Your message dated Sun, 08 Nov 2020 22:08:07 +0000 with message-id <e1kbsr1-0004kx...@fasolo.debian.org> and subject line Bug#973889: fixed in raptor2 2.0.14-1.1 has caused the Debian Bug report #973889, regarding raptor2: CVE-2017-18926 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 973889: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973889 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: raptor2 Version: 2.0.14-1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for raptor2. CVE-2017-18926[0]: | raptor_xml_writer_start_element_common in raptor_xml_writer.c in | Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace | declarations for the XML writer, leading to heap-based buffer | overflows (sometimes seen in raptor_qname_format_as_xml). If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-18926 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18926 [1] https://github.com/LibreOffice/core/blob/master/external/redland/raptor/0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1 [2] https://www.openwall.com/lists/oss-security/2017/06/07/1 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: raptor2 Source-Version: 2.0.14-1.1 Done: Salvatore Bonaccorso <car...@debian.org> We believe that the bug you reported is fixed in the latest version of raptor2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 973...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated raptor2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 06 Nov 2020 22:08:54 +0100 Source: raptor2 Architecture: source Version: 2.0.14-1.1 Distribution: unstable Urgency: medium Maintainer: Dave Beckett <daj...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 973889 Changes: raptor2 (2.0.14-1.1) unstable; urgency=medium . * Non-maintainer upload. * Calcualte max nspace declarations correctly for XML writer (CVE-2017-18926) (Closes: #973889) Checksums-Sha1: 2e276272324b042372486984836cea8f6d122440 2276 raptor2_2.0.14-1.1.dsc 48741dcde17e8b538ca3acd7e520398008072d6f 8332 raptor2_2.0.14-1.1.debian.tar.xz Checksums-Sha256: bcac8b90839d60276859f7e34333813e1bbb18a80d20f12b4234bbf2cdcbf0c9 2276 raptor2_2.0.14-1.1.dsc 5efc5514a5cf221b8eb5ed196d4be2b20e16a2152958fe6e219effb066788394 8332 raptor2_2.0.14-1.1.debian.tar.xz Files: e8373a93cf7fe2394656c379b1d55117 2276 devel optional raptor2_2.0.14-1.1.dsc 57a01bb70d919c63cc04ee4e2677c5c7 8332 devel optional raptor2_2.0.14-1.1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl+lvL1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EMTAP/3aRfEF8nvBej/4Q9JV/GOoasrJuR8am s6jCgCJTUAGSB8VLl2ZP6jyeCv2m5LJf4fK7PHLBEO7DclRaJIk6XRexzHTkDa76 Y3P3rqPbG/rJbhnIPI80hPcHkTPqMb/ojfngCSqqodRSbV1YZO4K32360Xl7voga YO57Gj36RqABDq/MbbPPdgL6p6G8mSpYxOK3abn+xxJgc2QiZY2sEqlPz0F8YxhJ MuchYQkxte3QTB4SkVwFXyAtQ1XRhyRwd4D0KKSRcuFvQapkDVWeq6qgfWRU+3C9 0Ma/SkzmHuLVS1wnoF6eB/NmUhZbMPIRnWNibfVliXxWTX/pVJ/faKGy8DP6fd1J 1H+Q3Sls4KQMggOl+4MjTBVlE8mGyp55nCL77PxlPRX4BL45J0AKVb6thelH/ETx 80mkCCQY712dsU80ciRDWVEjvZm5qNm/o5qXA8xZjFs0iumGY9WgriN0Lts+/z09 7IwqpGyREMHH3rLIeNKFA8zAmCn91MXEV7muRAgFFRCh2o6A2+NgSvSt1vLevmy2 j7xv1bqLxTNFu5eDj7eUR2B0PfeAvyNNl5o2+9yQquUFdL8fZGgr28elITwL/U9L Otn7NjmfzukHfZOcIsZNe2G4ZnYXVryVvL3UdkXJMhQ+RkTyIumv9NP4GrHovbsd awQypTwekycp =vUrG -----END PGP SIGNATURE-----
--- End Message ---
