Your message dated Wed, 24 Dec 2014 18:32:06 +0000 with message-id <e1y3qj8-0000dc...@franck.debian.org> and subject line Bug#772793: fixed in cpio 2.11+dfsg-0.1+deb7u1 has caused the Debian Bug report #772793, regarding cpio: CVE-2014-9112 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 772793: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772793 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: cpio Severity: grave Tags: security Hi, please see http://seclists.org/fulldisclosure/2014/Nov/74 for the original report. Patches: http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=746f3ff6 http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=54d1c42a http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=58df4f1b Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: cpio Source-Version: 2.11+dfsg-0.1+deb7u1 We believe that the bug you reported is fixed in the latest version of cpio, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 772...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Gilbert <mgilb...@debian.org> (supplier of updated cpio package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 22 Dec 2014 22:13:01 +0000 Source: cpio Binary: cpio cpio-win32 Architecture: source all i386 Version: 2.11+dfsg-0.1+deb7u1 Distribution: stable-security Urgency: high Maintainer: Ruben Molina <rmol...@udea.edu.co> Changed-By: Michael Gilbert <mgilb...@debian.org> Description: cpio - GNU cpio -- a program to manage archives of files cpio-win32 - GNU cpio -- a program to manage archives of files (win32 build) Closes: 772793 Changes: cpio (2.11+dfsg-0.1+deb7u1) stable-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix CVE-2014-9112: out of bounds write, insufficient range checking, and null pointer dereference issues (closes: #772793). Checksums-Sha1: fe0fddb16f429b9ac9a7bd5f5a13aacbba8bf49c 2662 cpio_2.11+dfsg-0.1+deb7u1.dsc db17d80369acf691611a38979f42f31e47ee6fac 802940 cpio_2.11+dfsg.orig.tar.xz 7dcc907431eeb277cca0bdf647e1734ced440dc3 16920 cpio_2.11+dfsg-0.1+deb7u1.debian.tar.bz2 a5b08db8cddf1eb8b305420f61d113b94ca9de33 74086 cpio-win32_2.11+dfsg-0.1+deb7u1_all.deb 5c25d79b37aa9092fb22ed01b83762435c8769dd 267080 cpio_2.11+dfsg-0.1+deb7u1_i386.deb Checksums-Sha256: e67f415ff3608fe2f82f4c8d4cc7a9c00ee3fa6eb3aa0bbf4967334f6bd432fd 2662 cpio_2.11+dfsg-0.1+deb7u1.dsc f3208df43692895e1ff84cb7625c6cc27b431c9a321fe414faed402b70660cd0 802940 cpio_2.11+dfsg.orig.tar.xz af7d3c420273e5267542662bb6e8ec965db40dfd3e5d9f5cff31cc445015ae6b 16920 cpio_2.11+dfsg-0.1+deb7u1.debian.tar.bz2 6f9129e91e0ea4dfd528fbb1722389a291a0f2b8b264c3afcf257c589254b869 74086 cpio-win32_2.11+dfsg-0.1+deb7u1_all.deb f99e163bbe7d973542557f366efbcdc29a7c2fff0024feb6f545939e412e5180 267080 cpio_2.11+dfsg-0.1+deb7u1_i386.deb Files: 3da368e4fd21da864005e43382948a2f 2662 utils important cpio_2.11+dfsg-0.1+deb7u1.dsc 54d2f3b3561c3a1ca2c192e94f00bc38 802940 utils important cpio_2.11+dfsg.orig.tar.xz ab9ccc32777bb208463e32afa596530f 16920 utils important cpio_2.11+dfsg-0.1+deb7u1.debian.tar.bz2 784d48d0f343f0575b63a4e117c35ea3 74086 utils extra cpio-win32_2.11+dfsg-0.1+deb7u1_all.deb c8f5824f405f3eec2e741c64df21f071 267080 utils important cpio_2.11+dfsg-0.1+deb7u1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQQcBAEBCgAGBQJUmJlPAAoJELjWss0C1vRzai4f+wUL43ZJ/bOUXwKKJRKvt8k5 sDkGP/J6S3ahuN6Gg8LwYJvgS53mZtwgO1BmzRsbaZpZLU5X9eJpCYzOJQ3apnqy zsZDLyvYnp70W3SbMaDk/TuMh0Ohu90F6cm6ghqNXmJe0gpTCHII3GFJvZNECKWT 8uecBHtFXOW7zm8PcC3LDeLrjcqJtYYgACZUYRKvlFnMzingRiEP+uZ+VRlRiUZ/ QjyyTUaub+P7Zxh2WzQsN02Fl3wry4ui9cjGEECwIeGyq/cjfDinhAfp+a3/+M+L dhqavw+5c3qrheoBKs48AylE+Abn2rvJjmUBneU6L1v0Kb9Q/9B3l0iFYmgQqxvX E61SzGnQ/YCDU1iYyAzhMUJtkHkbAeUwdaCPZJeglbe41KuC5Q5p0sT/zg3smOih SzUe5YhX6nf09yIxTlAPDpXWwkqzu90Vk8r7s4KN5YRIcPOBZLuC4b8D9PWaNzkV etAtK2ZSXUO+v9gpxu5DJIZ7crUymL2285A5eRPgvoerW3A9x5hzA9NXTojptYa9 JhSjWnNhkrZBja4lGtID0z6aGNMpKX8EvQ1FdrVfwA5pSbLAE8EeLpszUZkR0Dwk QMwBwc2JGaWj+yVb86C1YCcvdhCbVuTsr2dbAPKZQIeas3B6iVQop9ZTsMTs+l5r 5TGBe4C/19QdvZsbuTNeEOCHiWpqfXjeRtwS9Vvl6Ykqj6H9i6ddEabecFIYMb+9 sz6BU/nh2hPhwauVpw3uThqzqt1S3o3JPPrOZZp+17Dyq5i4z0T2IdvzigJwsvAL 102r7IpX9G+i8EY53e2NFqX15/8BI2B/wQBI8q7USNADIkv7N3z4b9L8DU580/gc PUpA76d+pshCjReKdem9n3kpBysOMi1t4yFHakrWWX1bME5lLbXHn5DIaUdHO2+v f74uFZeNkWkO+7O/ad48cbAoFrKlVVHosFaDP72ldrtkwLGv/UJ1sbB+1C8TKgj9 MfNjuq2VLkUS9jZppF5bN9tbbuCyfx7bBlIMz9FkwKYf9BbzXHQYwohtjNVxbAW2 03vlbaIj3oR0u94IPSfYmZsXqazlOkazcvySSuJNvBu6cHmRLU0FLYUV5eHC1zyC +9zBdYL1vDA6dO/tTVJmk+43m3jZBz/N5WCbBym+/TScS9VelPZkjm17jvan1vih A5RJAZTEFfDq5aLGVbqdvcQaqmPmqMwpscU5UPZ7NsclU//t3JtuFkyZt9Pt6Jeq Y22AOcpXshY3SKhKpP19H0GSNdlALNWRPkiXddFPEOHFnt0Qg4GGh6ACCik6er0F nUa0Zoupmvy4MVP1h6GmDG+erU+aam8sOTIEDbL9wO/uFUCbgcgUjg0q9ndwaXU= =vPDE -----END PGP SIGNATURE-----
--- End Message ---
