Your message dated Thu, 09 Jun 2016 22:17:13 +0000 with message-id <e1bb8gh-0004ei...@franck.debian.org> and subject line Bug#824160: fixed in p7zip 9.20.1~dfsg.1-4.1+deb8u2 has caused the Debian Bug report #824160, regarding p7zip: CVE-2016-2334 CVE-2016-2335 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 824160: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824160 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: p7zip Version: 15.14.1+dfsg-1 Severity: grave Tags: security upstream fixed-upstream Hi, the following vulnerabilities were published for p7zip. CVE-2016-2334[0]: Heap-buffer-overflow vulnerability CVE-2016-2335[1]: Out-of-bounds read vuilerability If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-2334 [1] https://security-tracker.debian.org/tracker/CVE-2016-2335 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: p7zip Source-Version: 9.20.1~dfsg.1-4.1+deb8u2 We believe that the bug you reported is fixed in the latest version of p7zip, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 824...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated p7zip package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 08 Jun 2016 16:50:10 +0200 Source: p7zip Binary: p7zip p7zip-full Architecture: source Version: 9.20.1~dfsg.1-4.1+deb8u2 Distribution: jessie-security Urgency: high Maintainer: Mohammed Adnène Trojette <adn+...@diwi.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 824160 Description: p7zip - 7z file archiver with high compression ratio p7zip-full - 7z and 7za file archivers with high compression ratio Changes: p7zip (9.20.1~dfsg.1-4.1+deb8u2) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2016-2335: UDF CInArchive::ReadFileItem code execution vulnerability (Closes: #824160) Checksums-Sha1: 1364dc25642b9f9a8eeab8032c11f093388c61d1 1825 p7zip_9.20.1~dfsg.1-4.1+deb8u2.dsc c10983919213d9a7a63d8c194ecd4255e5675092 16213 p7zip_9.20.1~dfsg.1-4.1+deb8u2.diff.gz Checksums-Sha256: 2ee6af4fed08a9f1fee8bb0915a8e2429d07802fe3c1fa0df0b4d57546d124e2 1825 p7zip_9.20.1~dfsg.1-4.1+deb8u2.dsc 72f96dc48d5ec84ee7ad83bde67e46684c640f3e84c0182dae914860d513a5bf 16213 p7zip_9.20.1~dfsg.1-4.1+deb8u2.diff.gz Files: ee03402a16d9eb141b9bf1d18326ad4a 1825 utils optional p7zip_9.20.1~dfsg.1-4.1+deb8u2.dsc 6921f103fa9b7ae461f576ee678520b0 16213 utils optional p7zip_9.20.1~dfsg.1-4.1+deb8u2.diff.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJXWDGXAAoJEAVMuPMTQ89E/YAP/i1Y1kZr9cbr8Bj4ujHnH5hO ffnOAoelTu81RJY3XmrwMq+N5IDTAxPNiLu28MZrTCHk4SM01NJNYH2rcoA5jXrP rA7/z4S+2Gaj8PgPU3XlvJQ+HfmY+hO1WRwABbdUFXoLNzfl6xLe0DqGPHdACwEw Yb+Uj6dlsUQe7uAO1jIPFwMsWgJmL4GDbFYIrE3A4DQS/S364dM8YVhsd5wy9jXK x97zb1iSGwQ2/flP/SVv0C3WB1nkMMTQFpcZUcThwYmPH4N7N+cPyixP8T8lr+je sJxiFgS+AWtMqml9NWJ5y1ADOhJU2p9ikDAQ7TubfhZFnpEHOxUHgjm8koxnHc6D IQe09sZyUzVYTiaG6kPUCOySgPkdUHVKWSv1II3pAkRbQBM5RsJIMINT6OQO+0bR y4Bnw7PaV10NynJCXgh3TWmtX3EUTdV0pBiOKTOKwJV2sZNvGAsw7cHi5oiMRiPp BP1WCy3ppHDA9RknghurbYy2kU62b5hbIW8/5zqtHwVnH14qnUSitnsqvxG3fIpA wj6v4TDUx1d4bsZrsBeLJtUo8AJp7GcbZgUF1uFxLX3W/Mq3YfCyKrw8zh9cVTEL MsyI4eXT55ty/zAWBbJ0pMk6ro2vC0RYxh9qfW+ZvUf/qMdtgR2LjSQnyBsKXk3H doqbmvMFQDC90myZj2J4 =LoUv -----END PGP SIGNATURE-----
--- End Message ---
