Your message dated Sun, 11 May 2025 09:47:08 +0000 with message-id <e1ue3h2-00h3iu...@fasolo.debian.org> and subject line Bug#1098903: fixed in abseil 20220623.1-1+deb12u1 has caused the Debian Bug report #1098903, regarding abseil: CVE-2025-0838 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1098903: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098903 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: abseil Version: 20230802.1-4 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 20220623.1-1 Hi, The following vulnerability was published for abseil. CVE-2025-0838[0]: | There exists a heap buffer overflow vulnerable in Abseil-cpp. The | sized constructors, reserve(), and rehash() methods of | absl::{flat,node}hash{set,map} did not impose an upper bound on | their size argument. As a result, it was possible for a caller to | pass a very large size that would cause an integer overflow when | computing the size of the container's backing store, and a | subsequent out-of-bounds memory write. Subsequent accesses to the | container might also access out-of-bounds memory. We recommend | upgrading past commit 5a0e2cb5e3958dd90bb8569a2766622cb74d90c1 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-0838 https://www.cve.org/CVERecord?id=CVE-2025-0838 [1] https://github.com/abseil/abseil-cpp/commit/5a0e2cb5e3958dd90bb8569a2766622cb74d90c1 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: abseil Source-Version: 20220623.1-1+deb12u1 Done: Tobias Frost <t...@debian.org> We believe that the bug you reported is fixed in the latest version of abseil, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1098...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Tobias Frost <t...@debian.org> (supplier of updated abseil package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 05 Apr 2025 16:09:38 +0200 Source: abseil Architecture: source Version: 20220623.1-1+deb12u1 Distribution: bookworm Urgency: medium Maintainer: Benjamin Barenblat <bba...@debian.org> Changed-By: Tobias Frost <t...@debian.org> Closes: 1098903 Changes: abseil (20220623.1-1+deb12u1) bookworm; urgency=medium . * Non maintainer upload by the LTS Team. * Backport fix for CVE-2025-0838 - Heap buffer overflow vulnerablity (Closes: #1098903) Checksums-Sha1: 2f47fe967abc80e7d365c677743231cc8c8d2171 2508 abseil_20220623.1-1+deb12u1.dsc 60f52f4d90cebd82fc77dae1119590ef96e01ed5 1957272 abseil_20220623.1.orig.tar.gz 5b0e94f260660499bbcfc055812e16f14e0414a3 9752 abseil_20220623.1-1+deb12u1.debian.tar.xz fc911f30f31848d67d10d977e62d898af23f6f5c 7504 abseil_20220623.1-1+deb12u1_amd64.buildinfo Checksums-Sha256: e0bedeb52cc2a05f9db2d148b887c92c473a06d1a435e6eab4ef8db6acdc148d 2508 abseil_20220623.1-1+deb12u1.dsc abfe2897f3a30edaa74bc34365afe3c2a3cd012091a97dc7e008f7016adcd5fe 1957272 abseil_20220623.1.orig.tar.gz b2cb45ad3dea30d414769f420a6f5728db0a8d7e7a150d0e349f4bc1590b659b 9752 abseil_20220623.1-1+deb12u1.debian.tar.xz 81aed670fcfdeda1173ab258e70301278199ad78c3abda9e74308f1c99352622 7504 abseil_20220623.1-1+deb12u1_amd64.buildinfo Files: 31a9b1aaddbdbea01284164f7b1b9862 2508 libs optional abseil_20220623.1-1+deb12u1.dsc 3c40838276f6e5f67acf9a3e5a5e0bd1 1957272 libs optional abseil_20220623.1.orig.tar.gz a6d007b68e179c639fc9b257d23fdcad 9752 libs optional abseil_20220623.1-1+deb12u1.debian.tar.xz 92e0dc1551e55c7e686943f0c344f569 7504 libs optional abseil_20220623.1-1+deb12u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAmggTJcACgkQkWT6HRe9 XTaqgQ/+NuaCYzaiMBDPhZegzhjXnMWssvkkFiPbtQuxjmAHe2WDkTZyQRPcxhrJ CtmeaPrv71ruqldlgc0f6c+ruO8pQoaTeGdu3Zu0mCl+fuRtXLxocMNRGsjoSnbc y0lHF3quRt/ZiCuMCV/DpXOKdaOJfNFaGE7IdbJgPy6KilJ4NmJiZiwT7+llR4mW EZ3oCuC2dDm01g8zb9U6Ea6bOpe1edcot+HpdzD3a+CnEhW07g9GOKsQIhdalRhE QHUNOYn33Dzj1uOnWO6JhNsBiRbVSYmJnRFuku+VF0x6ZnKlrhZ6kzqW4t8ezc53 MI5hsg5uKe/QcVAntnod5ER1+0/0NBU3jBttSGN2Lpj56ivTDfGc50czTbi8PRHN i++e7jH2lT/r0dV4uV54DoxyoQuhW7bGlQk6zu/n+11wPht/dUO//hEvhjUSiklh LrCWXtAdrCAB5XkCgK2MXqci5bmk3D3nXezQ4Wy50qLPcSO4+ZvwZ9QsuyyPP/XQ nXKhhOv41agIeRfTSxhYcMTuuQg2c0hMhN4OSlozfeAQ99kFztEYEKLaMxZ9/BtV QEeEx50McrUAEYF5tcOLZwpUIJYiIdef0+X49mNXXq1VyEdepkW+sTYX94Q2q/Th MKWa65jydyzjs3mqA1Lz0PL1KXAEbLiDDtcXoCPS3BarlxHC3ts= =VE4r -----END PGP SIGNATURE-----
pgpoCP71L73dc.pgp
Description: PGP signature
--- End Message ---
