Your message dated Tue, 02 Oct 2018 06:03:30 +0000 with message-id <e1g7dmm-0000yk...@fasolo.debian.org> and subject line Bug#907987: fixed in libextractor 1:1.3-4+deb9u2 has caused the Debian Bug report #907987, regarding libextractor: CVE-2018-16430: Out of Bound Read to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 907987: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907987 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libextractor Version: 1:1.6-2 Severity: important Tags: patch security upstream Forwarded: https://gnunet.org/bugs/view.php?id=5405 Hi, The following vulnerability was published for libextractor. CVE-2018-16430[0]: | GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in | EXTRACTOR_zip_extract_method() in zip_extractor.c. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-16430 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16430 [1] https://gnunet.org/bugs/view.php?id=5405 [2] https://gnunet.org/git/libextractor.git/commit/?id=24c8d489797499c0331f4d1039e357ece1ae98a7 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libextractor Source-Version: 1:1.3-4+deb9u2 We believe that the bug you reported is fixed in the latest version of libextractor, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 907...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bertrand Marc <bm...@debian.org> (supplier of updated libextractor package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 08 Sep 2018 15:30:55 +0200 Source: libextractor Binary: libextractor3 libextractor-dbg libextractor-dev extract Architecture: source Version: 1:1.3-4+deb9u2 Distribution: stretch-security Urgency: high Maintainer: Bertrand Marc <beberk...@gmail.com> Changed-By: Bertrand Marc <bm...@debian.org> Closes: 904903 904905 907987 Description: extract - displays meta-data from files of arbitrary type libextractor-dbg - extracts meta-data from files of arbitrary type (debug) libextractor-dev - extracts meta-data from files of arbitrary type (development) libextractor3 - extracts meta-data from files of arbitrary type (library) Changes: libextractor (1:1.3-4+deb9u2) stretch-security; urgency=high . * Fix CVE-2018-14346 (Closes: #904903), a stack-based buffer overflow in unzip.c. * Fix CVE-2018-14347 (Closes: #904905), infinite loop vulnerability in mpeg_extractor.c. * Fix CVE-2018-16430 (Closes: #907987), missing 0-terminator on corrupted ZIP files. Checksums-Sha1: 12a73e29a4e7f5ec585564dadd09398f1c54b866 2701 libextractor_1.3-4+deb9u2.dsc 3fe0c0bfc5a3b02913b0e9f755779dabf3e54750 19284 libextractor_1.3-4+deb9u2.debian.tar.xz Checksums-Sha256: 738b7dd78f94dd97615f3e83c4380ce4a2b9ca7afbe91198f77e4bfdba783d04 2701 libextractor_1.3-4+deb9u2.dsc ea011219600ae53e9badc5275179547dbfc6d988e48a4bda5ce8328ad603f2ba 19284 libextractor_1.3-4+deb9u2.debian.tar.xz Files: 81eab9b08f700fbb464a80f40d1c9b66 2701 libs optional libextractor_1.3-4+deb9u2.dsc 14aff172eaca0a7f47770992cad036ed 19284 libs optional libextractor_1.3-4+deb9u2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAluVFTBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EB8AQAIa/wooJQs2tBRcEdcIMSshNZ65f8ALq zRYaNq8WBm0cXWPFNLZWQhMMKlAXBZiR080q5SOq8a3HX0m9M0ACiPdnSv8EEgoE 7oW+Y8Pf722AnO4blFu9rAsMsMlrgsJT0kR6Q3ZaB/HEt7NUy9pqhf1rtBxaG3Dk L2d1TM5kOxqeho+padPdY8ZjIqkfyK7w6m7wc3P3sDx5LPnNIfkTqWbz1d2QDN86 IroJ4vdrbALsEBn0yIIjk1HRZ+GZVE7CqXDixwPpV0uysadRck3URYnQrGrUUPLM 64ZBct4WGx9Siootgem9pFxAkI9cWZ3vIWL3LjpZeKbK08SJ2qn9h9yHE8QmzI0D sNhN11Sc+w3lhmGNcr+VdQRCoffHogD/5yLTs5ukV7AoYyjzMw2jSeSS793yNvpB YZLMe5eHFQOs+I5WO70vnZeY+VLZCLAK3W85UiF3NmjUPm/sqcVw9AIOir33OXTs pQPUxEPk4JYj9ofgOcmtbB5rX15RHgPvoIHHpJFwh7sM1WAFZANIw7hGU7wMy0uk 7jab3QehAtYtUePItrQ6i8rhe0aWrgsN2aJmVPvOF0fmDQK5XpXi8mIWre1QPSo3 oxjrdSQfvHb4ESfTEYsyJCqKSlOH7eyWKOt0exNMZMpa0nSjkcCY9ib3VyFdl099 E0IsG6DqX8+r =VQhy -----END PGP SIGNATURE-----
--- End Message ---
