Your message dated Sat, 19 Aug 2023 19:02:23 +0000 with message-id <e1qxrdl-00046d...@fasolo.debian.org> and subject line Bug#1049366: fixed in indent 2.2.13-3 has caused the Debian Bug report #1049366, regarding indent: CVE-2023-40305 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1049366: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1049366 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: indent Version: 2.2.13-2 Severity: important Tags: security upstream Forwarded: https://savannah.gnu.org/bugs/index.php?64503 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 2.2.12-4+deb12u1 Control: found -1 2.2.12-1 Hi, The following vulnerability was published for indent. CVE-2023-40305[0]: | GNU indent 2.2.13 has a heap-based buffer overflow in search_brace | in indent.c via a crafted file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-40305 https://www.cve.org/CVERecord?id=CVE-2023-40305 [1] https://savannah.gnu.org/bugs/index.php?64503 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: indent Source-Version: 2.2.13-3 Done: Santiago Vila <sanv...@debian.org> We believe that the bug you reported is fixed in the latest version of indent, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1049...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Santiago Vila <sanv...@debian.org> (supplier of updated indent package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 19 Aug 2023 19:30:00 +0200 Source: indent Architecture: source Version: 2.2.13-3 Distribution: unstable Urgency: medium Maintainer: Santiago Vila <sanv...@debian.org> Changed-By: Santiago Vila <sanv...@debian.org> Closes: 1049366 Changes: indent (2.2.13-3) unstable; urgency=medium . * Apply two patches by Petr Písař <ppi...@redhat.com>. - Fix an out-of-buffer read in search_brace()/lexi() on an condition without parentheses followed with an overlong comment. - Fix a heap buffer overwrite in search_brace(). Closes: #1049366. This one is CVE-2023-40305. Checksums-Sha1: f18298aed86e5469b80a5358c26ad7238e6f2e59 1433 indent_2.2.13-3.dsc 01cb05e2c55e48f8510e8bc0cdd2520dc393534e 7216 indent_2.2.13-3.debian.tar.xz a91f6b81f2ff75c9850c65bb4fae08a4a7806534 5466 indent_2.2.13-3_source.buildinfo Checksums-Sha256: 1b8e144eff621241d4e1f4f4452b9394423a7c8734bb9e4b57a82d97a1d2c94b 1433 indent_2.2.13-3.dsc 82a0eca11ea7e60c7b567b331bcabd42bc6a382b80868696d813971c4f2aa2f8 7216 indent_2.2.13-3.debian.tar.xz f370289717a991c704c3474df97a49971d2f44676b76cbca4ed1430562eb1b15 5466 indent_2.2.13-3_source.buildinfo Files: c5e16151d16f0d6cf6a2d717139e156e 1433 devel optional indent_2.2.13-3.dsc 5a402b5c519bec644a470e723b535a69 7216 devel optional indent_2.2.13-3.debian.tar.xz 5cb7687015cee9df2fbb2c048f3916ea 5466 devel optional indent_2.2.13-3_source.buildinfo -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAmThAtEACgkQQc5/C58b izJYUQf/XtGKrp58wxYedRJPv4JN77c1x0PJTPVrUEkFxrUYDgGrLWsrdrLzfuIN nNXeCRkKJTWUP6+g6oyEPHyqu3PtKGuLnck7ThfanF01qkXGQ3Ib78lx+i5hTTCc DtP+Gwg0V2HlPPx7Gk3R04bCLHRyG5OU4Fh/e86zJ7HKpjKp2rVNrW7aWp/nlKDH 7RSpDfPQDYsBRmHkm79K2Ov5f8nxvCeRpsAvRyiocfLTcnUBoVlTlr7TMB0ylqLc gAYp0/owgCoKIVEGEumLaph49zDZNVMYxAT/L7qYLYg21yXHREF0XbM5UWWJYpoc 7x3qz6ZilWT6CR+YB8T70oy3uvy2EQ== =L1c1 -----END PGP SIGNATURE-----
--- End Message ---
