Your message dated Wed, 18 Aug 2021 19:34:41 +0000 with message-id <e1mgrkj-000bnw...@fasolo.debian.org> and subject line Bug#991386: fixed in ublock-origin 1.37.0+dfsg-1 has caused the Debian Bug report #991386, regarding ublock-origin: CVE-2021-36773: Denial of Service to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 991386: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991386 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: ublock-origin Severity: grave Tags: security X-Debbugs-Cc: Debian Security Team <t...@security.debian.org> Disclosure: https://github.com/vtriolet/writings/blob/main/posts/2021/ublock_origin_and_umatrix_denial_of_service.adoc Fixed in 1.36.2: https://github.com/gorhill/uBlock/releases/tag/1.36.2
--- End Message ---
--- Begin Message ---Source: ublock-origin Source-Version: 1.37.0+dfsg-1 Done: Markus Koschany <a...@debian.org> We believe that the bug you reported is fixed in the latest version of ublock-origin, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 991...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Markus Koschany <a...@debian.org> (supplier of updated ublock-origin package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 18 Aug 2021 20:56:50 +0200 Source: ublock-origin Architecture: source Version: 1.37.0+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian Mozilla Extension Maintainers <pkg-mozext-maintain...@lists.alioth.debian.org> Changed-By: Markus Koschany <a...@debian.org> Closes: 991386 Changes: ublock-origin (1.37.0+dfsg-1) unstable; urgency=medium . * New upstream version 1.37.0+dfsg. - Fix CVE-2021-36773: uBlock supported an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service (unbounded recursion that can trigger memory consumption and a loss of all blocking functionality). Thanks to Marcus Frings for the report. (Closes: #991386) * Declare compliance with Debian Policy 4.6.0. Checksums-Sha1: 57b2550f792ccd925e01c7fa25ef2a696c0ef736 2500 ublock-origin_1.37.0+dfsg-1.dsc 41ae526555f6df4f5746f18aaab7fea7fdb43977 14345480 ublock-origin_1.37.0+dfsg.orig.tar.xz 466f3dea012f6ad2c198f05157e20a4643d1ac88 39980 ublock-origin_1.37.0+dfsg-1.debian.tar.xz a23c81d04266b475e9957f482049802fbf842113 7298 ublock-origin_1.37.0+dfsg-1_amd64.buildinfo Checksums-Sha256: 73af2f861736c87ac5d7ac3fd69292ee9b1a31b057742d47c7c9afe87685db41 2500 ublock-origin_1.37.0+dfsg-1.dsc 6997ea7112c58c860124cccfe82536744cb595ba022d1a54b0dc0e408badbf0f 14345480 ublock-origin_1.37.0+dfsg.orig.tar.xz 7816e8b313b62067260113ce37e076644ee90abef2160c44304a1f1a9d22e279 39980 ublock-origin_1.37.0+dfsg-1.debian.tar.xz 7df3cf40b31c775264bd2ea92cf9bf2eb461808f164617cee9f0db66fec68bde 7298 ublock-origin_1.37.0+dfsg-1_amd64.buildinfo Files: c30c48c7246dd2c0b085c46e24559f67 2500 web optional ublock-origin_1.37.0+dfsg-1.dsc 38aa1c2ca8a28297b56da980092c4c68 14345480 web optional ublock-origin_1.37.0+dfsg.orig.tar.xz 9d3e16843d678a9160f362b6ce136d15 39980 web optional ublock-origin_1.37.0+dfsg-1.debian.tar.xz f8ab42877a2f07871f78545fa3174457 7298 web optional ublock-origin_1.37.0+dfsg-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmEdXFdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkDrsP/RXe2velm5lQqT+SgZ26eKteqz85ZXBzToal oXCzdeOotwkqGh2C4/PUUihsT+TGFIYZWZ6AqaI33+6zx7VARZL2pFFh5aeQCaJ+ d5HD9sKwMD6MGRdXPaTJuRS3/0w4MAvjsK4I2lWJgLYNy89vS/nygJh7v1EipdIE buIDA/dUFIed/mJvz9ODofV1SM76qDOG5WfTQxzzJBEU5I8+j7Wf7FdT+JEEjVew hlmGvyL6OGE12hE1KIvuFMfDv0TuNsckNfhCxRBcg1bTT49J+nFOeYTy+OZ4soWJ LMK5SCKawCqu9+GW0jeGwGrwSQtq+2w3DTxWIqp2/XpG9wGzTeBvtJFvZ7ilyY/d xd9a2bUq/8O0KJl8C/8dNzqIWWvC71aiHjjRp0WB2lT5G+PCLoyanw1FkmZu3EqO 1QViYxcTIszQjTUqn4crOEwLGX/eVLXASHnZ5myWnZPGTDoxf4xfHCKen+YKNVjZ VfDzbg1ziJAkscVEvKASrFjNlvB64+WYyFHLp84S8CSOiIA8wqZCKmUHMXkRHnSf e5X2UjW4PmHP4BmgWj9qqZNPR7Hyh6z6Wp6sqe2U0k/TnM8JHr6laD853SJ09FYw PS90KcOEjVhBVOLylsCYzSqfXYAsoTEMdcrLOmiwpEokbZ84qTuZFZ669/wMSqj/ tWgwAGQT =jDEE -----END PGP SIGNATURE-----
--- End Message ---
