Your message dated Mon, 18 Jan 2021 09:20:44 +0000
with message-id <e1l1qik-0006cm...@fasolo.debian.org>
and subject line Bug#980007: fixed in tcmu 1.5.2-6
has caused the Debian Bug report #980007,
regarding tcmu: CVE-2021-3139
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
980007: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980007
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: tcmu
Version: 1.5.2-5
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for tcmu.
CVE-2020-28374[0]:
| Linux SCSI target (LIO) unrestricted copy offload
A patch was provided in [1] but at time of writing it does not apper
to be yet in the upstream repository.
Further information in [2].
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-28374
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28374
[1] https://bugzilla.suse.com/show_bug.cgi?id=1180676
[2] https://www.openwall.com/lists/oss-security/2021/01/12/12
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: tcmu
Source-Version: 1.5.2-6
Done: Sebastien Delafond <s...@debian.org>
We believe that the bug you reported is fixed in the latest version of
tcmu, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 980...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sebastien Delafond <s...@debian.org> (supplier of updated tcmu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 18 Jan 2021 09:26:23 +0100
Source: tcmu
Architecture: source
Version: 1.5.2-6
Distribution: unstable
Urgency: high
Maintainer: Freexian Packaging Team <team+freex...@tracker.debian.org>
Changed-By: Sebastien Delafond <s...@debian.org>
Closes: 980007
Changes:
tcmu (1.5.2-6) unstable; urgency=high
.
* Fix CVE-2021-3139 (Closes: #980007)
Checksums-Sha1:
c3e1c5276c292dee51488dfff61733b50524109c 1683 tcmu_1.5.2-6.dsc
efeb3bed957ac68ebceab7df051e7891097d8205 7148 tcmu_1.5.2-6.debian.tar.xz
55de47f3abbfcd62a62bbdcf5d8af68bb0145d25 8766 tcmu_1.5.2-6_amd64.buildinfo
Checksums-Sha256:
6ac10874e1237292ab3a57cef0fd0588be16bf5e8c26a80042e2a2ef1f670ffb 1683
tcmu_1.5.2-6.dsc
b87c00bd0bd5aa92ff4bd263bddeeb3dd1dc3f694d149b33b70798cb5b8386db 7148
tcmu_1.5.2-6.debian.tar.xz
812bcc30bff44cc15cbdff29e02c36302394c1ba65a98da636c74245c6a674c0 8766
tcmu_1.5.2-6_amd64.buildinfo
Files:
1a93e68e393bd4264ef547193e75bb07 1683 admin optional tcmu_1.5.2-6.dsc
8b0049f6016f2f4342c78eef4410919e 7148 admin optional tcmu_1.5.2-6.debian.tar.xz
f0ee41db44e0ed17411c179dcdbcdfa3 8766 admin optional
tcmu_1.5.2-6_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAmAFSz4ACgkQEL6Jg/PV
nWSmMwgApkCanLRQbox0O3VjBNH5xJUUZFUVvUHSgtC6jQLyG3MEa1PyBqI5AqPV
ivXej82WuxY2c7H8wmEGciv5OgLOwiA99wfZ7SEA+0UwQOp9zfqJGFLBjmyP3TXa
a60j5/BvvTWXUjo37arsCMV7C9bDlf3ngOCiLqqZFv2GdMDIPwcsuxlZXdaCFb8B
HPFI6KtEc03/sTpyUBXerltfAfxquL3IefjT3i+OT5ItYK6yPqHytSUccxq4Qf2X
XPpKo7rc4iRfYjChzK48RHdkebyjX2RuEt7AChXm48vTdvRItCNBLfDZc0TzZJxF
5r+KNa1g6c0Q09UAmUxWgOuH936SFw==
=LVZX
-----END PGP SIGNATURE-----
--- End Message ---
