Your message dated Tue, 08 Mar 2022 14:37:03 +0000 with message-id <e1nraxt-0002b1...@fasolo.debian.org> and subject line Bug#1006915: fixed in nbd 1:3.24-1 has caused the Debian Bug report #1006915, regarding security issues in nbd-server: CVE-2022-26495 CVE-2022-26496 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1006915: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006915 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: nbd Version: 1:3.23-3 Severity: serious Tags: security X-Debbugs-Cc: Debian Security Team <t...@security.debian.org> Two security issues exist in NBD: CVE-2022-26495 and CVE-2022-26496. The former exists since a very long time; the latter only exists since the introduction of NBD_OPT_INFO and NBD_OPT_GO in NBD 3.16. -- System Information: Debian Release: bookworm/sid APT prefers testing APT policy: (990, 'testing'), (500, 'testing-debug'), (500, 'stable-security'), (500, 'stable-debug'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable') Architecture: amd64 (x86_64) Foreign Architectures: i386, riscv64, armhf Kernel: Linux 5.16.0-3-amd64 (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=nl_BE.UTF-8, LC_CTYPE=nl_BE.UTF-8 (charmap=UTF-8), LANGUAGE=nl_BE:nl Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---Source: nbd Source-Version: 1:3.24-1 Done: Wouter Verhelst <wou...@debian.org> We believe that the bug you reported is fixed in the latest version of nbd, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1006...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Wouter Verhelst <wou...@debian.org> (supplier of updated nbd package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 08 Mar 2022 10:02:56 +0200 Source: nbd Architecture: source Version: 1:3.24-1 Distribution: unstable Urgency: medium Maintainer: Wouter Verhelst <wou...@debian.org> Changed-By: Wouter Verhelst <wou...@debian.org> Closes: 1006915 Changes: nbd (1:3.24-1) unstable; urgency=medium . * New upstream release. - CVE-2022-26495: Disallow name lenghts of (unsigned int)-1, by constraining the length to 4096 bytes - CVE-2022-26496: Fix buffer overflow in NBD_OPT_INFO/NBD_OPT_GO handling. - These security are tracked in the Debian BTS; Closes: #1006915. - nbd-server transaction logs can now optionally also log data - New binary: nbd-trplay, to replay (to an image) a transaction log. Checksums-Sha1: cb5463423a7a5513f5aabe27f7818c85d40bb250 2035 nbd_3.24-1.dsc cfd82a07da1de1fe6c086d0226d21f79775faa4e 1116296 nbd_3.24.orig.tar.gz 2784df47a45aceb50b4e06c029d2595842351f31 92223 nbd_3.24-1.diff.gz 1fc91b12f280a7ff44681fee7b35dbf69042673e 11314 nbd_3.24-1_source.buildinfo Checksums-Sha256: 90306cf0f0dab71b5466fecb94695c8d70089c8b6448fc5bc3e84f032dbee6b2 2035 nbd_3.24-1.dsc a771022599525fd4f5c17c7b1c88696a91927c227e770425a55f67a7384441b6 1116296 nbd_3.24.orig.tar.gz 2d23b603db719807e3d7074761fc3b0a95c4a4e88c5bc4882a4e2407855c9bf9 92223 nbd_3.24-1.diff.gz 3a27187bec42610d59326b95dd4280fef2a3b58f518268bc95bd2d7f9f44fc08 11314 nbd_3.24-1_source.buildinfo Files: 03bdc3c1b61b9edac047aa0e871bb821 2035 admin optional nbd_3.24-1.dsc 00a2a6942ddcd854255f8241f1073414 1116296 admin optional nbd_3.24.orig.tar.gz 72e0016462d516a27c4f65b2b9fb6be6 92223 admin optional nbd_3.24-1.diff.gz e638a0c23ca75b47f02bc8f9cc9cf938 11314 admin optional nbd_3.24-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJGBAEBCgAwFiEEm2n98/DaCUgGYSn3LfxRmVQYEpYFAmInYLQSHHdvdXRlckBk ZWJpYW4ub3JnAAoJEC38UZlUGBKWRj8P/j7kGNgk9aXujwCzhiS+Da7H82oDeUue vzJy3Ih6JuYNj6I0WlueDcQKvgJKkeqcfOA8Tc9uF4LF/HuQi3XTbRdua76hvMN8 G2sgANeRqqddqKsZ5TOH6/m4brRymdwSXjE4k6dSN/p/D6U1UhE504oNXtH3OT6f w/dY7MHWvRA0hhPn6bVscu7ktB99I33prmH77Z46lueM69SNLCU1OTtBb57S+tR4 wWk/GHs9r05Hqfi8E2R3ox0CuK5rzVOaybYnInCP9TsGqJUQ/W+HtFD8MW64KJXW nBHRiUlHUciSyl99IT6Np/ljhlM5Ic2/Enc+iFlcqv9CGZWq328UK1Y/YVldShFB XfUitR9BwD1ZnkvOyEpJ39sQNOmJMXxlrjzfBZo9mqnMHHeJ0FTQNvuXTLqaMEj5 pZsJ87ouV9xpdXpzj8waDojR4izQ+KC+FLqgIZNK47G4WzFfF3CUp1LODUFjCped r17wl9WN5icxk3HFST3L1j0eg7GIvPDKnbB/Z9HVFh+zQvieejaeTK1MPRoaS21R 5W03f7gLiExwXysl2CMXYNsi9LQetgy5STlzbpQw8OJZnM39MN86oWfbOZOQtJDJ tsz7xUXo1T/kZLQXBGWdTV55xjjMF17EXJN1gjPLYoW+sg+WtmAoSRfWuOrbxxvI ToPUF49EygEK =+VOY -----END PGP SIGNATURE-----
--- End Message ---
