Your message dated Sat, 7 Jun 2025 20:45:47 +0200
with message-id <aesi29wctrk82...@eldamar.lan>
and subject line Re: Accepted nbdkit 1.42.3-1 (source) into unstable
has caused the Debian Bug report #1105227,
regarding nbdkit: CVE-2025-47711
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1105227: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105227
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: nbdkit
Version: 1.42.2-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: found -1 1.32.5-1
Hi,
The following vulnerability was published for nbdkit.
CVE-2025-47711[0]:
| off-by-one error when processing block status may lead to a Denial
| of Service
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-47711
https://www.cve.org/CVERecord?id=CVE-2025-47711
[1] https://bugzilla.redhat.com/show_bug.cgi?id=2365687
[2]
https://gitlab.com/nbdkit/nbdkit/-/commit/c3c1950867ea8d9c2108ff066ed9e78dde3cfc3f
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: nbdkit
Source-Version: 1.42.3-1
On Sun, May 25, 2025 at 03:34:21PM +0000, Debian FTP Masters wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Format: 1.8
> Date: Sun, 25 May 2025 14:48:44 +0200
> Source: nbdkit
> Architecture: source
> Version: 1.42.3-1
> Distribution: unstable
> Urgency: medium
> Maintainer: Hilko Bengen <ben...@debian.org>
> Changed-By: Hilko Bengen <ben...@debian.org>
> Changes:
> nbdkit (1.42.3-1) unstable; urgency=medium
> .
> * New upstream version 1.42.3
> Checksums-Sha1:
> 8b46954266c664695dc81b3516cd79565be0253c 3628 nbdkit_1.42.3-1.dsc
> 99988c8171f9844b3d139926fce454539d137bf5 2601793 nbdkit_1.42.3.orig.tar.gz
> 5a6cdef8356e4306248d2b206dda69c40213ac06 13120 nbdkit_1.42.3-1.debian.tar.xz
> 349d5b2095b0fc737b1f99817502cf1bbf71a8c3 17400
> nbdkit_1.42.3-1_source.buildinfo
> Checksums-Sha256:
> 761beaa628bcc445d8b91263576a53787e2584bcc650c66ec26cbc255e3388b9 3628
> nbdkit_1.42.3-1.dsc
> cc6e451f7f6e33243ade6a5451465734bbd90142b84630bde0e0747f5656c2eb 2601793
> nbdkit_1.42.3.orig.tar.gz
> 02eecbb15ba1165b47c7bc8e5589096b623d0fa21d2e02ce6121f545b0ba7be4 13120
> nbdkit_1.42.3-1.debian.tar.xz
> f6c0fb8d438765bc4ef29beccfea09db691fb80998439b23b87c46b8db4b2e9f 17400
> nbdkit_1.42.3-1_source.buildinfo
> Files:
> 38a81f655f28e810aa2d3bdbfb042888 3628 admin optional nbdkit_1.42.3-1.dsc
> de5c857b8121c5b028e0837ef724f021 2601793 admin optional
> nbdkit_1.42.3.orig.tar.gz
> 970458dd24a2b121d38ae8b3be6e1801 13120 admin optional
> nbdkit_1.42.3-1.debian.tar.xz
> 520cc11a094e08fdc1a1d0dab3155b0d 17400 admin optional
> nbdkit_1.42.3-1_source.buildinfo
>
> -----BEGIN PGP SIGNATURE-----
>
> iQIzBAEBCAAdFiEErnMQVUQqHZbPTUx4dbcQY1whOn4FAmgzNJIACgkQdbcQY1wh
> On6xbQ/+MujdnXFF2PZng91WqJGdLG3CuiMvPi8jTrfQf9gLvyHbkv4793Og0FNK
> MYPD4HAWgAi0YrSJpTeuJBFl2uPVMb5btTqYMuKtUEqNSeYf0tkGyhHyD1638/xV
> 2pc2uzkKo6U5Z94xpsFngf9hqNQi373TtPTn4xisj7z1TCH9CKTSEccPInOowXO1
> JowF26XX5AQcYtA2b7BQJglZedAVogRx6vqGe2kdYecYHZCC5p++pLLgPjsbf2cM
> 7NmsNEQtRoHyobd/YZ+XkfDkijGTc7ewtOppqBeIKFPfGXxa4HcYFpLCR5bIrBXE
> u1nWtgALDlFrGeluFtLpa+34W9EcnqYH3njAi813mzQ+kz8mJKBMrgC8roVV1Q+j
> p0dY52CyGn8Rn6sWaORBUT3jsXo9s7qW7yBoUd9ybdCTw5PV73EHZABnJKh0Ktpk
> OWHEmkaq/lD1XOzM64CeshoIaxPDVlXTemLjJB4KeVXg97QbuNnoi/H8oJg6awGu
> eESPiEfZ2b50qIclmfcOpIl28VJ2UPW/GXEKsmZbGE3ILitjZjh/CeRkoTtIxmiH
> evL7+iCazevMyjU91zt1vBR2Fd72Qfe5ve2AHCVSZJl0LAsgYErkiroTux9fF9+r
> E7OBMz0UpCQmVE8pnlu1w3TQLh18CCYaYKbWSMWHPpxXt0wFlLQ=
> =3qOW
> -----END PGP SIGNATURE-----
--- End Message ---
