Your message dated Sun, 20 Mar 2022 00:34:01 +0000 with message-id <e1nvjwd-000ati...@fasolo.debian.org> and subject line Bug#917526: fixed in libxsmm 1.17-1 has caused the Debian Bug report #917526, regarding libxsmm: CVE-2018-20541 CVE-2018-20542 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 917526: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917526 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libxsmm Version: 1.9-1 Severity: important Tags: patch security upstream Forwarded: https://github.com/hfp/libxsmm/issues/287 Hi, The following vulnerabilities were published for libxsmm. CVE-2018-20541[0]: | There is a heap-based buffer overflow in libxsmm_sparse_csc_reader at | generator_spgemm_csc_reader.c in LIBXSMM 1.10, a different | vulnerability than CVE-2018-20542 (which is in a different part of the | source code and is seen at different addresses). CVE-2018-20542[1]: | There is a heap-based buffer-overflow at generator_spgemm_csc_reader.c | (function libxsmm_sparse_csc_reader) in LIBXSMM 1.10, a different | vulnerability than CVE-2018-20541 (which is in a different part of the | source code and is seen at a different address). If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-20541 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20541 [1] https://security-tracker.debian.org/tracker/CVE-2018-20542 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20542 [2] https://github.com/hfp/libxsmm/issues/287 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libxsmm Source-Version: 1.17-1 Done: Boyuan Yang <by...@debian.org> We believe that the bug you reported is fixed in the latest version of libxsmm, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 917...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Boyuan Yang <by...@debian.org> (supplier of updated libxsmm package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 19 Mar 2022 20:01:55 -0400 Source: libxsmm Architecture: source Version: 1.17-1 Distribution: unstable Urgency: medium Maintainer: Debian Science Maintainers <debian-science-maintain...@lists.alioth.debian.org> Changed-By: Boyuan Yang <by...@debian.org> Closes: 917526 962949 996098 Changes: libxsmm (1.17-1) unstable; urgency=medium . * New upstream version 1.17. + Fix old CVEs: - CVE-2018-20541 - CVE-2018-20542 (Closes: #917526) - CVE-2021-39535 - CVE-2021-39536 (Closes: #996098) * Add myself as package uploader. (Closes: #962949) * debian/control: Use up-to-date homepage information. * Bump Standards-Version to 4.6.0. * debian/rules: Use vanilla build for now. * debian/docs: Also install upstream documentation. * debian/patches: Refresh patches: + Makefile_rebuild_fix.patch: Refreshed. - 0004-Force-python3.patch: Dropped, useless. - destdir.patch: Dropped for now. - remove_stdc++_link.patch: Dropped for now. * debian/patches: Add new patches: + 0002-Makefile-fix-pkgconfigdir.patch: Fix pkgconfigdir. Checksums-Sha1: 219ad1d609fff1a754154721f8a04f86e9c77d00 2016 libxsmm_1.17-1.dsc aa92d10675cbff54aacd72a369e540ce85b1badd 2528419 libxsmm_1.17.orig.tar.gz 9bc4c5b9a2da59e9252a67c64a5d816a3617ad1a 3348 libxsmm_1.17-1.debian.tar.xz b2fbd44e71ad227fa2c213d0a4a5588d3f96483e 6854 libxsmm_1.17-1_amd64.buildinfo Checksums-Sha256: bc5fa24e832d8bd7aa8eb984d1b34c684c4f2ef9ed03a62f05659f8842cde706 2016 libxsmm_1.17-1.dsc 8b642127880e92e8a75400125307724635ecdf4020ca4481e5efe7640451bb92 2528419 libxsmm_1.17.orig.tar.gz 861fb6abf84907f11450065f532d46a11d799cdacda4b50dc58ac7f5226f8c1b 3348 libxsmm_1.17-1.debian.tar.xz 6c5230aa252c840a40cbd447bd8706ea2ead6da150e41c6bd78822e5712300b6 6854 libxsmm_1.17-1_amd64.buildinfo Files: 57e2a7db824f3616487364f9a2e96cc4 2016 libs optional libxsmm_1.17-1.dsc bef3b02f8837b0eed1ea334045da0524 2528419 libs optional libxsmm_1.17.orig.tar.gz e92fd20f407ea5ef0e22fbbba057acb2 3348 libs optional libxsmm_1.17-1.debian.tar.xz 030ad87fb7407d6b48ba5f4aab25abb4 6854 libs optional libxsmm_1.17-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEfncpR22H1vEdkazLwpPntGGCWs4FAmI2b8wACgkQwpPntGGC Ws6gFw//fqkr5+4moaRPa0l4/ZVHgM5WuIihaPTwrrqLuvNTeWN1kzcWe2b+1gtW JjYeMg9HWdlU69EVHS1cz82N/L4ZYEZtwSKqwoJBfCTlnD+Qek3aozhMOnSQrT1E NXEEeD9nVtYRGkQuhcm2XmXzYJMLUv3c74D2nhP/6xhI2r/tFbKlSFBS87+v962R 9U5X73yRKign/h/sPwfLm8K15QH6L7897xlu7BFFxPp2LebtyR/rqIHI4bhw/wzb 8QOW8IisB1TUfHcokSopW/RC2msAxvc4iP5hYtmNzq0Yj7H/BIoc2zPwtnXaAU4h 91786nEW0KqpPZTjz/p/OGAO3RsEK9oG8EZpa0VBY6wWKXJz27ps4y5e2us6QPVz +gVhq+FTGzZs8+Zj5Ey9ixFUkC2ZvuKG21IddMDQ4ZMFdCycBY0AmRCrKf1an6Ex VRSrjBmdTifLB3AX9PCjtIJpJ4l6rLWe8Q5hPkoPPSKIIZsYlNo4Lam4fUCgNevs zALC14OBGowVlKO2a1iiOePaG6BuD8n++sjOKo8drN+Dq1NuEG0h4vjRXZbBNTz4 8jBG8fUqvOh62aP3zxVVh2GoGigfWPsz5yej5RhYZEhRa2i2sZ7hJfg/EjOLWtw+ 9t0jxznDfqmC17cylVQRDt0CxCYhzXHnJhK6XemMXSoyd/ITzaY= =17YS -----END PGP SIGNATURE-----
--- End Message ---
