Your message dated Tue, 29 Apr 2025 10:19:56 +0000
with message-id <e1u9i4c-007jym...@fasolo.debian.org>
and subject line Bug#1100992: fixed in libmatio 1.5.28-2
has caused the Debian Bug report #1100992,
regarding libmatio: CVE-2025-2337
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1100992: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100992
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libmatio
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for libmatio.
CVE-2025-2337[0]:
| A vulnerability, which was classified as critical, has been found in
| tbeu matio 1.5.28. This issue affects the function Mat_VarPrint of
| the file src/mat.c. The manipulation leads to heap-based buffer
| overflow. The attack may be initiated remotely. The exploit has been
| disclosed to the public and may be used.
https://github.com/tbeu/matio/issues/267
CVE-2025-2338[1]:
| A vulnerability, which was classified as critical, was found in tbeu
| matio 1.5.28. Affected is the function strdup_vprintf of the file
| src/io.c. The manipulation leads to heap-based buffer overflow. It
| is possible to launch the attack remotely. The exploit has been
| disclosed to the public and may be used.
https://github.com/tbeu/matio/issues/269
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-2337
https://www.cve.org/CVERecord?id=CVE-2025-2337
[1] https://security-tracker.debian.org/tracker/CVE-2025-2338
https://www.cve.org/CVERecord?id=CVE-2025-2338
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: libmatio
Source-Version: 1.5.28-2
Done: Sébastien Villemot <sebast...@debian.org>
We believe that the bug you reported is fixed in the latest version of
libmatio, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1100...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sébastien Villemot <sebast...@debian.org> (supplier of updated libmatio package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 29 Apr 2025 11:48:59 +0200
Source: libmatio
Architecture: source
Version: 1.5.28-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Science Team
<debian-science-maintain...@lists.alioth.debian.org>
Changed-By: Sébastien Villemot <sebast...@debian.org>
Closes: 1100992
Changes:
libmatio (1.5.28-2) unstable; urgency=medium
.
* array-index-out-of-bounds-with-bad-utf-8.patch: new patch from upstream.
Fixes CVE-2025-2337. (Closes: #1100992)
* Bump S-V to 4.7.2
Checksums-Sha1:
ec875f6cca6c5e78c960ebe7643c130d82e56f0d 2182 libmatio_1.5.28-2.dsc
f364a67ed6a9b37c793dada459190aebd5937d60 9072 libmatio_1.5.28-2.debian.tar.xz
ca29789ddf9179d126ffab1b4133b058da43400e 11436
libmatio_1.5.28-2_amd64.buildinfo
Checksums-Sha256:
80b6c8b85665f3b8326c44324437ed943d88dad3b1322104f62f33dadbe6fdd3 2182
libmatio_1.5.28-2.dsc
a1c5bd5e216ad45504af098e9ccc111c535f22175c4e6e52bb9f8459f2842099 9072
libmatio_1.5.28-2.debian.tar.xz
42d9c75484e12728de3c18588a197a7d219bce95ac32ed88f3faac0330628265 11436
libmatio_1.5.28-2_amd64.buildinfo
Files:
45f35083329b684f8f24817a34005242 2182 libs optional libmatio_1.5.28-2.dsc
4edf32f656ee8b7c393f610fa2f21f6d 9072 libs optional
libmatio_1.5.28-2.debian.tar.xz
085ec9e31388223ff80235721402dce9 11436 libs optional
libmatio_1.5.28-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEU5UdlScuDFuCvoxKLOzpNQ7OvkoFAmgQoWwACgkQLOzpNQ7O
vkrugg/+PDOH/o68grRMGVF5JcoyD3WaNs1rPRydxYz3HvpxtrqhlUBCYyVgPULk
N1eyN9BBiU9HW3BJ3Fbl/8sZWhIxNprd5PxjH8vuenE3MojOAnTN5S3247GRASxW
rskdO5y77BaOZBOxHBBPvZ1aZSgvcsYijcc/T97pqzVXmDp8kTijOMHyoiNZl1hP
OQkVF6Iv7Ve1lKGD2ezjjA8tRyDRXh5FoWY7U3GDrVqOzi+DlLqrEj/hnIakoFI3
oJD312tJtfALFsN76BlyWTiqTlCChk/sI0iATay872PtdZTJrjskjIkefdqUD4f1
v/cL+LlIZWUMyEL0TGEzdaH5zBNqdrh2orTldYDuq8koqafplD9dSHYwQCCu4h0r
IoefjnVMYMuPjw81tZSVgD82+2n9uQiwjfnPnyAZkzdDT57XRXFOz+kUUu1iBR9L
I/RrPpA86fQGD24myrAX40dUTIA4YVfJG67EfFCOzZMoWydh8NP20TMEIq/x9pYI
Nc5RzDQcQ/GdxtfR4Sg+HgYyJ5633XkDYMdByUSjo7LIyvcf4Os6TKE729zlXNP8
aadomxHIgnxhIX8btU9BvBEOwPtPpDJTe1ZIZrUnP+shAicvlg0m2BsfAnmHV+ft
D7pCMez4phA0ZgZZjDYng2mnzK1k2Q3+ZDHfUoakgQahXD3AXPo=
=MSTO
-----END PGP SIGNATURE-----
pgp3axjESfjdv.pgp
Description: PGP signature
--- End Message ---
