Your message dated Mon, 21 May 2012 12:49:45 +0000
with message-id <e1sws3v-0003md...@franck.debian.org>
and subject line Bug#664990: fixed in libzip 0.10.1-1
has caused the Debian Bug report #664990,
regarding libzip1: CVE-2012-1162/CVE-2012-1163 PRE-SA-2012-02 Incorrect loop
construct and numeric overflow in libzip
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
664990: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664990
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libzip1
Version: 0.9.3-1
Severity: important
http://seclists.org/fulldisclosure/2012/Mar/312
http://www.pre-cert.de/advisories/PRE-SA-2012-02.txt
-- System Information:
Debian Release: 6.0.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libzip1 depends on:
ii libc6 2.11.3-3 Embedded GNU C Library: Shared lib
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
libzip1 recommends no packages.
libzip1 suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: libzip
Source-Version: 0.10.1-1
We believe that the bug you reported is fixed in the latest version of
libzip, which is due to be installed in the Debian FTP archive:
libzip-dev_0.10.1-1_amd64.deb
to main/libz/libzip/libzip-dev_0.10.1-1_amd64.deb
libzip2_0.10.1-1_amd64.deb
to main/libz/libzip/libzip2_0.10.1-1_amd64.deb
libzip_0.10.1-1.debian.tar.gz
to main/libz/libzip/libzip_0.10.1-1.debian.tar.gz
libzip_0.10.1-1.dsc
to main/libz/libzip/libzip_0.10.1-1.dsc
libzip_0.10.1.orig.tar.bz2
to main/libz/libzip/libzip_0.10.1.orig.tar.bz2
zipcmp_0.10.1-1_amd64.deb
to main/libz/libzip/zipcmp_0.10.1-1_amd64.deb
zipmerge_0.10.1-1_amd64.deb
to main/libz/libzip/zipmerge_0.10.1-1_amd64.deb
ziptorrent_0.10.1-1_amd64.deb
to main/libz/libzip/ziptorrent_0.10.1-1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 664...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Fathi Boudra <f...@debian.org> (supplier of updated libzip package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 21 May 2012 15:16:11 +0300
Source: libzip
Binary: libzip-dev libzip2 zipcmp zipmerge ziptorrent
Architecture: source amd64
Version: 0.10.1-1
Distribution: unstable
Urgency: low
Maintainer: Fathi Boudra <f...@debian.org>
Changed-By: Fathi Boudra <f...@debian.org>
Description:
libzip-dev - library for reading, creating, and modifying zip archives (develo
libzip2 - library for reading, creating, and modifying zip archives (runtim
zipcmp - compare contents of zip archives
zipmerge - merge zip archives
ziptorrent - torrentzip zip archives
Closes: 664990 665957
Changes:
libzip (0.10.1-1) unstable; urgency=low
.
* New upstream release: fix CVE-2012-1162 and CVE-2012-1163
Incorrect loop construct and numeric overflow. (Closes: #664990, #665957)
Checksums-Sha1:
bbace436b4506a70318a625c03a225e2d2b31361 1354 libzip_0.10.1-1.dsc
04be811a1919e1063a1f5210671181b7b5416d45 610860 libzip_0.10.1.orig.tar.bz2
0356b33157140aae4f7fc1d0fccbd50b3efff401 4558 libzip_0.10.1-1.debian.tar.gz
5b1457cb18a81ea1619c4a8182513c586b45035a 111716 libzip-dev_0.10.1-1_amd64.deb
dc322604e731da342b076dae23def35d5561aa5e 28802 libzip2_0.10.1-1_amd64.deb
a17ce022a7bc001f53fa48718c21bcb08856595e 9192 zipcmp_0.10.1-1_amd64.deb
8bd7199e3b0e07ba21913bd4dba34562fb031bd0 8928 zipmerge_0.10.1-1_amd64.deb
212eaa944f1e5c5281f84c955f07e5d2f8118507 7832 ziptorrent_0.10.1-1_amd64.deb
Checksums-Sha256:
93fde0b7653cd2ffe66a497219c087e73d706b7b551c902ee94482c5670a0337 1354
libzip_0.10.1-1.dsc
5b1eaf60968cb22df49d73bcaa759961fb27451917ac76b275374c2ed260ce92 610860
libzip_0.10.1.orig.tar.bz2
5cb7cdd93888be383dcbc4459b3ed46832464375b2fcf79538689335732f3b50 4558
libzip_0.10.1-1.debian.tar.gz
a759f51c798f84537a7f55c135a27e2b4acc01e60efa0f427bf2a643357abb45 111716
libzip-dev_0.10.1-1_amd64.deb
86bfe6a3fe17e5b87274f883ae70748518d0ffc8cbbb939d4faf7893310d2578 28802
libzip2_0.10.1-1_amd64.deb
c62d862920f14bf412f02c2f4c88f3294c3e756acb114b5487aaadf3f8ae0ede 9192
zipcmp_0.10.1-1_amd64.deb
5fe066ddc5e138472f398f3b09a3cbb6afdefa27e905e744151c51e0763b2c53 8928
zipmerge_0.10.1-1_amd64.deb
ef778f24cc94e89e23891439a082753f953215e3a86bc7b5862c62bff1064250 7832
ziptorrent_0.10.1-1_amd64.deb
Files:
b71ca996ac92dc4f4e661a470cf39cbf 1354 libs optional libzip_0.10.1-1.dsc
d3e933ae049204badccf605f20aaecde 610860 libs optional
libzip_0.10.1.orig.tar.bz2
74e395ee621844c3d1f90bfda57ba62a 4558 libs optional
libzip_0.10.1-1.debian.tar.gz
e245d73c769d7829edc4b00e0594ac7a 111716 libdevel optional
libzip-dev_0.10.1-1_amd64.deb
5ec825e1eb41c52ace7992b822f5c23d 28802 libs optional libzip2_0.10.1-1_amd64.deb
81aee515a47aff4da560009417b6a85f 9192 utils optional zipcmp_0.10.1-1_amd64.deb
10fd26d026511f032bdf55cb5a094b8c 8928 utils optional
zipmerge_0.10.1-1_amd64.deb
0960edbb96887c96d71c8a34540037ff 7832 utils optional
ziptorrent_0.10.1-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iJwEAQECAAYFAk+6NeMACgkQjPU19mqlcveJIgP+LnmvhRwFEvWFBht1F4bktW19
ma75uRl6XoSFI9+qkzfiaP740JwasfAVh6ArSS2Se3PCiKSzhChZCMeyLxaSPGo/
QE+bLViPpgHp3j+RohOdRKQpyzGocdt97hVyeKOQOyl0iR4IggDjMYy+OAInT83V
HHBampDnRMKjqlh7pKo=
=3IeE
-----END PGP SIGNATURE-----
--- End Message ---
