Your message dated Fri, 13 Nov 2020 11:03:33 +0000 with message-id <e1kdwrd-00095v...@fasolo.debian.org> and subject line Bug#973889: fixed in raptor2 2.0.14-1.1~deb10u1 has caused the Debian Bug report #973889, regarding raptor2: CVE-2017-18926 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 973889: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973889 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: raptor2 Version: 2.0.14-1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for raptor2. CVE-2017-18926[0]: | raptor_xml_writer_start_element_common in raptor_xml_writer.c in | Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace | declarations for the XML writer, leading to heap-based buffer | overflows (sometimes seen in raptor_qname_format_as_xml). If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-18926 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18926 [1] https://github.com/LibreOffice/core/blob/master/external/redland/raptor/0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1 [2] https://www.openwall.com/lists/oss-security/2017/06/07/1 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: raptor2 Source-Version: 2.0.14-1.1~deb10u1 Done: Salvatore Bonaccorso <car...@debian.org> We believe that the bug you reported is fixed in the latest version of raptor2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 973...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated raptor2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 06 Nov 2020 22:46:38 +0100 Source: raptor2 Architecture: source Version: 2.0.14-1.1~deb10u1 Distribution: buster-security Urgency: high Maintainer: Dave Beckett <daj...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 973889 Changes: raptor2 (2.0.14-1.1~deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Rebuild for buster-security . raptor2 (2.0.14-1.1) unstable; urgency=medium . * Non-maintainer upload. * Calcualte max nspace declarations correctly for XML writer (CVE-2017-18926) (Closes: #973889) Checksums-Sha1: 7054748d4f99239718a90fad48f571abb627afd6 2308 raptor2_2.0.14-1.1~deb10u1.dsc f0dc155ee616aac0e5397dd659519c9d0a262f21 1877454 raptor2_2.0.14.orig.tar.gz 55bc009e40ed5fe27320245a89ae9e4ee6658a46 8372 raptor2_2.0.14-1.1~deb10u1.debian.tar.xz Checksums-Sha256: b9d9c09236ac0580c9a1404d61f867fae5519b330c68a0c271a699eb65443153 2308 raptor2_2.0.14-1.1~deb10u1.dsc cb447b7c684cbe60f1266d622691fd20fdcf7b91f4a470c6de5fc8e8961df1b2 1877454 raptor2_2.0.14.orig.tar.gz b70ff4ad71f3e440eb7268d2bdcef6d6ae16b2b35990d9937b5bfb622f0fbd17 8372 raptor2_2.0.14-1.1~deb10u1.debian.tar.xz Files: f6da6287ef6fdcc374689f5a0e0f470e 2308 devel optional raptor2_2.0.14-1.1~deb10u1.dsc d3e0b43866197a5367b781b25510f728 1877454 devel optional raptor2_2.0.14.orig.tar.gz eb064a4d4035760e6330dc283a56ab74 8372 devel optional raptor2_2.0.14-1.1~deb10u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl+lxWdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EebYP/AhVwSHsI8mugL1Wf+rHV0Z/KwKN634U pqV6EeeYrp+KVEAIPZOvYE4rpD4egw+iCLyZLtkgJHkjNCUpzNnz8WNH//bVjT8k QSBq8vj2vlyS8f/uron3sikIkvD7tRszAxuqcNIgrmOcGMoKhchVl6koY0wHSK2K rwXo+5tsvnyrqfEQV35PxjFpSCdUv/utfZ8shIO40n9d5XuE1o3B5GbxHqcAkHTp xjm5iYzHNZ8yxikNrRluq2s0BVeb6SrnnBMF+6U9e4yJ2eDDMghahNjxDA5t/FO8 067Of6rY/+ePXZYbvUwX9NlBtOfCqC3eRhxFJWOae+i+dWSE95ZjLP/Sf7cES0j3 f0NpT1M9wTkiw1K+o326OYL/25GYxKJxWHkSBIKWEza7dE9YdzXCLVRPHby1uhMt 9LUqVD9Sp7ThOLRkjr9EDJQjlsh+GOe1gNcLJLLcX1q8qqP386s3egMNvS/IQk8Y YRkZG2jqxZsAGCSgYJ/GhbHZeGbkuaq9qP4feZW/pBBdLGW0nOgXgRZDV2lPYKs5 tLZZIBXu7X7E5qQu/gwSIdGXoLp6OM+NYmSsMljGYhv/4ar1d4SxCC7CK/2RpM5H guYQBsFtUpnkUh5PY9CGTCgfB8CkawKxEpWFhYbPOI852Dg5V3jtVFmCiRsWa3nn 2GgkVO99seM4 =JLE3 -----END PGP SIGNATURE-----
--- End Message ---
