Your message dated Sat, 01 Feb 2014 19:17:40 +0000 with message-id <e1w9g4s-0005ah...@franck.debian.org> and subject line Bug#737076: fixed in libyaml 0.1.3-1+deb6u2 has caused the Debian Bug report #737076, regarding libyaml: CVE-2013-6393: heap-based buffer overflow when parsing YAML tags to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 737076: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737076 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libyaml Version: 0.1.3-1 Severity: grave Tags: security upstream Hi, the following vulnerability was published for libyaml. CVE-2013-6393[0]: heap-based buffer overflow when parsing YAML tags If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. See [2] in particular for the needed patch. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6393 http://security-tracker.debian.org/tracker/CVE-2013-6393 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1033990 [2] https://bugzilla.redhat.com/show_bug.cgi?id=1033990#c15 Note: packages for oldstable and stable are currently beeing prepared. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libyaml Source-Version: 0.1.3-1+deb6u2 We believe that the bug you reported is fixed in the latest version of libyaml, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 737...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated libyaml package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 30 Jan 2014 17:18:42 +0100 Source: libyaml Binary: libyaml-0-2 libyaml-dev Architecture: source amd64 Version: 0.1.3-1+deb6u2 Distribution: oldstable-security Urgency: high Maintainer: Anders Kaseorg <ande...@mit.edu> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: libyaml-0-2 - Fast YAML 1.1 parser and emitter library libyaml-dev - Fast YAML 1.1 parser and emitter library (development) Closes: 737076 Changes: libyaml (0.1.3-1+deb6u2) oldstable-security; urgency=high . * Non-maintainer upload by the Security Team. * Improved fix for CVE-2013-6393 (regression) CVE-2013-6393: heap-based buffer overflow when parsing YAML tags. (Closes: #737076) Checksums-Sha1: aa7d784d3eed5de5f9674337354af6d777305bef 1785 libyaml_0.1.3-1+deb6u2.dsc 1f6ab32a8f1f6f7c2e27b8c97b2f65f9efc8e38d 3325 libyaml_0.1.3-1+deb6u2.diff.gz a76e0a206fe3ccbab20629b90c5fc47f6db35576 55518 libyaml-0-2_0.1.3-1+deb6u2_amd64.deb b555fcb8b9805c70a508104bf6f9042f58b8d7b9 70268 libyaml-dev_0.1.3-1+deb6u2_amd64.deb Checksums-Sha256: b7f9cec27a288f36d71b0f1b9910dccdf120f5e781afde1009897feb11fe3bd5 1785 libyaml_0.1.3-1+deb6u2.dsc 842dee0cc50dc78e7d9de5d3cd192d88f74e40a6db2b9b37c7e12823bc9f4bab 3325 libyaml_0.1.3-1+deb6u2.diff.gz 9dad96fce1314fe8c6a695362f1d8ed156263f4c1c6cc0a77f6a31bc62f9799e 55518 libyaml-0-2_0.1.3-1+deb6u2_amd64.deb 5cfde542e5931a2d734e375e7f239b8161c99c710e7c9e86d19df751900df8e7 70268 libyaml-dev_0.1.3-1+deb6u2_amd64.deb Files: bd76b94af73d62176d619deb9e412352 1785 libs optional libyaml_0.1.3-1+deb6u2.dsc 9b81029d399bd05db098b1bca2c61ec8 3325 libs optional libyaml_0.1.3-1+deb6u2.diff.gz e7fcfac411b6429127c229efd7c886c3 55518 libs optional libyaml-0-2_0.1.3-1+deb6u2_amd64.deb 36c8acc80c7006ac5469c4ed9b95f199 70268 libdevel optional libyaml-dev_0.1.3-1+deb6u2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJS6nxqAAoJEAVMuPMTQ89EZ9oP/2+L9NArwGp4CgTJhNCGF6mw /gXodBM4fbuU2SV3Jj/O5/TGNJF6giDvU00btQSm00NYWOF2sZ+y/6NkC/0f8Zqk fIp+ATdxauINswfjkvCE8579hjgCwGaCG83F+D2AEXGyG3KRpQpdEAwX4JkQtyKj TmXollzLlALwCnaPDFf9eIgV96dRLCvtNTbRugfovS0mkXg1Z0AQWVyDMI3YGJqr B5Xo2ADt8uo5p1+rhRlH7fVf0teFtLjM585RA6VErFZa6KopBteLSEpfWqtMfapi hpaQZ1nin2asUIhZK3xXAk6annethHypiHLssq1Mf8mg+C9gRmk/iJMaWMoXcGRf FVYk0E7nGLGfOq8V422JzXKcjOkpqfELA4CXJYDMfb7Byh3hIizUIMsWlO7BWa6l fH/LGmnrFNf7gYg5G3eUOnokMXB4vFLXzkWyq6YBvKQ7YR4TYSgWL/lkw67K0cEf OXHDH7FX7rbZKoA8F7dUEYFbFUSxgiZJ9LVOQKvTMqwVZE6Ww0fv3oqZJwtHlcp6 o/nqA4GK1z3mdleGrsd8CFhN7+HOquozivVEKDtmx8mrm3I77Ms7zjfC9/OlTkHN j4wCX91Ec/jZ9tIXscouhbQDSHqhWGtzh44YULJA3U52SXBanh++IqsNoWdmKQa1 VXypl9pl+q0QIih8XJED =ve7W -----END PGP SIGNATURE-----
--- End Message ---
