Your message dated Sun, 22 Dec 2013 13:48:01 +0000 with message-id <e1vujnx-0000wj...@franck.debian.org> and subject line Bug#725938: fixed in libtar 1.2.11-6+deb6u1 has caused the Debian Bug report #725938, regarding libtar: CVE-2013-4397: Integer overflow to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 725938: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725938 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: libtar Severity: grave Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for libtar. CVE-2013-4397[0]: Integer overflow Upstream announcement is at [1] and the commit fixing this issue is at [2]. 1.2.20 upstream fixes this issues too. But see also [3]. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4397 http://security-tracker.debian.org/tracker/CVE-2013-4397 [1] https://lists.feep.net:8080/pipermail/libtar/2013-October/000361.html [2] http://repo.or.cz/w/libtar.git/commit/45448e8bae671c2f7e80b860ae0fc0cedf2bdc04 [3] http://www.openwall.com/lists/oss-security/2013/10/10/8 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libtar Source-Version: 1.2.11-6+deb6u1 We believe that the bug you reported is fixed in the latest version of libtar, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 725...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Magnus Holmgren <holmg...@debian.org> (supplier of updated libtar package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Thu, 10 Oct 2013 20:34:07 +0200 Source: libtar Binary: libtar-dev libtar Architecture: source amd64 Version: 1.2.11-6+deb6u1 Distribution: squeeze-security Urgency: high Maintainer: Julien Danjou <a...@debian.org> Changed-By: Magnus Holmgren <holmg...@debian.org> Description: libtar - C library for manipulating tar archives libtar-dev - C library for manipulating tar archives Closes: 725938 Changes: libtar (1.2.11-6+deb6u1) squeeze-security; urgency=high . * [SECURITY] Fix CVE-2013-4397: Integer overflow (Closes: #725938). Patch from http://repo.or.cz/w/libtar.git/commitdiff/45448e8bae671c2f7e80b860ae0fc0cedf2bdc04 Checksums-Sha1: b31c405579a1df512c69cd79ab332e0444eb539b 1008 libtar_1.2.11-6+deb6u1.dsc 9611f23024b0e89aad1cfea301122186b3c160f8 145354 libtar_1.2.11.orig.tar.gz 015d0685e856687ef920b33c6af009086f51402a 254719 libtar_1.2.11-6+deb6u1.diff.gz d8b29509924b135a968c779ae4f77268fe76b1e1 42444 libtar-dev_1.2.11-6+deb6u1_amd64.deb 45f824a041338ed60eac929c34a94d182fa7a1c7 21862 libtar_1.2.11-6+deb6u1_amd64.deb Checksums-Sha256: 8f5a3d0cb3897c433df412a0a134078f8b40cf7219207de8ac8665981724175d 1008 libtar_1.2.11-6+deb6u1.dsc 4a2eefb6b7088f41de57356e5059cbf1f917509b4a810f7c614625a378e87bb8 145354 libtar_1.2.11.orig.tar.gz f04b7a8080f986e9c0c5db340449cd3679bc64d1c83874edd1cb495cb5851c75 254719 libtar_1.2.11-6+deb6u1.diff.gz f3d11d07c861a2800a01c851c856b44a3bb0cbe9988aae922d94ae1aa36f8125 42444 libtar-dev_1.2.11-6+deb6u1_amd64.deb 4637ba2ed95e6e664688f0eb71e28026288e49d5013ad4ccaac20e20c6006057 21862 libtar_1.2.11-6+deb6u1_amd64.deb Files: e5eccc9018fac1b65b690bc5372a6e23 1008 libs optional libtar_1.2.11-6+deb6u1.dsc 604238e8734ce6e25347a58c4f1a1d7e 145354 libs optional libtar_1.2.11.orig.tar.gz 58a814af14a0f4166d9f86fec962af83 254719 libs optional libtar_1.2.11-6+deb6u1.diff.gz 7a420f60430d397759ad74ffdd4e9ac7 42444 libdevel optional libtar-dev_1.2.11-6+deb6u1_amd64.deb 8bdd8818de36751b519ff809fa5bc488 21862 libs optional libtar_1.2.11-6+deb6u1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlKq46IACgkQQWTRs4lLtHlpggCfeeHSC3pxe8Y+amiUW9o1DQK8 MYsAniIBd4tWDMpwoPyWOkvAF/45E2JO =iHcs -----END PGP SIGNATURE-----
--- End Message ---
