Your message dated Thu, 27 Oct 2016 17:41:47 +0000 with message-id <e1bzogv-00023e...@franck.debian.org> and subject line Bug#842171: fixed in musl 1.1.15-2 has caused the Debian Bug report #842171, regarding musl: CVE-2016-8859: Regex integer overflow in buffer size computations to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 842171: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842171 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: musl Version: 1.1.15-1 Severity: grave Tags: security upstream Hi, the following vulnerability was published for musl. CVE-2016-8859[0]: Regex integer overflow in buffer size computations If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-8859 [1] http://www.openwall.com/lists/oss-security/2016/10/19/1 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: musl Source-Version: 1.1.15-2 We believe that the bug you reported is fixed in the latest version of musl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 842...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Reiner Herrmann <rei...@reiner-h.de> (supplier of updated musl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 27 Oct 2016 18:53:49 +0200 Source: musl Binary: musl musl-dev musl-tools Architecture: source Version: 1.1.15-2 Distribution: unstable Urgency: high Maintainer: Reiner Herrmann <rei...@reiner-h.de> Changed-By: Reiner Herrmann <rei...@reiner-h.de> Description: musl - standard C library musl-dev - standard C library development files musl-tools - standard C library tools Closes: 842171 Changes: musl (1.1.15-2) unstable; urgency=high . * Cherry-pick upstream fix for regex integer overflow in buffer size computations; CVE-2016-8859 (Closes: #842171) Checksums-Sha1: 6c3c41416769520898c001be212397ad5072f270 2787 musl_1.1.15-2.dsc 027c3ae2182fa53c2b554ca98a28dc5cfca4b2c3 911600 musl_1.1.15.orig.tar.gz e2fb3d9270da73ebb45c67a5d1ae4117b5fd4170 490 musl_1.1.15.orig.tar.gz.asc bde3025de47947e6e312243262e79338f4350c48 10876 musl_1.1.15-2.debian.tar.xz Checksums-Sha256: e0f867988755a1d19255d675db3c8931347f5d296a812b9c7e0c23ebf11cbe9a 2787 musl_1.1.15-2.dsc 97e447c7ee2a7f613186ec54a93054fe15469fe34d7d323080f7ef38f5ecb0fa 911600 musl_1.1.15.orig.tar.gz 9c9f0ce169a96f9214adc3c8f4261b10d6742ff5061fd6589bbe5789c1d3d6aa 490 musl_1.1.15.orig.tar.gz.asc 31ae73e4ab8563e0322f641e468dc4f6ba6ab8caba1e58b267a80b073a3139ca 10876 musl_1.1.15-2.debian.tar.xz Files: fc23202ad63a62375fd1c3a10af8a7ec 2787 libs extra musl_1.1.15-2.dsc 9590a9d47ee64f220b3c12f7afb864ca 911600 libs extra musl_1.1.15.orig.tar.gz 605ab8dd3de1d080dd6b0c1c6c192361 490 libs extra musl_1.1.15.orig.tar.gz.asc 2bf6319342188abfc189f2321355b6b0 10876 libs extra musl_1.1.15-2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJYEjSpAAoJEMzwSSjbDuqnb34QAK7VhUyTYZrzcsnUZmpMj35i YZiFKe16kcPsbeUyEpuIZMXSEMS0SwKtG87xJAk5fBepJyx5Lmg626OmdPxR+o7R BYeGT8nJQNAOnZCyMucBjYn1RUGwwVeHvuPBUKfmYAsjRrfbeoir1UEr2g+WheOq zz7ysYNeUQn5QtS7eMLOTBbUDYPcmvdZmA5nW+szJ8GE44yjGJwoUY9cFdLDgu3W yxoQNhmqBEmgI7p/+cRomRSfbuJHrUZw+u0BT9IITIHwglfvsaKqeN0ir0nIgYiQ ZYpbO7qt4YgBuUlePRCfDQfN95KeY3TMQk2nQqMe7roM2AMHNJvzmyKSNarnvxvN LYa3IDauIfO75wV7z4+EM4+TfZf7CL3E9FKTxxNzyTFqSz5Dy9VYL2DWssEApvS2 HZZ/qjnjTWDKt1a+0DYNHX3/YxtVXzR8j4bElUfyP6HfP+xGupmy7FEB6UnDeYet 2KiiNoPCM4mqLX9y8Qd10IixiabwGCrxJMPUtOCLuQw8wEccL0sdiozyVtXMtsdv zp1OvJBnV3bWpO4T89vg6S88lGf/qCRuXVp7GhcIm3LEhl23GPjNv92csJHvAsaO F+ZhLwz1T/LmrVteRVisYTR0ZlfN4KSeH/WOnnszewjl+7IE8vvsPl6bbkTjl7OA HDY2pQwByc5edZ+9zKPe =lYQz -----END PGP SIGNATURE-----
--- End Message ---
