Your message dated Fri, 22 Apr 2016 21:54:17 +0000 with message-id <e1atj1l-0005gq...@franck.debian.org> and subject line Bug#779047: fixed in fuseiso 20070708-3+deb7u1 has caused the Debian Bug report #779047, regarding Two security issues to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 779047: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779047 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: fuseiso Severity: grave Tags: security Hi, two vulnerabilities have been found in fuseiso: https://bugzilla.redhat.com/show_bug.cgi?id=863102 https://bugzilla.redhat.com/show_bug.cgi?id=863091 CVE IDs have been requested, but are not yet assigned: http://www.openwall.com/lists/oss-security/2015/02/06/7 Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: fuseiso Source-Version: 20070708-3+deb7u1 We believe that the bug you reported is fixed in the latest version of fuseiso, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 779...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thorsten Alteholz <deb...@alteholz.de> (supplier of updated fuseiso package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 24 Mar 2016 18:03:02 +0100 Source: fuseiso Binary: fuseiso Architecture: source i386 Version: 20070708-3+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: David Paleino <da...@debian.org> Changed-By: Thorsten Alteholz <deb...@alteholz.de> Description: fuseiso - FUSE module to mount ISO filesystem images Closes: 779047 Changes: fuseiso (20070708-3+deb7u1) wheezy-security; urgency=high . * Non-maintainer upload by the Wheezy LTS Team. * debian/patches (Closes: #779047): (patches copied from the Squeeze version) + CVE-2015-8837 Add 02-prevent-buffer-overflow.patch. Prevent stack-based buffer overflow when concatenating strings to an absolute path name. Prevention is done by checking that the result will stay under the maximum path length as given by the platforms PATH_MAX constant. + CVE-2015-8836 Add 03-prevent-integer-overflow.patch. Prevent integer overflow in ZISO code. Bail out if a ZF block size > 2^17 is to be read. Checksums-Sha1: 151f3bda79f1226f0fe019f3d51439c19224ef7f 2051 fuseiso_20070708-3+deb7u1.dsc 4b3069f535af53477172359eaaab90e5b827f8e9 339470 fuseiso_20070708.orig.tar.gz e5edbc80df95be06d50e0a24ffba6090db38e586 5178 fuseiso_20070708-3+deb7u1.debian.tar.gz 32d0ae73be7a5c78a08083bef222b476ff8a2251 22724 fuseiso_20070708-3+deb7u1_i386.deb Checksums-Sha256: a3088ae7e50389002823b4fd72a811735ffd23d5bb3e8a14326946203194780d 2051 fuseiso_20070708-3+deb7u1.dsc 9bc183a99f0025d01f30ac3f3622b2602b0ad58dfb5d3acce9063d144bf77193 339470 fuseiso_20070708.orig.tar.gz 668730b73d858179950e408d4cdb7c67aebc3981ef7035e5675639a5679a4636 5178 fuseiso_20070708-3+deb7u1.debian.tar.gz bdc581832d950a74f05e3ba80c3fcd35b1db4d52740dfd33e93f8067878f5b29 22724 fuseiso_20070708-3+deb7u1_i386.deb Files: b1ff3fefdf6a07ada1648a7f9be0d7a2 2051 admin optional fuseiso_20070708-3+deb7u1.dsc 30a0e7a3cf577664001e471ba12b6fb4 339470 admin optional fuseiso_20070708.orig.tar.gz e86de53189d8ec0c484e3282a2a7e2b6 5178 admin optional fuseiso_20070708-3+deb7u1.debian.tar.gz 0dc6671b43d9d6c02d669d76fe709279 22724 admin optional fuseiso_20070708-3+deb7u1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQJ8BAEBCgBmBQJXAqnmXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5 NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHgn0P/ifEl8cC36kuUQ0TVIKV8amn NKxG4AKeMvG+fCHyvePxJd2uDOx837wpBFeuTYt5PAQBYAjBeLskpZrMu/mbkala zGAW4qTuGQ9HTmtcekkAVYuCVFwmaUBgV3UCTS4Dacd7CJlt/8DiNn0zyn8Jf2de 3oB+7vPQsRrDqKVoxzeE0M+e9pF3oAMTDDo0/9Zj5Evl+CKvTe4fC1y8bxPj2ZtB +t+V3rPXZpfnHE/wlwNbl5iMO7MkSp//PlEZWF1wgs65obKUaixZEfwmSYVA9Xby OdJA+w9mHIgW4qoLujWmzbhpyNHZpYYdtsL6AMh3xshJMEzNNDjTJyqPnhgdH3Iy P1gSZtZ0tGtRe05V2tq6VsHKDIHZI0o7tjigUhqaugKt/BIW38CGEBjwXSq93uoG ziczrZtoTl730W3HxKFp+lTOarAk7ok6uHXdZ/IdTQwl7BJobiN5VQmPYFx/xaI6 o8EQXANTUgfBOPdGH74k4xAtLET7J2O37sTw6C5/Zq5wTvzM+jpfmS439k8hA+zH fNKPDF97dp3AZQCYcisaU2tUDy0hbgHpCRTFNVwAdBxuBjxyaoOraHpuwZfCZpAY D18gGQkxlwbwqgapycIFBhL7RaCbfbXnDSApGTyVPh67A186gT6vU2RrrPGmFy6z zVcvLEYXhuX40Zf3MfB8 =FNzq -----END PGP SIGNATURE-----
--- End Message ---
