Your message dated Sun, 15 May 2016 10:24:12 +0000 with message-id <e1b1tdy-0000zf...@franck.debian.org> and subject line Bug#824160: fixed in p7zip 15.14.1+dfsg-2 has caused the Debian Bug report #824160, regarding p7zip: CVE-2016-2334 CVE-2016-2335 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 824160: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824160 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: p7zip Version: 15.14.1+dfsg-1 Severity: grave Tags: security upstream fixed-upstream Hi, the following vulnerabilities were published for p7zip. CVE-2016-2334[0]: Heap-buffer-overflow vulnerability CVE-2016-2335[1]: Out-of-bounds read vuilerability If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-2334 [1] https://security-tracker.debian.org/tracker/CVE-2016-2335 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: p7zip Source-Version: 15.14.1+dfsg-2 We believe that the bug you reported is fixed in the latest version of p7zip, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 824...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Robert Luberda <rob...@debian.org> (supplier of updated p7zip package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 15 May 2016 11:35:38 +0200 Source: p7zip Binary: p7zip p7zip-full Architecture: source Version: 15.14.1+dfsg-2 Distribution: unstable Urgency: high Maintainer: Robert Luberda <rob...@debian.org> Changed-By: Robert Luberda <rob...@debian.org> Description: p7zip - 7zr file archiver with high compression ratio p7zip-full - 7z and 7za file archivers with high compression ratio Closes: 824160 Changes: p7zip (15.14.1+dfsg-2) unstable; urgency=high . * Fix the heap buffer overflow in HFS handler (CVE-2016-2334) and out of bounds read in UDF handler (CVS-2016-2335) using patches from https://sourceforge.net/p/p7zip/discussion/383043/thread/9d0fb86b/ (closes: #824160). Checksums-Sha1: d004ec56cae5cca9f643ff2379deaed93af317d7 1927 p7zip_15.14.1+dfsg-2.dsc a8e69df94b49883e7d9315dd26198572399f51d0 21004 p7zip_15.14.1+dfsg-2.debian.tar.xz Checksums-Sha256: 84600fc9d88a892927c54537b733538f7febf56f8a920b9bb685f904c236aa54 1927 p7zip_15.14.1+dfsg-2.dsc f4db6803535fc30b6ae9db5aabfd9f57a851c6773d72073847ec5e3731b7af37 21004 p7zip_15.14.1+dfsg-2.debian.tar.xz Files: 38568344189c39144558060339380c29 1927 utils optional p7zip_15.14.1+dfsg-2.dsc a10894e90fa5bfa7be735bea18a952d5 21004 utils optional p7zip_15.14.1+dfsg-2.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXOEXzAAoJEGMd51U76K/UU2IP/0eLacomTe8dRmkSTgokvTCe g5+iVrf3MLxU+FTY25b/FY7DvAsRGAgXMgz9mMXL1fGgCZ2WXwV9Hw/lGn6w07QW O/0onQe6E3t282DejTYU5c5iESbAY8hHXinP8Cd6OCQb85bbAiF34Z8OKhQ7tLzQ 6JLYVQmBpFqm6OgS/OS1VcOsEv41Vs1eZENfl0v2qzp01sNhlPnbRjPvblnRZadm Hm06qbH2ZLXpRARrFuJC1RC2WZGHWcnArRp+nweS/XO/pOey71PvVDOtKx3lu/GY RmiQpAB1fNXmMLZotWPAgOIdXQhxH5EUi6B0+ur8lRylSkvXqojsAdmTpF0nOcwk bcTpxg4CU+eOWBB2yc/mGYldXtpOFas49ohd8DBtUmcs2o7ly4RRC0uIYXu6rIFu RaggtsgHGcwlxkVrxeSFx7bIXLQZIWqFzeJcpFGucgEKD4lmF3FKzRVF4ob7tThl ooykNXwaf/fgXQ0BpxfFA0npwAJD3MqGnrn2nXi8CBvmgEU6o8a5IcIypMo11Put 4l7yYnNDwei3RqogIaDUMEmml0g3KOyqjIdB4hgybxhGK3Z4UkxnNBJkXPZI+VRS zDUyZgb84lmGiQKtamX2NPPKbBrK4SQZ9n0gtyKZlmMTI0BlglJqd0W7/4ld34xX pugsajvQfTkbeb8UvRy2 =qVMf -----END PGP SIGNATURE-----
--- End Message ---
