Your message dated Mon, 14 Mar 2022 21:17:41 +0000 with message-id <e1nts4t-000glh...@fasolo.debian.org> and subject line Bug#1006915: fixed in nbd 1:3.21-1+deb11u1 has caused the Debian Bug report #1006915, regarding security issues in nbd-server: CVE-2022-26495 CVE-2022-26496 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1006915: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006915 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: nbd Version: 1:3.23-3 Severity: serious Tags: security X-Debbugs-Cc: Debian Security Team <t...@security.debian.org> Two security issues exist in NBD: CVE-2022-26495 and CVE-2022-26496. The former exists since a very long time; the latter only exists since the introduction of NBD_OPT_INFO and NBD_OPT_GO in NBD 3.16. -- System Information: Debian Release: bookworm/sid APT prefers testing APT policy: (990, 'testing'), (500, 'testing-debug'), (500, 'stable-security'), (500, 'stable-debug'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable') Architecture: amd64 (x86_64) Foreign Architectures: i386, riscv64, armhf Kernel: Linux 5.16.0-3-amd64 (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=nl_BE.UTF-8, LC_CTYPE=nl_BE.UTF-8 (charmap=UTF-8), LANGUAGE=nl_BE:nl Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---Source: nbd Source-Version: 1:3.21-1+deb11u1 Done: Wouter Verhelst <wou...@debian.org> We believe that the bug you reported is fixed in the latest version of nbd, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1006...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Wouter Verhelst <wou...@debian.org> (supplier of updated nbd package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 09 Mar 2022 10:02:32 +0200 Source: nbd Architecture: source Version: 1:3.21-1+deb11u1 Distribution: bullseye-security Urgency: medium Maintainer: Wouter Verhelst <wou...@debian.org> Changed-By: Wouter Verhelst <wou...@debian.org> Closes: 1003863 1006915 Changes: nbd (1:3.21-1+deb11u1) bullseye-security; urgency=medium . * Cherry-pick fixes for CVE-2022-26495 and CVE-2022-26496 from git master; Closes: #1006915. * Fix parsing of nbdtab in nbd-client; Closes: #1003863. Checksums-Sha1: 0f1af6de8c7fdd005d098899bc5ec2f1a2dbdf9d 2032 nbd_3.21-1+deb11u1.dsc c9926433a0f1d5e9e6a7ae6118b27faa2b6a3b32 1063667 nbd_3.21.orig.tar.gz 8ba4fc80c130ea2f6dac3c3ba8583fe5ada09828 195588 nbd_3.21-1+deb11u1.diff.gz 157fe4f6c60e69f6c2b8862a4908047df0d52b6b 11264 nbd_3.21-1+deb11u1_source.buildinfo Checksums-Sha256: c69fb50ef752489d969e6a9963f9909144f65dcabe26a05cbfbbc3f854e0f26c 2032 nbd_3.21-1+deb11u1.dsc 2c7866be37e63756c00ce54a0655e7a00cc76d256f9cf1c995d1dbe8879c5ae1 1063667 nbd_3.21.orig.tar.gz 23b773da332c64887bb7a9f2ea66060522ffe3ad51b6bae6eb24248680c43c52 195588 nbd_3.21-1+deb11u1.diff.gz 0cb723506aefbd510dc1fc741e73a3bb41480a9ce6526b123cc1d4fb5f8b29e4 11264 nbd_3.21-1+deb11u1_source.buildinfo Files: 04ad6fc9f61671c971140451a7588a47 2032 admin optional nbd_3.21-1+deb11u1.dsc f55955c8044196d669cdfd2f94f35a4b 1063667 admin optional nbd_3.21.orig.tar.gz 89ec32bcf590607ece07d8c24567d1c1 195588 admin optional nbd_3.21-1+deb11u1.diff.gz fdce659858dad5e7d11593756510b20f 11264 admin optional nbd_3.21-1+deb11u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJGBAEBCgAwFiEEm2n98/DaCUgGYSn3LfxRmVQYEpYFAmIq92ISHHdvdXRlckBk ZWJpYW4ub3JnAAoJEC38UZlUGBKWj20P/RDAbreo2u8kgZYZIVaUFlLd3mGnsSJk yj9lyRwaVrR0F9TF/AGm10LwT/P51RAm8Dendk4LnftiFb0PgNSDYbxR1Q2GWqBh bqljCC02aeO9pGXh5Kf+nuUzXoqy21u95zY7raXpJN3KFE88PhqtOpalBBDOaqn3 sfgCcqZA3RaJqODor/gibftggK+myACnW4fLLtGWuN3pDrRPY3Ich+OC1mzO5TAK uIasYRcSeT37khgIuVRmGghs6xD5u3EjgDbKnmQAjc7FMgGPCAp5fpF8IhH22/PX 2oyCc8rKVHEsE4myU+Q32vnSxQgAhCGA3emN/VHE+lXSX1yPP8EJwEMYC+hl7bOh /15cT2YtO0QomiQxsAJ4OyLSlhgo+q/3twCbmbW6/kTWVtpyuI4/sAHLGfWH3p68 1Kph7pIATV2W/v00FQaSfG15KJEJgs3PIFWTnQlyawZjvjUAc9bZwJH+4Abe/khe FHm/Py3T5IxwbnCJbGOQKHVyU+nMUXjGs8LnCOjlwFhGQPJHkFbuPzry6/SVwSQy OWq3rYjZrk7MyJYSsdTAb73AAD3z1AZsUSG+45p/G7DgNIW1QkNcyYhLJdnOpKem GKR1YCysk6DFTAIJ3WQEQj+J0/8EIpYjTcDu6SBZOwyOjy5WcL4rkypxl2QyAORu LC5oky5/9F+T =WnMx -----END PGP SIGNATURE-----
--- End Message ---
