Your message dated Fri, 15 Jan 2021 18:34:31 +0000 with message-id <e1l0tvb-000gss...@fasolo.debian.org> and subject line Bug#975365: fixed in musl 1.2.2-1 has caused the Debian Bug report #975365, regarding musl: CVE-2020-28928 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 975365: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975365 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: musl Severity: grave Tags: security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, The following vulnerability was published for musl. CVE-2020-28928[0]: wcsnrtombs destination buffer overflow If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-28928 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28928 Please adjust the affected versions in the BTS as needed. -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEIYZ1DR4ae5UL01q7ldFmTdL1kUIFAl+4oRoACgkQldFmTdL1 kUL5nhAAwJuNKh1eQodFdOANhHFe9Bi8q7Cf9/RFqONVhoUpD8cna7ANY472sfy/ 0xZKPatOXvWBFJTyUTs2Z/AhNGy4+TomF4v0DQydo8PmZRY0SRkyqpdOr1bHEFx7 YbBX1XdBJLfCq4Uj8T+kGDSZvueqtdDIe8fGoGKnQD2UFKc9JSXBRZ0CZzwxyGda feEsYfU/dFiP1aJgVv86WqJw5KYOtKEgmKmcur5PkfUfdrqL3wqR1JlP0OfxsT9H SjGBVkmlUINWMfrKBZRirYTJUKFPxLPJDZNOB5dqvENVMxigEeIgGRYvPfJxK4P5 dc+1ayAUFBbwUq2k4Vs9TR+E6spyEbodwZXHUXCBchQb6+V8uVTa6Xd6Egvkah7E xoIMnbre/5vlaWRJH09NaKhFKsE6eXMTv4boPdCC0IprGWIvo99PwuAFLrmpD7pK TOQMt1XFts0nddMHtD2oVDiepT0NUhNFtUxzO05ZWZMC5eFDlCfiOgPjiFQV7/6U UXSkEiB41Z5MHXmIJEKBD4gHutu0+nq/hhCsCKAO4vNbbHio2QE6zu7Yi9nKZlpt aa7IZPWlgcw7yp2hBrz1ENSEPUWhpYUsUL6mq9HiqqWA7wrujbWzDOCvxEQg/TrU BkyzFVZdMk3wFcjxy6bQipMlY4A5rq6yRPNflSUhHup8Gxoyfzs= =Badk -----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---Source: musl Source-Version: 1.2.2-1 Done: Reiner Herrmann <rei...@reiner-h.de> We believe that the bug you reported is fixed in the latest version of musl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 975...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Reiner Herrmann <rei...@reiner-h.de> (supplier of updated musl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 15 Jan 2021 19:03:01 +0100 Source: musl Architecture: source Version: 1.2.2-1 Distribution: unstable Urgency: medium Maintainer: Reiner Herrmann <rei...@reiner-h.de> Changed-By: Reiner Herrmann <rei...@reiner-h.de> Closes: 975365 977130 Changes: musl (1.2.2-1) unstable; urgency=medium . * New upstream release. - fix wcsnrtombs destination buffer overflow (CVE-2020-28928) (Closes: #975365) * Fix MUSL_ARCH/MUSL_TRIPLE on sh4 (-> sh). (Closes: #977130) * Update copyrights. * Update watch file to version 4. * Bump Standards-Version to 4.5.1. Checksums-Sha1: e446f19652a789db697dcfa44c61cf7878b1cd69 3119 musl_1.2.2-1.dsc e7ba5f0a5f89c13843b955e916f1d9a9d4b6ab9a 1055220 musl_1.2.2.orig.tar.gz 174a6a246d0b00e8b5f83704165f9c79cce693d9 490 musl_1.2.2.orig.tar.gz.asc c47e30c1b8bea2804f18ad08c5013ef93ddf75a2 11760 musl_1.2.2-1.debian.tar.xz 5dace9f7e0a932e1ddf0da200abd326c4e475d9d 5990 musl_1.2.2-1_source.buildinfo Checksums-Sha256: 659d3f7b95e550fb798e7a2898ab4644d6d28b48f4413cdd56515cda4f393b5a 3119 musl_1.2.2-1.dsc 9b969322012d796dc23dda27a35866034fa67d8fb67e0e2c45c913c3d43219dd 1055220 musl_1.2.2.orig.tar.gz 706094dc74fd589b74e3ce5a6ef7ccc29489e9a2a78a6539989f6468000c71ae 490 musl_1.2.2.orig.tar.gz.asc 18664aa246e52784fcfa7cae3d41ca0f6c0f8ec3b0b4d02601f11235c13c999b 11760 musl_1.2.2-1.debian.tar.xz 12e2105c1e941c31622de1d312bb968a0a852615e084101da452fd0e427979e2 5990 musl_1.2.2-1_source.buildinfo Files: 2d98df1b4980c30c957429b5c5b587ce 3119 libs optional musl_1.2.2-1.dsc aed8ae9e2b0898151b36a204088292dd 1055220 libs optional musl_1.2.2.orig.tar.gz aa6b0aff08641f78f3f2e12429085e82 490 libs optional musl_1.2.2.orig.tar.gz.asc 783549d06d8f0f5c962c8d417c5a881f 11760 libs optional musl_1.2.2-1.debian.tar.xz ab254068dbb688a683a869ae4469ee6b 5990 libs optional musl_1.2.2-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE2Pb6feok2Q1urHM7zPBJKNsO6qcFAmAB2WUACgkQzPBJKNsO 6qdNxBAAgbdjihBzTF/1PjypaQ9Ddn1s0ZnXX7ua8kj0lTwz+oVxWy6ewUlZmeQk rFjF21bCbb1vEDEmo/wr0N2QVxAM3u6EjRpod/Mazg5NIt7uddKuHRoUxpZf5qRH 2xbYiN5Tg/4/aZaNwPFAs6wJPRprXYdUw+82j8bWxV40IPm/efgxqwSQ+CNHnE8E rfZ7rubmB/gYBJZw07nw0LPohksNRBvA8JBfysVeNtlE6urBjScxo+WBmGDJyDeq iHNiKY950S6cozS8WReQlCz24iQcvwlqn1ZUpXmVehDL4I9fpFFz6I+QkcB7WyqL SSYbZLAy7LYnipxH0LhwxWQDmnmg8AK6M2nUJ2bzQHRYuBt4VNAL6WtVjTyJErpR IbA+n41HHllYNVnzHXqaAZl8dnHtpckI3vOX9FkcXFngzeHXDmjuas6bzHxeq2zq M9OxYjs2Tz04hOfl2fwd9m/8EM1zpgF3OQVksnVxtIUut+oIAfRex22J61iSvl+U lrjLYHD9Sw6+u2UrhNziRPrVcm08VCM7/cGumWjT2f1xRRnNCJugcpjOhmprzQZx aPzLmjSsA0JIpfYEfwQRIgtqwSTs1eViBrOFt2IsD89rU1Nd7uuFbJ3JIyyP284w f9e5nG80oH5yzdM8Cfsq0SVvd3Qkq5WGDZvYwllUkSgd6+UyDwg= =Lk7R -----END PGP SIGNATURE-----
--- End Message ---
