Your message dated Thu, 30 Jan 2014 05:48:24 +0000 with message-id <e1w8kuc-0003w7...@franck.debian.org> and subject line Bug#737076: fixed in libyaml 0.1.4-3 has caused the Debian Bug report #737076, regarding libyaml: CVE-2013-6393: heap-based buffer overflow when parsing YAML tags to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 737076: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737076 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libyaml Version: 0.1.3-1 Severity: grave Tags: security upstream Hi, the following vulnerability was published for libyaml. CVE-2013-6393[0]: heap-based buffer overflow when parsing YAML tags If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. See [2] in particular for the needed patch. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6393 http://security-tracker.debian.org/tracker/CVE-2013-6393 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1033990 [2] https://bugzilla.redhat.com/show_bug.cgi?id=1033990#c15 Note: packages for oldstable and stable are currently beeing prepared. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libyaml Source-Version: 0.1.4-3 We believe that the bug you reported is fixed in the latest version of libyaml, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 737...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Anders Kaseorg <ande...@mit.edu> (supplier of updated libyaml package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 29 Jan 2014 20:11:48 -0500 Source: libyaml Binary: libyaml-0-2 libyaml-0-2-dbg libyaml-dev Architecture: source amd64 Version: 0.1.4-3 Distribution: unstable Urgency: high Maintainer: Anders Kaseorg <ande...@mit.edu> Changed-By: Anders Kaseorg <ande...@mit.edu> Description: libyaml-0-2 - Fast YAML 1.1 parser and emitter library libyaml-0-2-dbg - Fast YAML 1.1 parser and emitter library (debugging symbols) libyaml-dev - Fast YAML 1.1 parser and emitter library (development) Closes: 737076 Changes: libyaml (0.1.4-3) unstable; urgency=high . * Fix CVE-2013-6393: heap-based buffer overflow when parsing YAML tags. (Closes: #737076) Checksums-Sha1: 20904c0a98af7c79a48c05dbe06be46002222b9c 1916 libyaml_0.1.4-3.dsc 20ac94d428d3e44d0ea66f188c4f21fda1892806 5188 libyaml_0.1.4-3.debian.tar.xz 77f5b1591d9b63435638beb4984f49fbd15f2841 47164 libyaml-0-2_0.1.4-3_amd64.deb 0061147b864400d8de31dbf3ec8415cfd25f7192 96266 libyaml-0-2-dbg_0.1.4-3_amd64.deb c56042f77ab8cf48919b952c07b4f986950c5f8e 56850 libyaml-dev_0.1.4-3_amd64.deb Checksums-Sha256: a097bcc0d544d88610d639bfff532d89b6909d56335e3fe1c09a260b14fc8df9 1916 libyaml_0.1.4-3.dsc a4db0e3780e4fcb71d64104cedf799bf80143484e6eaf9c4ca9f3c82f55994d3 5188 libyaml_0.1.4-3.debian.tar.xz 414a529e34c15d44200f903404e592e59ae34bc29123a4c989b5be0c01838a24 47164 libyaml-0-2_0.1.4-3_amd64.deb f7fba45ef9398d85148de53cf2e4f90aa1d31bbfd6374b98fadcfd8bfbbbd02d 96266 libyaml-0-2-dbg_0.1.4-3_amd64.deb a0d0297a6078cb6c476604349354dc02c0fbfe16e9a2391dcf0518e67455cd6b 56850 libyaml-dev_0.1.4-3_amd64.deb Files: 241725537267cc5de33fc1f5160abf61 1916 libs optional libyaml_0.1.4-3.dsc 7b4c3ac78951bfba54a91704e53af40b 5188 libs optional libyaml_0.1.4-3.debian.tar.xz 639106fc0593bb4ed5e91983287cd1be 47164 libs optional libyaml-0-2_0.1.4-3_amd64.deb efab0dc63d30b1e0388d6769e9a241dd 96266 debug extra libyaml-0-2-dbg_0.1.4-3_amd64.deb b5e7bb723fff5b13040e2d477a613d19 56850 libdevel optional libyaml-dev_0.1.4-3_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJS6eXHAAoJEAVMuPMTQ89ERW8P/38cHVjOT7lxtXgzkWIcRRtL +Eb8kniE0mCS8zA38Qkvu1NHPgZUQckfEvWgbc/d9ORNyjaHaESs1oEv5KulWrZ3 D24ka3OkvnN2eV2birBlmFqI1fXFfQD2byt41ZQSglNFl5Hex5VwEfX11f8T3+P3 lUH38D/3fTxULHWWRXKkeKVbhicNn3z52gqICuO43bDhyjWRsNbCsYnCTYQT9WOJ xiJaXYVJUpCilbcZ2GTZf49R8SPPxxHDnI/E/pFKvw2U3c/x9+oyr2XjN9qeiYz7 jcUQcwrGSkQSF1eVlQVMtYTc2LEfFiofWlPX/0Kzyn5IcO0spftOce+PX9bgawmj ziymA307/7U0mJ/GBiRxUupkmOcnZVTs4UQ9Bo8aXoUSwAggSvfHsDCsJhVb5Kk1 rycsR7u0wlTWHVfnOjYhRuiGyAffoJRuR1rBssIdyD6ClBll4ApEN61uKql4jq0J x/q2HUUzLIGjdfQ/cynRkrbQ4fXS0PFHdPgHVBNPEvh0v8htIjVR+7WouZn6t5W/ 9Z1fkD3rlok51crbQCMg8GilxGHSweGLWd4jcQYg2smv0DuZlars99GhPNCbXOhT MK1plHS2f6TLfy6tUm8Wpo4eIzIts4P1GYycF+FIoMLFeiHcvFq3q2eIqOHd0R3y JHXdwh5yJLfa7Uq/kNSK =uTmN -----END PGP SIGNATURE-----
--- End Message ---
