Your message dated Mon, 14 Aug 2017 23:04:15 +0000 with message-id <e1dhop9-0007hy...@fasolo.debian.org> and subject line Bug#871263: fixed in libmspack 0.6-1 has caused the Debian Bug report #871263, regarding libmspack: CVE-2017-6419 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 871263: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871263 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libmspack Version: 0.5-1 Severity: grave Tags: security upstream Hi, the following vulnerability was published for libmspack. CVE-2017-6419[0]: | mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows | remote attackers to cause a denial of service (heap-based buffer | overflow and application crash) or possibly have unspecified other | impact via a crafted CHM file. It was fixed in ClamAV already at [1]. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-6419 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6419 [1] https://github.com/vrtadmin/clamav-devel/commit/a83773682e856ad6529ba6db8d1792e6d515d7f1 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libmspack Source-Version: 0.6-1 We believe that the bug you reported is fixed in the latest version of libmspack, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 871...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Marc Dequènes (Duck) <d...@duckcorp.org> (supplier of updated libmspack package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 15 Aug 2017 06:08:38 +0900 Source: libmspack Binary: libmspack0 libmspack-dev libmspack-doc Architecture: source amd64 all Version: 0.6-1 Distribution: unstable Urgency: medium Maintainer: Marc Dequènes (Duck) <d...@duckcorp.org> Changed-By: Marc Dequènes (Duck) <d...@duckcorp.org> Description: libmspack-dev - library for Microsoft compression formats (development files) libmspack-doc - library for Microsoft compression formats (documentation) libmspack0 - library for Microsoft compression formats (shared library) Closes: 868956 871263 Changes: libmspack (0.6-1) unstable; urgency=medium . * New upstream release: + Fix CVE-2017-6419 (Closes: #871263) + Fix CVE-2017-11423 (Closes: #868956) * Fix building documentation. * Use HTTPS in package metadata. * Transition to automatic debug packages. * Package now conforms to Standards-Version 4.0.0. * Switch to compat level 10. Checksums-Sha1: abfa82db355a34ccd5ee4f223c619c31f605b3c9 2026 libmspack_0.6-1.dsc 1e616315aeee95fc0140bdfd6e342a3706688d44 476992 libmspack_0.6.orig.tar.gz 47ce28652edf6aa3422386a23e11c2afaef03901 2932 libmspack_0.6-1.debian.tar.xz 6cda305044695ddfbfb4b8556791510c04261a85 64042 libmspack-dev_0.6-1_amd64.deb 9a15aae2b181ce2c534199400d2279a4cfd52720 323278 libmspack-doc_0.6-1_all.deb ca56b2331a000fa008ab02567448df487e0a0c5b 78180 libmspack0-dbgsym_0.6-1_amd64.deb 1000c0c78db81e54086fcf76ff3639df9a402ed9 45922 libmspack0_0.6-1_amd64.deb 3aaec626eb5d086d579d06edfafaf85c81dae160 6208 libmspack_0.6-1_amd64.buildinfo Checksums-Sha256: d60b99aeaffe40371374eaf89a0eccc4cd388819b1ff698c896b5b430bfcc2a0 2026 libmspack_0.6-1.dsc 1edbee82accb28e679ab538f803aab7a5a569e4102ccf1715b462b1bd915f921 476992 libmspack_0.6.orig.tar.gz d99333e354f66275033867690f8c60f36d19c7299ca60abd0c79f5a0dec4afaa 2932 libmspack_0.6-1.debian.tar.xz 44298281b906ba1e08090c8662ef14fd0ccd3a800d3ebc63bcffd490897b5d0c 64042 libmspack-dev_0.6-1_amd64.deb 0bab83264b3446927fb9b257ac03c427455d30f1f5048fb58611354375c4e8cd 323278 libmspack-doc_0.6-1_all.deb babdc78285bdbf692023e2e764055b39491c22f412f79d85858fc252673a3efb 78180 libmspack0-dbgsym_0.6-1_amd64.deb eee2940b06096b4abe70cc03ce096e94f2240e28ab4996b827bca1612a583397 45922 libmspack0_0.6-1_amd64.deb c1c7e198d874418ddc9c5442c9bf9dee443f4ff900ce60e6a6a2de5d0c6b8c68 6208 libmspack_0.6-1_amd64.buildinfo Files: 0e91f7ef773ae3f0be502a3a99840a11 2026 libs optional libmspack_0.6-1.dsc ec1a4585178ef029d46475aef1462852 476992 libs optional libmspack_0.6.orig.tar.gz 31791878074789c554183f9a6fdb9523 2932 libs optional libmspack_0.6-1.debian.tar.xz 2eb3301f4264856ef379628b74361dca 64042 libdevel optional libmspack-dev_0.6-1_amd64.deb 4fa55856174e099142b92321c50b7aa8 323278 doc optional libmspack-doc_0.6-1_all.deb f8107bc1dba0598cb7179f1f724ba4ef 78180 debug extra libmspack0-dbgsym_0.6-1_amd64.deb fb12e2d00f7deeb0ae918ff136d64f0a 45922 libs optional libmspack0_0.6-1_amd64.deb f1b8ac35ccda02b395b211568c28de76 6208 libs optional libmspack_0.6-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEcpcqg+UmRT3yiF+BVen596wcRD8FAlmSKZcACgkQVen596wc RD/cmRAAwtBVqNntosWFUaMl4U8BqAmKDgyD5vvIVdG0XSXXfAAqncOXQkrCgh1H H3YyEhyq+laOQp/s4AFuNIXDMYy+fBSSodjRifeXjOYjLuZDKUXsr+K/PMC4VpOk 3BKZ2od3cxmnHFTGFO6PPedpWGOCYiE6MiBTrZrzYBhRbeLTHuoOfM9FN94iCRCH cq9iGx4VJCBlV5rYjcBuS5rYUj5iaJ6X6F2fEh7eOd3q8QsskYlizAfvu8YwgrTi smFtvJPLYhPZASA3ReRHEF8N3LQBcz25J0zEZJ1VzDlTEiMmflemfV8h5+PnlpG4 4ElP7GEKz5t73zPlRuyF2MpNtGbSP8rRPFtt5nqAuOTuERDUn/bwp6Hq1gnXVDwx zylKx1oA/KZU9fi2fETqOEnAsNr2uunwrjh8F68yI8yb9H8zjK2gRTw1/jHHzzse PXSOdDTye5fg+RZN0OpPrI9I6CKt2TiUYRRktOXBUMVJn0YdBxb4z0a4FhAya5cj VDY+s/2q1lgtqoK1iDQB4/V9yxuq6VKFR53RJGkte/p6F0aEwyC5MQ3KYiAfBiRJ ac2NRu9zbukfB6UX2WZf3IG7Z8HrO2MD1FPgLPnSXwORRJxyzVznowiREaldheb6 7l+XNxrgOB68O4t4a2M0u76EzZiGFl+UATHpJudJWZMQW8o1zG8= =9uFO -----END PGP SIGNATURE-----
--- End Message ---
