Your message dated Sat, 10 Aug 2013 15:48:02 +0000 with message-id <e1v8boc-0000lf...@franck.debian.org> and subject line Bug#701897: fixed in grep 2.6.3-3+squeeze1 has caused the Debian Bug report #701897, regarding CVE-2012-5667: buffer overflow with overly long input lines to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 701897: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701897 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: grep Severity: grave Version: 2.6.3-3 Tags: security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org Hi, the following vulnerability was published for grep. CVE-2012-5667[0]: | Multiple integer overflows in GNU Grep before 2.11 might allow | context-dependent attackers to execute arbitrary code via vectors | involving a long input line that triggers a heap-based buffer | overflow. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5667 http://security-tracker.debian.org/tracker/CVE-2012-5667 Please adjust the affected versions in the BTS as needed. Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
--- End Message ---
--- Begin Message ---Source: grep Source-Version: 2.6.3-3+squeeze1 We believe that the bug you reported is fixed in the latest version of grep, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 701...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Santiago Ruano Rincón <santi...@debian.org> (supplier of updated grep package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Thu, 25 Jul 2013 10:13:24 +0200 Source: grep Binary: grep Architecture: source amd64 Version: 2.6.3-3+squeeze1 Distribution: oldstable Urgency: low Maintainer: Anibal Monsalve Salazar <ani...@debian.org> Changed-By: Santiago Ruano Rincón <santi...@debian.org> Description: grep - GNU grep, egrep and fgrep Closes: 701897 Changes: grep (2.6.3-3+squeeze1) oldstable; urgency=low . * Fixes CVE-2012-5667. Patch by Jaroslav Škarvada https://bugzilla.redhat.com/show_bug.cgi?id=889935 Closes: #701897 Checksums-Sha1: 78c26f292fab9563324a81ea387175339bbe685b 1156 grep_2.6.3-3+squeeze1.dsc a9ccf839c9ba74bfef1a0808e740d596758a7c68 1021770 grep_2.6.3.orig.tar.bz2 25fc888ee3382a7c924f88ba2cdbc615a7b0cbdb 12974 grep_2.6.3-3+squeeze1.debian.tar.bz2 7ebde8d23c4efe40d6744ec9f79133c37b7d2150 313920 grep_2.6.3-3+squeeze1_amd64.deb Checksums-Sha256: a86b48334460e6e776b2c774bb06e84ba96cb3393c487b373a080664873fa436 1156 grep_2.6.3-3+squeeze1.dsc d319e79d5b1b3f9331da1db281949f7bc02e385abbf984764f2bb26783005c78 1021770 grep_2.6.3.orig.tar.bz2 709e7557347bcdcda99be8a7b44750c45f0a709381b9059a7e7bb532fb2050e1 12974 grep_2.6.3-3+squeeze1.debian.tar.bz2 e0bb207f1446f5b560540df30cee048fe623b5de164c5e035323cffb59de1736 313920 grep_2.6.3-3+squeeze1_amd64.deb Files: 74cf4df68e3ada26246376f7a172ac50 1156 utils required grep_2.6.3-3+squeeze1.dsc 85f5f78b2b3f55eea05364dd0f49e45a 1021770 utils required grep_2.6.3.orig.tar.bz2 43ec1e66e5af56ae7a65472f6dfa55b0 12974 utils required grep_2.6.3-3+squeeze1.debian.tar.bz2 7c8b301e28fc614cd99b04ea87ad0fee 313920 utils required grep_2.6.3-3+squeeze1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlHxfy0ACgkQQUuEI2/szeCyGACeLX+IZ32DdgCG/ntJLUJ1Oh8u Tx4AnjCjLjMVXal8UVHKMEasp/t3Is0E =Sbij -----END PGP SIGNATURE-----
--- End Message ---
