Your message dated Sat, 03 Apr 2021 21:18:21 +0000
with message-id <e1lsnev-000bxq...@fasolo.debian.org>
and subject line Bug#964796: fixed in bsdiff 4.3-22
has caused the Debian Bug report #964796,
regarding bsdiff: CVE-2020-14315
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
964796: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964796
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: bsdiff
Version: 4.3-21
Severity: important
Tags: patch security
X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for bsdiff.
CVE-2020-14315[0]:
| Memory Corruption Vulnerability in bspatch
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-14315
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14315
[1] https://bugzilla.suse.com/show_bug.cgi?id=1173974
[2] https://www.openwall.com/lists/oss-security/2020/07/09/2
[3] https://www.freebsd.org/security/advisories/FreeBSD-SA-16:29.bspatch.asc
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: bsdiff
Source-Version: 4.3-22
Done: tony mancill <tmanc...@debian.org>
We believe that the bug you reported is fixed in the latest version of
bsdiff, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 964...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
tony mancill <tmanc...@debian.org> (supplier of updated bsdiff package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 03 Apr 2021 13:41:41 -0700
Source: bsdiff
Architecture: source
Version: 4.3-22
Distribution: unstable
Urgency: high
Maintainer: tony mancill <tmanc...@debian.org>
Changed-By: tony mancill <tmanc...@debian.org>
Closes: 920105 964796
Changes:
bsdiff (4.3-22) unstable; urgency=high
.
[ Ondřej Nový ]
* d/copyright: Change Format URL to correct one
.
[ tony mancill ]
* Update Maintainer (Closes: #920105)
* Apply patch for CVE-2020-14315 (Closes: #964796)
* Freshen debian/copyright.
Checksums-Sha1:
def84d667478f0bcdf3ccb0ba5bc6004961a0679 1822 bsdiff_4.3-22.dsc
ed2573e5f3590ba526557fa305d90c79403b523b 12108 bsdiff_4.3-22.debian.tar.xz
994c02766e065ab7a7f2e3ded524e11718a7e1b6 5900 bsdiff_4.3-22_amd64.buildinfo
Checksums-Sha256:
b325f9891031dac1f59f9ffdc2bd1ae5d073ca70cda5ea8e0755c5425b4f6da7 1822
bsdiff_4.3-22.dsc
ff0b456679b75d2962f5e6e90fd32f71fb63dac45aaeb0f0a7be724035a3e9e9 12108
bsdiff_4.3-22.debian.tar.xz
e765301020189bed52fc32ee4fe4d2f30b98531618c9066d58668fff8082a2c6 5900
bsdiff_4.3-22_amd64.buildinfo
Files:
34b2c260e61913ea38d8e0302d852ded 1822 utils optional bsdiff_4.3-22.dsc
1db40a1acfbafc974d76c1d1dbf0f9ab 12108 utils optional
bsdiff_4.3-22.debian.tar.xz
aff92f35125a80e34d103a2e4b45ad95 5900 utils optional
bsdiff_4.3-22_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCgAyFiEE5Qr9Va3SequXFjqLIdIFiZdLPpYFAmBo1lgUHHRtYW5jaWxs
QGRlYmlhbi5vcmcACgkQIdIFiZdLPpaDfhAA2y2BJBWaPJgrq5wt4jZBAL/f993t
OkZxazasTvX2CZfcmcMnEJpE2Pkp0pz5XNHOB1gJ2lcC1D2eNk0SKWK+jxUJ8KiE
aYY0d35d6nMBr/zr2PpDbMd2R9AsDJBJP5/UubXF09RyK6Gi9X2JsBw8qx3pafnT
Yl6chVmFHrK4PFfJNnpnbsPieGHPK7C/EbFe9AsaMbJOIMVccQkbwpH8HeU8vbGy
1GcRK9Hhj0PUEEKWaKeuTHPGSYyJNu67rSOvlTTPg+JAXocSgzGLig7QzBbrxWoO
zD+X1idbTTTu7mz6QPCUB2o2k2R6YlCfollrzWCE3/I2vclAvanfnj1PTXh7kcK1
m0abfpmmnIeLSYn7iFafI+E/AqF+E7+OO8irtAZiKv3SiWTVfe+rJpP7oDFCM9hl
ZCWTnNX6FMUAVLTCgpwNL/caAuspZxihxZZruVTjMqKrG2r33nbTJcBQGFc+29bL
WNe1B64HxyZ0Ud62AGN2poupkvcJ0h9bbVRcecJe8nNRI1POQMI0mpSRgK6p/j1p
iXbSepSX/ab95sk1xBe3Iug/B4pxztLbPmz7RDWhhh+nEb9bRiw74+06qcjpV0ri
PZh5pT7tHwb5CUQGp8xD5tQHLjCoYd8hqbScA+q4zhvR/JygD1M+vhtmvj5OI2xF
SW/EBszLMg6YB8Q=
=LivA
-----END PGP SIGNATURE-----
--- End Message ---
