Your message dated Mon, 11 Mar 2019 23:05:24 +0000 with message-id <e1h3tz2-0009nx...@fasolo.debian.org> and subject line Bug#913165: fixed in zziplib 0.13.62-3.2 has caused the Debian Bug report #913165, regarding zziplib: CVE-2018-7726 CVE-2018-7725 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 913165: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913165 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: zziplib Severity: important Tags: security Please see https://security-tracker.debian.org/tracker/CVE-2018-7727 https://security-tracker.debian.org/tracker/CVE-2018-7726 https://security-tracker.debian.org/tracker/CVE-2018-7725 Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: zziplib Source-Version: 0.13.62-3.2 We believe that the bug you reported is fixed in the latest version of zziplib, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 913...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated zziplib package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 04 Mar 2019 22:43:14 +0100 Source: zziplib Architecture: source Version: 0.13.62-3.2 Distribution: unstable Urgency: medium Maintainer: Scott Howard <show...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 889089 889096 910335 913165 923659 Changes: zziplib (0.13.62-3.2) unstable; urgency=medium . * Non-maintainer upload. * Invalid memory access in zzip_disk_fread (CVE-2018-6381) (Closes: #889096) * Reject the ZIP file and report it as corrupt if the size of the central directory and/or the offset of start of central directory point beyond the end of the ZIP file (CVE-2018-6484, CVE-2018-6541, CVE-2018-6869) (Closes: #889089) * bus error in zzip_disk_findfirst function in zzip/mmapped.c (CVE-2018-6540) (Closes: #923659) * out of bound read in mmapped.c:zzip_disk_fread() causes crash (CVE-2018-7725) (Closes: #913165) * Bus error in zip.c:__zzip_parse_root_directory() cause crash via crafted zip file (CVE-2018-7726) (Closes: #913165) * Memory leak triggered in the function __zzip_parse_root_directory in zip.c (CVE-2018-16548) (Closes: #910335) Checksums-Sha1: e2ca280645d97a2ebfb615214f059f08ff3b9902 2191 zziplib_0.13.62-3.2.dsc 1d7b30a6a71bc1fa91e331df4920c64a31bf98f4 16416 zziplib_0.13.62-3.2.debian.tar.xz Checksums-Sha256: c02427dd520086d8709cbb1b691f469686a74a05aac646d51cee47b4353c15bf 2191 zziplib_0.13.62-3.2.dsc cbe442563e0e9c1fdb83847442ddd0be5ec72e64689e08ab3b19cabb72650d81 16416 zziplib_0.13.62-3.2.debian.tar.xz Files: 7cc4e8d59bc763d95e1eb9f42a7628cf 2191 libs optional zziplib_0.13.62-3.2.dsc 08bad4fd3cad2e7b7f38ca5b621377f1 16416 libs optional zziplib_0.13.62-3.2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlyAS7FfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89ECbwQAIebRYZII6zTG+4qxbEBSb8JMZ9C27ZB +kcie5p6ny1JpIbXKO1ubX6DGNTpcAU/DC6CgWa4xvHrWAJTqtWuh+g5Sp4Obyw7 qbUuHKX+eyrXCBuoz+wh4vGy7pKyDUVZY2aKJPPAC69go2lNnmMkwL24yN2LZLB9 3+BS+xOUPN5plXbOcgWtabS9I8WOvYoNh2vcxEjyHPtvAK7lB98berr/xaEF2PGx iy6Dm2yKoj9O1xykaQbsHFBX3CcRR3cyb46J4HyYCmD9fdH82j6Rju3pn90/tY6u t+d0+3e0fjyW1nO7KqAiZxBrqv9OC0XvrTMouhmw6J+w07z2YxhsRTJ07EAi9wPv 8mQC5LMnP0n6q25OhaGsNIRt4H5S1bySw29hH7Z9gpMNBXiqfuFrRvz1ILaXSZ6N 6ttDk5DXAZ+I+vrg0AQ4DHMXBicrrOg/4YE++6Hp0l/ynl1BtGQe2MU5GNxi3tMv a1gu3rSmOLxXA98CSTJ1PAcx0BZa4YlpfDDg3+ODyjT5z8PqJgQxK+MvCAq0us4U VgovKtAsP1+frBhdhc+SrMBHxoMr1aJIiPrU1g0S1CfXlXOQ1tmNmdoFyq1bZ8Sb P0W3x8YIwO86wNn1AG8w/c1HM6Ifyj+kCu6ZOTuIsc9qPyVuQnffryWOeLDNshaT PxKbNUOp/ahW =QfJe -----END PGP SIGNATURE-----
--- End Message ---
