Your message dated Fri, 18 Aug 2017 06:04:11 +0000 with message-id <e1diaob-0009rr...@fasolo.debian.org> and subject line Bug#872400: fixed in augeas 1.8.1-1 has caused the Debian Bug report #872400, regarding augeas: CVE-2017-7555: Improper handling of escaped strings leading to memory corruption to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 872400: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872400 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: augeas Version: 1.8.0-1 Severity: grave Tags: security upstream Forwarded: https://github.com/hercules-team/augeas/pull/480 Hi, the following vulnerability was published for augeas. CVE-2017-7555[0]: crash/memory corruption when handling certain escaped strings If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-7555 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7555 [1] https://github.com/hercules-team/augeas/pull/480 [2] https://github.com/hercules-team/augeas/pull/480/commits/39592c4eef8d4826947adca94c7fbd6efb8d47ca [3] https://bugzilla.redhat.com/show_bug.cgi?id=1475621 (not addessible at time of writing) [4] http://www.openwall.com/lists/oss-security/2017/08/17/3 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: augeas Source-Version: 1.8.1-1 We believe that the bug you reported is fixed in the latest version of augeas, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 872...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hilko Bengen <ben...@debian.org> (supplier of updated augeas package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 18 Aug 2017 07:15:24 +0200 Source: augeas Binary: augeas-tools libaugeas-dev libaugeas0 augeas-dbg augeas-lenses augeas-doc Architecture: source Version: 1.8.1-1 Distribution: unstable Urgency: high Maintainer: Hilko Bengen <ben...@debian.org> Changed-By: Hilko Bengen <ben...@debian.org> Description: augeas-dbg - Debugging symbols for libaugeas0 augeas-doc - Augeas lenses documentation augeas-lenses - Set of lenses needed by libaugeas0 to parse config files augeas-tools - Augeas command line tools libaugeas-dev - Development files for writing applications based on libaugeas0 libaugeas0 - Augeas configuration editing library and API Closes: 715554 872400 Changes: augeas (1.8.1-1) unstable; urgency=high . * New upstream version 1.8.1 - Fixes CVE-2017-7555 (Closes: #872400) * Add Multi-Arch support (Closes: #715554) Checksums-Sha1: 4a7dd0d16757d0f1f9954170092a37b43d727a31 2306 augeas_1.8.1-1.dsc 24ebfd91e28af5c1392c5c6f42756f2b9d2327be 2165325 augeas_1.8.1.orig.tar.gz e676ccb216a524a28ef99bbff72ced69ba1c2e4d 9440 augeas_1.8.1-1.debian.tar.xz b5bb32439836512f7e86759abab3ea95ecda2f75 8394 augeas_1.8.1-1_source.buildinfo Checksums-Sha256: 70a5c5bcfd0606aa507d3c2602b0558fc96e9ff6da92d66dd5f6722df070d6a5 2306 augeas_1.8.1-1.dsc 65cf75b5a573fee2a5c6c6e3c95cad05f0101e70d3f9db10d53f6cc5b11bc9f9 2165325 augeas_1.8.1.orig.tar.gz 155beb5e76916690d8c49e3d696069a72c61c174798b0f0cbea509e2ea5df2ff 9440 augeas_1.8.1-1.debian.tar.xz 50f402ed86618a35849b54149cceb9b5b0a9887ed8c4e77960255079dd099a6f 8394 augeas_1.8.1-1_source.buildinfo Files: aa9b1c656c3b514b450ab28e5382e81d 2306 libs optional augeas_1.8.1-1.dsc 623ff89d71a42fab9263365145efdbfa 2165325 libs optional augeas_1.8.1.orig.tar.gz 924622bdc9717034f496de02d80feb09 9440 libs optional augeas_1.8.1-1.debian.tar.xz 32ae69e19a263442e5787c50bf948334 8394 libs optional augeas_1.8.1-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEErnMQVUQqHZbPTUx4dbcQY1whOn4FAlmWeEEACgkQdbcQY1wh On7QPxAAsK8GhyzIO2YAM+jQGojkEUTmhMowYBmKg5FLgq5vRPPqFAMOrpeADYJr EEkkP+vPY9feEVpG0YQ8fFaWYIg4qzk34A20xWnXrER7xEd+eK07SiPV+mDKjbkw IJQ7C3LuXDxbAe85Xb23UxhuGT3icedqboOcxpJCvP8SG8mo/L6BUa4Dklr2vyDE KCbkCOCX1j5q5iYzYXI16OxNBHhgmpPUtAnQeTzdIOQbtsWaoVZYKKUf4Ztfe/nh zZKsMxv09/6tzBebjU0BmYDGc3NLNnCENwkQpzpiWSWI3rzY4pIHc+BdxxBihTXw +mrE369fW5PQIoRVBVrcmTKvYBjOfHre3xhep9FrXxI+Li/Kd4rH1x/EE0TLxZRI 0TCW1qA9LxU0OAJ356AAnnhap/QFSQ0IgWo88oV5cnjoJgvDQmZ2mi4bvLZjV0Fj YE/PQO080PcaXM3moMl17J3CJ08WhStBnHnmn40Dyorw8MvAsnW/6S9A6MPncNmu GEoEzEZpOuIFmGiOKL8/LL0sRIYak3fobBHiyGimJiUvZ0tn/mqfa4s6swDdWaR0 SRjCzR6PU0e8v/UY7tHmqykYFDvxLnm7qfWzFmJgG0BC9QcitRyuFD+4FIBl3Meu DfmsUBOG6SED9pRlkFSTvHx6n1x/I77GbTlshTZeKdzWgaF/yjE= =E7h+ -----END PGP SIGNATURE-----
--- End Message ---
