Your message dated Sat, 01 Feb 2014 19:32:10 +0000 with message-id <e1w9giu-0008jw...@franck.debian.org> and subject line Bug#737076: fixed in libyaml 0.1.4-2+deb7u2 has caused the Debian Bug report #737076, regarding libyaml: CVE-2013-6393: heap-based buffer overflow when parsing YAML tags to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 737076: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737076 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libyaml Version: 0.1.3-1 Severity: grave Tags: security upstream Hi, the following vulnerability was published for libyaml. CVE-2013-6393[0]: heap-based buffer overflow when parsing YAML tags If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. See [2] in particular for the needed patch. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6393 http://security-tracker.debian.org/tracker/CVE-2013-6393 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1033990 [2] https://bugzilla.redhat.com/show_bug.cgi?id=1033990#c15 Note: packages for oldstable and stable are currently beeing prepared. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libyaml Source-Version: 0.1.4-2+deb7u2 We believe that the bug you reported is fixed in the latest version of libyaml, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 737...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated libyaml package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 30 Jan 2014 04:07:40 -0500 Source: libyaml Binary: libyaml-0-2 libyaml-0-2-dbg libyaml-dev Architecture: source amd64 Version: 0.1.4-2+deb7u2 Distribution: stable-security Urgency: high Maintainer: Anders Kaseorg <ande...@mit.edu> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: libyaml-0-2 - Fast YAML 1.1 parser and emitter library libyaml-0-2-dbg - Fast YAML 1.1 parser and emitter library (debugging symbols) libyaml-dev - Fast YAML 1.1 parser and emitter library (development) Closes: 737076 Changes: libyaml (0.1.4-2+deb7u2) stable-security; urgency=high . * Improved fix for CVE-2013-6393: heap-based buffer overflow when parsing YAML tags. (Closes: #737076) Checksums-Sha1: fa6e5d53a0e56c86eaba4743ff2a16e0989acad2 1961 libyaml_0.1.4-2+deb7u2.dsc 0df185ae53362c40aa384867b84132b20e38535f 5552 libyaml_0.1.4-2+deb7u2.debian.tar.gz 862cdbb6ec92f039f2529a941629f308140708e7 57998 libyaml-0-2_0.1.4-2+deb7u2_amd64.deb 3d56e963b638c2254460d1fa37e202bfee2c8ba0 106578 libyaml-0-2-dbg_0.1.4-2+deb7u2_amd64.deb c3c114bac756ec605073d25af84895b70653e4fc 71926 libyaml-dev_0.1.4-2+deb7u2_amd64.deb Checksums-Sha256: 78d980fa74dce07aba1afeb52085d1d7a87a00e094e875dd5b945fcb477d4e2b 1961 libyaml_0.1.4-2+deb7u2.dsc d479e11291347596b3925be7509cfe147a7312e08832199017cf42e66c9c8cfb 5552 libyaml_0.1.4-2+deb7u2.debian.tar.gz 7dad64db1a8f264530230f6399acde8fcb965cb9be6d32ee791fa330e610ce1a 57998 libyaml-0-2_0.1.4-2+deb7u2_amd64.deb f79116b16333d4e2ddc4c2e9c84b44afdf15d42cefc0c9aba4844c688082cd57 106578 libyaml-0-2-dbg_0.1.4-2+deb7u2_amd64.deb 351f5600b9ef55ad04ed4ed669b3514df1840ffc34206a21faebb51037e87703 71926 libyaml-dev_0.1.4-2+deb7u2_amd64.deb Files: 8be7e569186718fc450fd87389e89961 1961 libs optional libyaml_0.1.4-2+deb7u2.dsc 91923af1d3db7ffdec5e702f0a01c87f 5552 libs optional libyaml_0.1.4-2+deb7u2.debian.tar.gz c48c9cd978ba3d7e50b30a0e029d77fe 57998 libs optional libyaml-0-2_0.1.4-2+deb7u2_amd64.deb 2b98df8a1f3c62030f8dad1825c1967d 106578 debug extra libyaml-0-2-dbg_0.1.4-2+deb7u2_amd64.deb 7e786e331f956aceab8aa47ccf74d1bd 71926 libdevel optional libyaml-dev_0.1.4-2+deb7u2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJS6neRAAoJEAVMuPMTQ89EGWkP/0SOHQSTxUtdbUW3fqUzxBYx qBmLcbT7dTWFeTnHTgkARSYurQU0vi0SqA+8YIvRreOTCzyi1xuewli/dOgEfd5R 28Y7LSWZGo6n83mMz2cmUTBx3uiP9MNYIVAUqmXoUPjXCDMyb9Or++IZhAIjUqLA vLX5dSmCWZYSM+h2/Yk+vrlgdKYIwSvX48X8f9AND8Stp2ltK6DBQSY57agUoWqb HxHkRXgQlY7Mxq0XdNZZzg5oSPWX8REBlln/nPEQZU4KeUMWlu3uH63Lj3d+R/aD VLBCuJZ2TVaLAyCTMEvfIsn1PIQMzYcMYxQMj85qxGoxiPJTRh9UOVg/2vP1NFPB H28FUlpzLAcVN9aBBhp3zUISE9atiJSMdifH56ru8/dnZb+QiD3NLSjy1+pNt1Jb SvA+vhnWa9eOSzY3lL96T0NAv3lVdRsqmpeu8uTfT8xRWrhyTqfn4N1452r146UU 6KVIhxc8LFqNLJC+ZIXV2YYdZgUdaWo7+JzhNiPiOA5y6s9F1XpOVN3btccl9402 uYOhTkfxDiYP6B2ShXtUDQIgvYyO4BNyrV9Vx46LrPnC2KXOmIxYFtlRHlV2+cBK 9x93Fvyy05/N15iD5BrUCZVfTBT75e90yUTy2VTijqXf7yrMTDpgAacgk38FAkjf 79VLduPCXLR186ghlXDj =l4A6 -----END PGP SIGNATURE-----
--- End Message ---
