Your message dated Tue, 01 May 2018 13:52:29 +0000 with message-id <e1fdvhl-0003mo...@fasolo.debian.org> and subject line Bug#897010: fixed in lrzsz 0.12.21-10 has caused the Debian Bug report #897010, regarding lrzsz: CVE-2018-10195: rzsz: sz can leak data to receiving side to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 897010: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897010 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: lrzsz Version: 0.12.21-5 Severity: important Tags: security upstream Hi, The following vulnerability was published for lrzsz. CVE-2018-10195[0]: rzsz: sz can leak data to receiving side If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-10195 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10195 [1] https://bugzilla.novell.com/show_bug.cgi?id=1090051 [2] https://src.fedoraproject.org/cgit/rpms/lrzsz.git/tree/lrzsz-0.12.20.patch [3] https://bugzilla.redhat.com/show_bug.cgi?id=1572058 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: lrzsz Source-Version: 0.12.21-10 We believe that the bug you reported is fixed in the latest version of lrzsz, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 897...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Martin A. Godisch <godi...@debian.org> (supplier of updated lrzsz package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 01 May 2018 15:34:22 +0200 Source: lrzsz Binary: lrzsz Architecture: source amd64 Version: 0.12.21-10 Distribution: unstable Urgency: high Maintainer: Martin A. Godisch <godi...@debian.org> Changed-By: Martin A. Godisch <godi...@debian.org> Description: lrzsz - Tools for zmodem/xmodem/ymodem file transfer Closes: 897010 Changes: lrzsz (0.12.21-10) unstable; urgency=high . * Fixed possible sz data leak, CVE-2018-10195, closes: #897010. Patch from the Fedora project, https://src.fedoraproject.org/cgit/rpms/lrzsz.git/tree/lrzsz-0.12.20.patch Checksums-Sha1: c0ec8c22d144d72a78bf20984e72f47fd108370f 1745 lrzsz_0.12.21-10.dsc 4a5cbf59ef10de222ff2adbdb2dfac12450c3a12 22560 lrzsz_0.12.21-10.debian.tar.xz b0128733b73ecdd8dc8bf20c1717c656b40235fe 4772 lrzsz_0.12.21-10_amd64.buildinfo 79a72bdc4da2aa4b92273f13c64a747325a5ae63 115652 lrzsz_0.12.21-10_amd64.deb Checksums-Sha256: 23a62f4be29f1fae29bf9651c577841c3aecd4d03e14f8c3eb57cec3b8c37939 1745 lrzsz_0.12.21-10.dsc ac60630588772accaf8c215dcc3a36427a0a4de299a481a0ac05fb722cbdbfe8 22560 lrzsz_0.12.21-10.debian.tar.xz 75c0d5895590859b949f137ecb6315e225b823d808da77977e1a8442701cc940 4772 lrzsz_0.12.21-10_amd64.buildinfo 35486f7fa15db1ca53c10bcedffc6528f8f2835a870d393714373c3f7cbc9b28 115652 lrzsz_0.12.21-10_amd64.deb Files: 880af2fddb095aacfc1bb7e915b3a38d 1745 comm optional lrzsz_0.12.21-10.dsc 2fe639295d1b088e82650f13e08cd1a4 22560 comm optional lrzsz_0.12.21-10.debian.tar.xz 7c87b49263b71a7dfb1e4d3b64eb3216 4772 comm optional lrzsz_0.12.21-10_amd64.buildinfo f7a3d3adcfefc244e370c91b8e34b1e9 115652 comm optional lrzsz_0.12.21-10_amd64.deb -----BEGIN PGP SIGNATURE----- iQJHBAEBCAAxFiEEGEIyO0/Pm5CZX6F/o1C5kfBaSFcFAlrobVATHGdvZGlzY2hA ZGViaWFuLm9yZwAKCRCjULmR8FpIV9oTD/9tcnCHR779qaoxX6AQ9xFqAPR+WMZs Pfbi6YqSIP/4VfVlzI9TYCfyMBhv40J1cmcPwPykd1hTknZx8yr46rE21jZSRtLt PfJkMHFWaess0h2AWSX8wmFQYCbRoOb166kQxAYo2B747QwLpqnOWKLh1Vo8GE2r 92jngHGyj38q+CfL2YI8VWgY+EBcbema8jeGcoTAAT2ToDT0GAZgAmPwYggg6hm1 TgZDLYJOc+c6XEkH60qS61PKi6b279hINy4HWyhS8FcSSpVk+6+VMyq7taPGeeuv 02RB8877blVk6Q36LO48cjLdDwK4XA9r36AFuJx/DdhBuH6ZFAHo1mNgL8TyeOfu SBZTK0aFJddXNh2pLAlPVSOg0StYaaMk0TPXQGTtmJOm38V+f0RgQNC0zzpje1iQ p124/9mV0CqTBwdlbWksyKPXmsQ/Pkio8/pTvQCzsFNGPq/BblyzLOUN0xrkuYoD kb5iCLE1HY3P756rX5kH6hKrPxN9KYNVB8wZ63+2B8lWGQ5F81LEvCH3qtjPswIw bPhfLWmrS++7UFteQGCoatdOro4R/pvpJPScrj6Prx0a5AgTDK5e+KhDxREIsuYP HLXNyDHjeVSc+X81UdYVcKLff4iEGuBx/SGkLy9NOyliQgkPQZI6p5lPX1G0SW7V ttwHzrxbPMbImw== =KvoJ -----END PGP SIGNATURE-----
--- End Message ---
