Your message dated Tue, 31 Mar 2015 21:50:03 +0000
with message-id <e1yd42t-0006kg...@franck.debian.org>
and subject line Bug#781497: fixed in musl 1.1.5-2
has caused the Debian Bug report #781497,
regarding musl: CVE-2015-1817: stack-based buffer overflow in ipv6 literal
parsing
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
781497: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781497
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: musl
Version: 1.1.5-1
Severity: grave
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for musl.
CVE-2015-1817[0]:
stack-based buffer overflow in ipv6 literal parsing
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-1817
[1] http://www.openwall.com/lists/oss-security/2015/03/30/3
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: musl
Source-Version: 1.1.5-2
We believe that the bug you reported is fixed in the latest version of
musl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 781...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Kevin Bortis <p...@bortis.ch> (supplier of updated musl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 31 Mar 2015 22:42:17 +0200
Source: musl
Binary: musl musl-dev musl-tools
Architecture: source
Version: 1.1.5-2
Distribution: unstable
Urgency: low
Maintainer: Kevin Bortis <p...@bortis.ch>
Changed-By: Kevin Bortis <p...@bortis.ch>
Description:
musl - standard C library
musl-dev - standard C library development files
musl-tools - standard C library tools
Closes: 781497
Changes:
musl (1.1.5-2) unstable; urgency=low
.
* Fixes possible stack-based buffer overflow CVE-2015-1817 (Closes: #781497)
Checksums-Sha1:
deaeabb3fd3d9a9cccf5ffca680098413543b8c3 1989 musl_1.1.5-2.dsc
b381775341ee7e6f742efce8e5976bb4d88f567e 7928 musl_1.1.5-2.debian.tar.xz
Checksums-Sha256:
b5020c98e92806c7129979bab4c1fbb4ada3d2c576031c614b00c61385af0a99 1989
musl_1.1.5-2.dsc
e524dd432def05628cb9d448871c63019f19d391981966bbdabdd45391262aac 7928
musl_1.1.5-2.debian.tar.xz
Files:
fa8dda825c4ee6d64b5650807266fb6a 1989 libs extra musl_1.1.5-2.dsc
8fdba59ba79f334dc2cd871f8da82ab5 7928 libs extra musl_1.1.5-2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJVGxB/AAoJENPhc4PPp/8GDNIQAIkcsBJwufrEToStcW0Yyi8O
uCADAYOKos+02hiqucJn+KD2L1P2lxwnuVNAibb8170PX+ObT6t0bWZPTUfBvDl+
2SF8U+L0Gg3MQExKre839rieTtaqaq1xv6KMVJ/+qjVJwV5P1noe3HY0/5ArkCjx
v/ZwxG8RUx2hvHc3Csd8+uTvfGZsLyOl1FVhBrixDPQ0QkeUxC0Cqoxag04j2h3d
pXv0YMYOu5NPqyFj0FYec2TZuZ1chtHvi7k79Y4hCzUO8NZrgygJxB/n7iKdtl1n
U9uDPvFLkO1zhWruQZAM1qLGmDfK+UeQ9KSbbU8XULKs84azswMK3jbATwKdVZXJ
osKVeMvqQidpib4NdSiXOwaPmQpzu1x5fQ78lgXsbHFJFnnCkSOaWeQJNIX9nV2P
lBfac4KRG+GwOGDFp0DV8+uMiNtZm5alb8XPYL5P8ZaHKVuS8TlnGAyjdnK3c+ZH
NsVKcSMZnB92m4PxP7I+JQn0eF1kIcaH1/ZEdc+ZDlyYnZvtSaBMMI7isFmX/aGX
meHGOwIosUKObI8JHGNTijLxUE4zfHjoHvkAcNbsJW5oVtS7JIZFna8v2h9A/6nG
xMjzT/ILYiaJA2pnsSZvuwNrr67JeInQTaxZrEI9amRdEE8erIo0c+zQxk667A29
N1v/8juDPupJshte9782
=aEVl
-----END PGP SIGNATURE-----
--- End Message ---
