Your message dated Wed, 16 Mar 2022 20:34:17 +0000 with message-id <e1nualz-000hls...@fasolo.debian.org> and subject line Bug#1006915: fixed in nbd 1:3.19-3+deb10u1 has caused the Debian Bug report #1006915, regarding security issues in nbd-server: CVE-2022-26495 CVE-2022-26496 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1006915: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006915 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: nbd Version: 1:3.23-3 Severity: serious Tags: security X-Debbugs-Cc: Debian Security Team <t...@security.debian.org> Two security issues exist in NBD: CVE-2022-26495 and CVE-2022-26496. The former exists since a very long time; the latter only exists since the introduction of NBD_OPT_INFO and NBD_OPT_GO in NBD 3.16. -- System Information: Debian Release: bookworm/sid APT prefers testing APT policy: (990, 'testing'), (500, 'testing-debug'), (500, 'stable-security'), (500, 'stable-debug'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable') Architecture: amd64 (x86_64) Foreign Architectures: i386, riscv64, armhf Kernel: Linux 5.16.0-3-amd64 (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=nl_BE.UTF-8, LC_CTYPE=nl_BE.UTF-8 (charmap=UTF-8), LANGUAGE=nl_BE:nl Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---Source: nbd Source-Version: 1:3.19-3+deb10u1 Done: Wouter Verhelst <wou...@debian.org> We believe that the bug you reported is fixed in the latest version of nbd, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1006...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Wouter Verhelst <wou...@debian.org> (supplier of updated nbd package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 09 Mar 2022 11:23:59 +0200 Source: nbd Architecture: source Version: 1:3.19-3+deb10u1 Distribution: buster-security Urgency: medium Maintainer: Wouter Verhelst <wou...@debian.org> Changed-By: Wouter Verhelst <wou...@debian.org> Closes: 1003863 1006915 Changes: nbd (1:3.19-3+deb10u1) buster-security; urgency=medium . * Cherry-pick fixes for CVE-2022-26495 and CVE-2022-26496 from git master; Closes: #1006915. * Fix parsing of nbdtab in nbd-client; Closes: #1003863. Checksums-Sha1: 01f60194a74ed0a9ad01a94956266bd0b7ab1bfc 2032 nbd_3.19-3+deb10u1.dsc 801ed06cf79b88b8ea2c93a333310966918d63cb 1056694 nbd_3.19.orig.tar.gz 22dd035c265c83d602c85c6ae6000ea5200b439c 204406 nbd_3.19-3+deb10u1.diff.gz a33896498cf51d7c2741ddd4fa02f64779c90569 11264 nbd_3.19-3+deb10u1_source.buildinfo Checksums-Sha256: 8529d439b3d3ba7d5477f32ce1410ddd6a24c27bcea6a91dc605a304823500a9 2032 nbd_3.19-3+deb10u1.dsc f0b52d03f35fee3a00d2f7c27974dce8fc797f35c708786e36fd2cd2fe48879d 1056694 nbd_3.19.orig.tar.gz 82d35173773342f2f8f9620b7e138db0265fd5069b39c8f5e81d84da7cf457b4 204406 nbd_3.19-3+deb10u1.diff.gz b94c5cd38fcce6c372e35c0846872a51ad8a30db5076bad5b5f27875ffce2d06 11264 nbd_3.19-3+deb10u1_source.buildinfo Files: f83747f6197d16337326ee16004b8092 2032 admin optional nbd_3.19-3+deb10u1.dsc 01eaf26acb66bba0e69bed6f522e0920 1056694 admin optional nbd_3.19.orig.tar.gz b499bdc7664a79ea9f17ada79105da08 204406 admin optional nbd_3.19-3+deb10u1.diff.gz 1b76d2140cfccbf1f63c78d435309d42 11264 admin optional nbd_3.19-3+deb10u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJGBAEBCgAwFiEEm2n98/DaCUgGYSn3LfxRmVQYEpYFAmIq+AsSHHdvdXRlckBk ZWJpYW4ub3JnAAoJEC38UZlUGBKWAMMP/izSW963VfjWeG/CxoKY109TgZ0Oo3HA ssFfC/h9RHqbylRdWc5S9feS88yWzKRIcaHvCZGebCaqNKkP+Htz1jz3m3OdQ+Ds wOu7iZwbABbB55toVVomFkpiwzVrwvEnzYWQ3FVoeM8eN2K1MlI0/vkaXyXCmhRo rfkmQ85ulN3omVjDofnyd96qzLjT6RwhtJRLPDwIdZlgxqkMkvNU6SEqpAqCtkv2 Y4xe7CgAfsHBquK3GKVVhSTCtRfZ3wD/w5DTEZhX24/aLqWnidD3qu/FpOG6H5fp Oz26UbXGto0NgNgx7qt0PI4vsOSZjUi33FnoNkuF0IK1TRiDveMrSqT3VFNH8kJf +nqCxQKv0FHuj6upcTgJR7EOHJGdYd5rtCcYVi9MNubuo02mkyJd2Ux0poLdIsgj gpEmpypbZMZIQgfzT++ZGcQmmLB8yt0jPwpi7aNPKVPOyyvwn8EikcTCHh4ts1Q+ B1ozxhqACrAWqE/uf9ZK/9kNsvTTJk6AweE4j0vvk1V1ugQei6kTaNb8Nde40CMx 2DWK4jHkH3igajX3OAigJXdS8zgu9QGPEwMWOPqoByiyIdLdWY8Eoc5RaPaAFNj9 3R775LhWZ7DkbToEDuewdTrRZz4+jw9LJXh90cpqbQ3jQw85S81O1JBA0a6h4nSj A2hf1VqCK+Hc =DBta -----END PGP SIGNATURE-----
--- End Message ---
