Your message dated Tue, 9 May 2017 19:16:44 +0300 with message-id <20170509161644.unr2hsd4iozq5356@localhost> and subject line Already marked as fixed in unstable, closing has caused the Debian Bug report #860989, regarding cargo: embeds a copy of libgit2 affected by CVE-2016-8568 CVE-2016-8569 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 860989: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860989 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libgit2 Version: 0.24.1-2 Severity: grave Tags: security upstream Hi, the following vulnerabilities were published for libgit2. CVE-2016-8568[0, 3]: Read out-of-bounds in git_oid_nfmt CVE-2016-8569[1, 4]: DoS using a null pointer dereference in git_commit_message If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-8568 [1] https://security-tracker.debian.org/tracker/CVE-2016-8569 [2] https://marc.info/?l=oss-security&m=147594097425642&w=2 [3] https://github.com/libgit2/libgit2/issues/3936 [4] https://github.com/libgit2/libgit2/issues/3937 [5] https://github.com/libgit2/libgit2/pull/3956 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Already marked as fixed in unstable, closing. cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
--- End Message ---
