Your message dated Wed, 22 Dec 2021 20:37:14 +0000 with message-id <e1n08mm-000ai3...@fasolo.debian.org> and subject line Bug#1001711: fixed in libtoxcore 0.2.13-1 has caused the Debian Bug report #1001711, regarding libtoxcore2: Stack-based buffer overflow vulnerability in UDP packet handling in Toxcore (CVE-2021-44847) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1001711: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001711 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: libtoxcore2 Version: 0.2.12-1+b1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: Debian Security Team <t...@security.debian.org> Dear Maintainer, libtoxcore has CVE-2021-44847: https://blog.tox.chat/2021/12/stack-based-buffer-overflow-vulnerability-in-udp-packet-handling-in-toxcore-cve-2021-44847/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44847 Workaround is to disable UDP support in settings. -- System Information: Debian Release: bookworm/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.15.0-2-amd64 (SMP w/8 CPU threads) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=lt_LT.UTF-8, LC_CTYPE=lt_LT.UTF-8 (charmap=UTF-8), LANGUAGE=lt Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libtoxcore2 depends on: ii libc6 2.33-1 ii libopus0 1.3.1-0.1 ii libsodium23 1.0.18-1 ii libvpx7 1.11.0-2 libtoxcore2 recommends no packages. libtoxcore2 suggests no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Source: libtoxcore Source-Version: 0.2.13-1 Done: Yangfl <mmyan...@gmail.com> We believe that the bug you reported is fixed in the latest version of libtoxcore, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1001...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yangfl <mmyan...@gmail.com> (supplier of updated libtoxcore package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 21 Dec 2021 15:49:21 +0800 Source: libtoxcore Architecture: source Version: 0.2.13-1 Distribution: unstable Urgency: medium Maintainer: Yangfl <mmyan...@gmail.com> Changed-By: Yangfl <mmyan...@gmail.com> Closes: 1001711 Changes: libtoxcore (0.2.13-1) unstable; urgency=medium . * New upstream release * Fix CVE-2021-44847 (Closes: #1001711) * Bump Standards-Version to 4.6.0 Checksums-Sha1: 3d9c18210e5f2668c840b93667a2600418501a2b 2362 libtoxcore_0.2.13-1.dsc 70477f432352285dbcfd5dbc15289058a3c15780 511533 libtoxcore_0.2.13.orig.tar.gz b95d78d8aae24bc0106887e8a8a1dbc970c255a7 833 libtoxcore_0.2.13.orig.tar.gz.asc b794e0591ec5595d1fa1255577e24cc88df8ab43 11092 libtoxcore_0.2.13-1.debian.tar.xz 1cfbda60c6f9bc26a1777207aa8e8f7dbd53623b 7944 libtoxcore_0.2.13-1_amd64.buildinfo Checksums-Sha256: b3983ea40f0ba522bcd065ed672dd879f931068b4d48b6548c50419392a9a662 2362 libtoxcore_0.2.13-1.dsc 67114fa57504c58b695f5dce8ef85124d555f2c3c353d0d2615e6d4845114ab8 511533 libtoxcore_0.2.13.orig.tar.gz 15ce1867ffa4e49de80c297dce24fa99c87e125641bfdab821fb450a0cf831c4 833 libtoxcore_0.2.13.orig.tar.gz.asc bffd3fb03d5094f79ab605aa79e29bc861c15cbef94184b6909435aa0c252dbe 11092 libtoxcore_0.2.13-1.debian.tar.xz fccd3d3d5861202c7de3815b5b138fafe1d7bf9c53e337e88743f261fc94a2dc 7944 libtoxcore_0.2.13-1_amd64.buildinfo Files: cb1e1b3cc9c0c44fc5899fee3daeb176 2362 libs optional libtoxcore_0.2.13-1.dsc 3fb55506a84a50cf84af7946b3706ca9 511533 libs optional libtoxcore_0.2.13.orig.tar.gz 84c93b2136b39152f912d527521cabf8 833 libs optional libtoxcore_0.2.13.orig.tar.gz.asc a27e0b052a4c1ad4ce09a61f41072e4d 11092 libs optional libtoxcore_0.2.13-1.debian.tar.xz 75fa9844a46e2036a79cd3ccba39700c 7944 libs optional libtoxcore_0.2.13-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEfncpR22H1vEdkazLwpPntGGCWs4FAmHDgp4ACgkQwpPntGGC Ws6HHBAAnnAbeAPaM7Hi/bS9+GsmbQDnAYRo7P10l8jJwa+hJEjnm+FmTDUBExJV ukOXMGQ6soiJETAN/rQ6k0z8mEx9qpFCy9VcP7kvD3L97u0Iy+Bqb7BjRwMJ4e/6 skN8lfeUgHgOmcxzzZHJjUwNaZYer6EtJ0DJ4Vm59eoeZTdqS7LwzB2DXH4c0D+6 pNvkE3pYUkkhEasrpBGdEmrltLQqym0SW5tKjCMWl/c1k7nJhzeFGP9O45vorcw5 xjw/uHxq1C3T+HmhzxNZxOyvThhMCDHgf6017IWy2iwKp97or7cir8VS4c/facx9 Kfe3YioeHEF/+6lP4fdyJvgKvJ2dnwAe5q+bU7KMRvB2r1B+o65spcJVQOg38z9U yEhNyMWB8D8DW7PE5Z8bYn0nPFemBlN52fY2gp91x4Gl7gcK8Vd0sg7oVSSESl0O EhyAB32yJt+QbCm54P1BiH4mfI7UnABOYU47ZKiXji4FKkYtlnzHrAW2/aol/DTW b+5h0b5FbKPYwJuRcgYdWcjL9NRp0uXOjS2s+fBY9rw5QDAPbrJ798tIkKKEnIir 0As9Pt+RlEujrHcsCaehxUoFEJADtzlPl6apL0ejm8mnQZbZxWkv+AJ/h8k1CZS1 kRqZHk19d4/Il5jIGiVFCajnDED7IjDT0b/bSwv1DYME5bF/Wwc= =fCbx -----END PGP SIGNATURE-----
--- End Message ---
