Your message dated Tue, 05 Sep 2023 19:17:08 +0000 with message-id <e1qdbxw-00ehz8...@fasolo.debian.org> and subject line Bug#1049366: fixed in indent 2.2.12-4+deb12u2 has caused the Debian Bug report #1049366, regarding indent: CVE-2023-40305 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1049366: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1049366 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: indent Version: 2.2.13-2 Severity: important Tags: security upstream Forwarded: https://savannah.gnu.org/bugs/index.php?64503 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 2.2.12-4+deb12u1 Control: found -1 2.2.12-1 Hi, The following vulnerability was published for indent. CVE-2023-40305[0]: | GNU indent 2.2.13 has a heap-based buffer overflow in search_brace | in indent.c via a crafted file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-40305 https://www.cve.org/CVERecord?id=CVE-2023-40305 [1] https://savannah.gnu.org/bugs/index.php?64503 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: indent Source-Version: 2.2.12-4+deb12u2 Done: Santiago Vila <sanv...@debian.org> We believe that the bug you reported is fixed in the latest version of indent, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1049...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Santiago Vila <sanv...@debian.org> (supplier of updated indent package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 28 Aug 2023 12:55:00 +0200 Source: indent Architecture: source Version: 2.2.12-4+deb12u2 Distribution: bookworm Urgency: medium Maintainer: Santiago Vila <sanv...@debian.org> Changed-By: Santiago Vila <sanv...@debian.org> Closes: 1049366 Changes: indent (2.2.12-4+deb12u2) bookworm; urgency=medium . * Apply two patches by Petr Písař <ppi...@redhat.com>. - Fix an out-of-buffer read in search_brace()/lexi() on an condition without parentheses followed with an overlong comment. - Fix a heap buffer overwrite in search_brace(). Closes: #1049366. This one is CVE-2023-40305. Checksums-Sha1: ec0e844ad470eb49ef9152e9b86f81d927ab7580 1465 indent_2.2.12-4+deb12u2.dsc 66e2b53ead2a3d35b1ab4a5f6781d8bba5f8251e 7900 indent_2.2.12-4+deb12u2.debian.tar.xz 6447d430e5055e929d8f195f64ff345fd6e972f7 5457 indent_2.2.12-4+deb12u2_source.buildinfo Checksums-Sha256: 4b4503cca085f49375cf71e0f356c7e07b6b648cb2a47a7f828c1dac718a1318 1465 indent_2.2.12-4+deb12u2.dsc 4a9acc591576b07d8602473428445843ec4e5d52395126ca0f4d18203c35ce5a 7900 indent_2.2.12-4+deb12u2.debian.tar.xz 7ad45c51eb67045002ba100170c3be2145c6925a8d83e9248ad7c511b8943883 5457 indent_2.2.12-4+deb12u2_source.buildinfo Files: 42474e180c3d2587d5123708df2bef6d 1465 devel optional indent_2.2.12-4+deb12u2.dsc 2cef5449256fb7ed6dc655b30f61a024 7900 devel optional indent_2.2.12-4+deb12u2.debian.tar.xz 5a5322fead612908b48d5917f0aa5d7e 5457 devel optional indent_2.2.12-4+deb12u2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAmTsfjkACgkQQc5/C58b izJvGQf9HoRWsbEGQ95nUbwYRppDDZd9/auH5AZ6tyh9kj9R4Q/CMLiErZ91FMpk sJ9HDASzep1fgPH46ejPXZGQiSD4wRxbIw3l8e0wTH5l3FF6Vc11r52aW5W321+D QcXe2AdeF+Oa3huZjZAZjPy9rp1iHwSmsWbrwi1Chf2zTeCdHiQiyRWfMb3KJPwj daVB0ejGEDGbLPHOXCl8FFeJz2sJgEeIDTUJOv06Pku8fxAdwkv+32qRowjEu+OA HaicOtGHMmmPLEbcxPjeOzf7LZiE6AYCk8ZisdyDW2HKSAJ5s/VZElkrnL3+Bsi1 rkSd7FK3odzvedOZ9QKSQ8l6VgvEtw== =7sw0 -----END PGP SIGNATURE-----
--- End Message ---
