Your message dated Wed, 27 Nov 2024 20:27:54 +0100
with message-id
<4ca4zhudqewwzagkgx5qxsrc5iuvfxqtak77ykaflzl4rjq...@tarta.nabijaczleweli.xyz>
and subject line Close: Bug#1084524: lifelines: Lifeline contains a code
associated with CVE.
has caused the Debian Bug report #1084524,
regarding lifelines: Lifeline contains a code associated with CVE.
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1084524: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084524
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: lifelines
Version: 3.0.61 (latest)
Severity: important
X-Debbugs-Cc: mariamarutun...@gmail.com
Dear Maintainer,
A vulnerability identified as CVE-2018-21027 was discovered and fixed in Boa
project with the following commit:
https://github.com/gpg/boa/pull/1/commits/e139b87835994d007fbd64eead6c1455d7b8cf4e.
Which amended the "scandir" function located in extras/scandir.c file.
Lifeline project contains an identical "scandir" function in the
src/arch/scandir.c file, which has not been fixed.
Is is not fixed in version 3.0.62 either.
-- System Information:
Debian Release: trixie/sid
APT prefers noble-updates
APT policy: (500, 'noble-updates'), (500, 'noble-security'), (500, 'noble'),
(500, 'bionic'), (100, 'noble-backports')
Architecture: amd64 (x86_64)
Kernel: Linux 6.8.0-45-generic (SMP w/20 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages lifelines depends on:
ii libc6 2.39-0ubuntu8.3
ii libncursesw5 6.1-1ubuntu1
ii libncursesw6 6.4+20240113-1ubuntu2
ii libtinfo5 6.1-1ubuntu1
ii libtinfo6 6.4+20240113-1ubuntu2
lifelines recommends no packages.
lifelines suggests no packages.
--- End Message ---
--- Begin Message ---
forwarded 1084524 https://github.com/lifelines/lifelines/pull/484
thanks
Contains? sure, but this code is never built on Debian,
so this bug has never affected lifelines in Debian.
I forwarded this upstream on your behalf.
signature.asc
Description: PGP signature
--- End Message ---
