35017 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35017 [4] https://security-tracker.debian.org/tracker/CVE-2022-35016 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35016 [5] https://security-tracker.debian.org/tracker/CVE-2022-35015 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35015 [6] https://security-tracker.debian.org/tracker/CVE-2022-35014 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35014 Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---Source: advancecomp Source-Version: 2.4-1 Done: Piotr Ożarowski <pi...@debian.org> We believe that the bug you reported is fixed in the latest version of advancecomp, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1019...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Piotr Ożarowski <pi...@debian.org> (supplier of updated advancecomp package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 25 Nov 2022 22:01:13 +0100 Source: advancecomp Architecture: source Version: 2.4-1 Distribution: unstable Urgency: high Maintainer: Piotr Ożarowski <pi...@debian.org> Changed-By: Piotr Ożarowski <pi...@debian.org> Closes: 1019592 Changes: advancecomp (2.4-1) unstable; urgency=high . * New upstream release. Fixes CVE-2022-35014, CVE-2022-35015, CVE-2022-35016, CVE-2022-35017, CVE-2022-35018, CVE-2022-35019, CVE-2022-35020 (closes: 1019592) Checksums-Sha1: 37cde259017ec60e2c008f5f9694c5857daa381c 1740 advancecomp_2.4-1.dsc 2939c383aaaf24c6cef898b29fd2f40e3ab19d9c 1215645 advancecomp_2.4.orig.tar.gz f39cf7243c64179ccd23ec2b246ef5150abe9dc3 3532 advancecomp_2.4-1.debian.tar.xz 9e1376f9c43028954fee5c667690e94d241284c0 6594 advancecomp_2.4-1_amd64.buildinfo Checksums-Sha256: 9c4b0ac3a8e59c9d4c7d6c617ab045ba75cd170c1b14f8ec73c6a840de9e3438 1740 advancecomp_2.4-1.dsc eed4f31e4cd49cb18587f47a0af844b69340b2424e03a50eb60650befe93fdab 1215645 advancecomp_2.4.orig.tar.gz 40fe928ef8e85796fd94a05e63c12064d94f53c78cdae84d4495dff811be3731 3532 advancecomp_2.4-1.debian.tar.xz f7fce8c4c7a68ce6aeabc6f9a32245c269ac1d7eea3995ee18d0bd8dad91ca20 6594 advancecomp_2.4-1_amd64.buildinfo Files: d6fb43d3b1d4286697162ee37b6e2279 1740 utils optional advancecomp_2.4-1.dsc 507931e3aab6a7e9a4ea9b0ef754ca97 1215645 utils optional advancecomp_2.4.orig.tar.gz db621039b83eb8fe9994dd0e51219e60 3532 utils optional advancecomp_2.4-1.debian.tar.xz d3fcb1eb0f9964d0fa559557f5036eb6 6594 utils optional advancecomp_2.4-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEHS+omFjar2IXhi33rvbxoqdFdkUFAmOBLzIACgkQrvbxoqdF dkV2vg//bKoe/UhrpnyKPcWty+Gsc26PjgG4GX9ZIsRvRAJNw9h8UDZo2A5a/kWy 5A2N7QWOq/nO3yHv00r/z3rQzTfftgz1GGlS581iPBA8zmt/sQAVakKAVGeOB2LJ nAT/fMYyujIK293eYig5BMz0bFjibs7YJUtqQQdwoDZj1VCKtNUUdNN+qHYc9Bnj aQej4eXnisttTFrlTbdzVi8puEHTj0FQ6l7k83OJ6yJhEXGTYrG3kJBrC/BheZK0 TIsypE2iq/hbOnmiifLUHThmXk/TKp67CW4BumOMxjmoVZXQy8WDpGinYfgE0dsC 3mLyEjn7PR/SIDG8G2WOExToOAlinvUbKjy3OA+a1nBY8UlfRENx39Ch1Smtb7wA IMlwFrBu79bHlyGu2/dvyfrIiTu0UL8LEopEZI4a6h+it7oBdzzH+mVdil8Y3RXQ iefHLjTPy77vGZ4b9SOzJgY0m6zjyNBEqbyaBsIU4BJNclINNJ59YVV3Lz5/QIjG zsO826Q5F3LGif8GtM326wjVLnhe+XYJDUa0KW+JmGAxqq7QKZEqNQE7EhI2qX5e UEPgU9XPDhdqoXfhd544txXDdhJ26tycD2nLyCSbVjeYIaDzPRSyimq+emWB5gGq tZb8SbhnH2wMSoCaa8u3fSKQZFXBPVfoqOGSrf1HRefZqSs+Gj0= =FiUw -----END PGP SIGNATURE-----
--- End Message ---
