Your message dated Sat, 21 Dec 2019 16:32:27 +0000
with message-id <e1iihg3-0005nk...@fasolo.debian.org>
and subject line Bug#947043: fixed in cyrus-sasl2 2.1.27+dfsg-1+deb10u1
has caused the Debian Bug report #947043,
regarding cyrus-sasl2: CVE-2019-19906: Off-by-one in _sasl_add_string function
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
947043: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947043
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: cyrus-sasl2
Version: 2.1.27+dfsg-1
Severity: grave
Tags: security upstream
Forwarded: https://github.com/cyrusimap/cyrus-sasl/issues/587
Control: found -1 2.1.27~101-g0780600+dfsg-3
Hi,
The following vulnerability was published for cyrus-sasl2.
CVE-2019-19906[0]:
Off by one in _sasl_add_string function
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-19906
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19906
[1] https://github.com/cyrusimap/cyrus-sasl/issues/587
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: cyrus-sasl2
Source-Version: 2.1.27+dfsg-1+deb10u1
We believe that the bug you reported is fixed in the latest version of
cyrus-sasl2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 947...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated cyrus-sasl2
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 19 Dec 2019 22:59:30 +0100
Source: cyrus-sasl2
Architecture: source
Version: 2.1.27+dfsg-1+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Cyrus Team <team+cy...@tracker.debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 947043
Changes:
cyrus-sasl2 (2.1.27+dfsg-1+deb10u1) buster-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Off-by-one in _sasl_add_string function (CVE-2019-19906) (Closes: #947043)
Checksums-Sha1:
c2af544a3fb6d6735dbf11958aaa772a07c8801b 3580
cyrus-sasl2_2.1.27+dfsg-1+deb10u1.dsc
6da3baff1685e96b93b46cdd47e13ecc34a632df 2058596
cyrus-sasl2_2.1.27+dfsg.orig.tar.xz
7535cdb01b04cfa4b2a5d9619aa2e837f0291dc9 99972
cyrus-sasl2_2.1.27+dfsg-1+deb10u1.debian.tar.xz
Checksums-Sha256:
4537e3acdf1e009c402110aa47d6f5acef87594b4ad7e13733d3956d85b2d110 3580
cyrus-sasl2_2.1.27+dfsg-1+deb10u1.dsc
108b0c691c423837264f05abb559ea76c3dfdd91246555e8abe87c129a6e37cd 2058596
cyrus-sasl2_2.1.27+dfsg.orig.tar.xz
df71d3cd6c623702c5daeab440c91899c8d4e7955cf632e6bd07de3a65cb8538 99972
cyrus-sasl2_2.1.27+dfsg-1+deb10u1.debian.tar.xz
Files:
5f4931df32fa8c405220d05c1f26925e 3580 libs standard
cyrus-sasl2_2.1.27+dfsg-1+deb10u1.dsc
ce30955361d1cdde3c31d0ee742e338d 2058596 libs standard
cyrus-sasl2_2.1.27+dfsg.orig.tar.xz
ba6707c9b3f82742a8b25d5d95fd6dd3 99972 libs standard
cyrus-sasl2_2.1.27+dfsg-1+deb10u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl379AdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89En3AP/j/ZLqYssVCDeD358qGOdFwPB/m88w/E
Mwe1e3kwsXiItNuj7eZqiOVGdb4H2e102mH+h5NxBkruSGinBRSdcY2/4Cg39hKX
eXU8bH66O1HlLvsuvbP9PeMZ/3xQ7qktBLfIyAUQippTVcH2voqPj06kvInVsjOq
tTeVL12I2s70qUSgzI4C3ziSm4bx4qhRJ6YKoFjIflPXD3wSjItnFpSKTXVtQSvB
HNxT9dH55YdJz1U7KViMNvENjkf600izYi2QJLdVLfI+/YCyxDJRJj6JXzZbnCPD
Zfjeinxwztd+/U5lsT8/0JfEAEzGUXGaZvAKmYqIO3AKe+d2x0wpfOvgCoDGEgQV
mOUU2q6Iz6F9h0dll1nWXqFIcoXnYDO+LgHHVxskW2EJ5jTXfHaOu7bKG/rh18jf
dZZ+YYirfhA3YaCvp8URM1buvVL1klCD9hjO+ptScEhOi2EbN+6qVdYUPw9rj771
rrPxOFcx22NN+xjo2Hao8ennGtxKLmwjBTIGbYlNkHGUJ/0ai1t62HUUqLX2wRH5
EqpEtMxLqSgy1+fb0y/+qvnsJbiTJIa0ZriZh7O1igW473FHozT1oZjrJB9b+tQG
CLuELxucix+2s51y4D7aarqgEhpTNld5YnA0zaBd8iQgklZoLF59L5joFZDyiOdR
8qpQdx/5KtLO
=xA/a
-----END PGP SIGNATURE-----
--- End Message ---
