Bug#872400: marked as done (augeas: CVE-2017-7555: Improper handling of escaped strings leading to memory corruption)

[Debian Bug Tracking System]

Your message dated Tue, 22 Aug 2017 21:32:08 +0000
with message-id <e1dkgmo-0000ry...@fasolo.debian.org>
and subject line Bug#872400: fixed in augeas 1.8.0-1+deb9u1
has caused the Debian Bug report #872400,
regarding augeas: CVE-2017-7555: Improper handling of escaped strings leading 
to memory corruption
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
872400: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872400
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: augeas
Version: 1.8.0-1
Severity: grave
Tags: security upstream
Forwarded: https://github.com/hercules-team/augeas/pull/480

Hi,

the following vulnerability was published for augeas.

CVE-2017-7555[0]:
crash/memory corruption when handling certain escaped strings

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-7555
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7555
[1] https://github.com/hercules-team/augeas/pull/480
[2] 
https://github.com/hercules-team/augeas/pull/480/commits/39592c4eef8d4826947adca94c7fbd6efb8d47ca
[3] https://bugzilla.redhat.com/show_bug.cgi?id=1475621 (not
    addessible at time of writing)
[4] http://www.openwall.com/lists/oss-security/2017/08/17/3

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: augeas
Source-Version: 1.8.0-1+deb9u1

We believe that the bug you reported is fixed in the latest version of
augeas, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 872...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Hilko Bengen <ben...@debian.org> (supplier of updated augeas package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 18 Aug 2017 07:56:15 +0200
Source: augeas
Binary: augeas-tools libaugeas-dev libaugeas0 augeas-dbg augeas-lenses 
augeas-doc
Architecture: source
Version: 1.8.0-1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Hilko Bengen <ben...@debian.org>
Changed-By: Hilko Bengen <ben...@debian.org>
Description:
 augeas-dbg - Debugging symbols for libaugeas0
 augeas-doc - Augeas lenses documentation
 augeas-lenses - Set of lenses needed by libaugeas0 to parse config files
 augeas-tools - Augeas command line tools
 libaugeas-dev - Development files for writing applications based on libaugeas0
 libaugeas0 - Augeas configuration editing library and API
Closes: 872400
Changes:
 augeas (1.8.0-1+deb9u1) stretch-security; urgency=high
 .
   * Add patch to fix CVE-2017-7555 (Closes: #872400)
Checksums-Sha1:
 dc44abe4513c4f2721740d3df23615156945239e 2337 augeas_1.8.0-1+deb9u1.dsc
 6ddcffab2665b8c0f286a1201afb251e354f426a 2164146 augeas_1.8.0.orig.tar.gz
 d80544c9ab5c23e0c627d4b09a0988885422eb53 11252 
augeas_1.8.0-1+deb9u1.debian.tar.xz
 82597712dc9761e2926feab4ff1abb01c6e64a13 8422 
augeas_1.8.0-1+deb9u1_source.buildinfo
Checksums-Sha256:
 92e80698341f3870d302e6f92e03b8b411a1ab91d3c25512ac97023b9e0e1268 2337 
augeas_1.8.0-1+deb9u1.dsc
 515ce904138d99ff51d45ba7ed0d809bdee6c42d3bc538c8c820e010392d4cc5 2164146 
augeas_1.8.0.orig.tar.gz
 a2f70082f851f126b39d7fdeb835e769de0bb207a85a0bf8598b94797823f84b 11252 
augeas_1.8.0-1+deb9u1.debian.tar.xz
 5c1be715c9b9ea453697c7ecca912a995a30ef3a1752c58fb6a9c18c69fde999 8422 
augeas_1.8.0-1+deb9u1_source.buildinfo
Files:
 dfa52571831df621834207251a3e231b 2337 libs optional augeas_1.8.0-1+deb9u1.dsc
 cc99cf86ec5f5c4dac71f2800bde2758 2164146 libs optional augeas_1.8.0.orig.tar.gz
 a28660bc019efe2b32872bdf024f87d7 11252 libs optional 
augeas_1.8.0-1+deb9u1.debian.tar.xz
 c0eff3172baad944953c2c8ed11c9af0 8422 libs optional 
augeas_1.8.0-1+deb9u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEErnMQVUQqHZbPTUx4dbcQY1whOn4FAlmW008ACgkQdbcQY1wh
On4H6g/8ClTSlmX4sVuzoxdK+YGj0E7asnu26tBcoOSy4w0QwQ09bOmt25RSudmv
uptPIiAtm6+ts4kpTeNTR0ostb+NMoUDbYFvWaoapt32RL9jWA7JLu4A0PnL+3Y0
UEpEbO2B8niiGsTHPluljcIw3OVHzY2dKfVNUwJaigILC16Q09meBa4vE8+RpixF
05pbG3+F18cNk7aNi6fSMz99h1iQbxBxHa6jTtvehMRdAPzhOVFLRZEwuLYfJ1Jj
06c68CpHI04PSd5CQogSDqlu8dnF/wtIZj1C9mHAh3Xi/V53tGTihG91sc+h/NEK
gw0wkFAOUu05sbf0N38M0enIkXk4IoOn7fWlz2dl4KpprXr9i5G0WRP8pTH8QKOo
Pupzai6nGQIRW2h8tx25oY6vqb2XhgmenENk0D2zQrXgjdIqQpRP+atlRwe3DI+D
64QVJ4jF+diirlQ0Ayq5H/tyIljDGmmGVlZRQgWt7fxlnHisMfxLt9D9zHaSVXQL
+IO/r9eUjpG8dCD4TYCfB5u8Uxpl0fQF4gseMzvYK8bl0MhHE0XqRLZHs4ltzjLb
i4/xcYvrgrSBqUJxYAYnwwGTLuInnM40rbFTfDu4s/2Rgq3QdsPDzChQVphCIxbp
eB+L2+iULdEw/l0+VWYlN4mPGYn+la7AjAaSVX6q8ZgHOdd/xGE=
=3t/f
-----END PGP SIGNATURE-----

--- End Message ---