Your message dated Mon, 09 May 2022 15:20:45 +0000 with message-id <e1no5bl-000f6l...@fasolo.debian.org> and subject line Bug#1010619: fixed in rsyslog 8.2204.1-1 has caused the Debian Bug report #1010619, regarding rsyslog: CVE-2022-24903: Potential heap buffer overflow in TCP syslog server (receiver) components to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1010619: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010619 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: rsyslog Version: 8.2204.0-1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for rsyslog. Filling for now as grave, but we might downgrade. Probably affected configurations are not that common if I understood correctly, the advisory has some comments about it as well[1]. CVE-2022-24903[0]: | Potential heap buffer overflow in TCP syslog server (receiver) | components If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-24903 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24903 [1] https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8#advisory-comment-72243 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: rsyslog Source-Version: 8.2204.1-1 Done: Michael Biebl <bi...@debian.org> We believe that the bug you reported is fixed in the latest version of rsyslog, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1010...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Biebl <bi...@debian.org> (supplier of updated rsyslog package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 09 May 2022 15:44:08 +0200 Source: rsyslog Architecture: source Version: 8.2204.1-1 Distribution: unstable Urgency: medium Maintainer: Michael Biebl <bi...@debian.org> Changed-By: Michael Biebl <bi...@debian.org> Closes: 1010619 Changes: rsyslog (8.2204.1-1) unstable; urgency=medium . * New upstream version 8.2204.1 - Fix potential heap buffer overflow in imptcp, imtcp, imgssapi and other TCP syslog reception modules when octet-counted framing is used. (CVE-2022-24903, Closes: #1010619) Checksums-Sha1: ae5bde152e4725e3c35a09c1e545988baae81b9d 3226 rsyslog_8.2204.1-1.dsc 3b0daa9c1603326034f984af5545d0be7cd6a78c 3243183 rsyslog_8.2204.1.orig.tar.gz c0c636d039aa594d587dbd5db42923c0ea3983f2 28572 rsyslog_8.2204.1-1.debian.tar.xz 3e0c5cc573b08b250f68a7b32783dcc09930d7e1 8242 rsyslog_8.2204.1-1_source.buildinfo Checksums-Sha256: 8887fb1e2630c8d07a98ab46e5e7781dab9cf36ab691b0484dc8851380abb29d 3226 rsyslog_8.2204.1-1.dsc a6d731e46ad3d64f6ad4b19bbf1bf56ca4760a44a24bb96823189dc2e71f7028 3243183 rsyslog_8.2204.1.orig.tar.gz 122a28bbffad5ae94dca77db5da0d95be933887468232681a88033ce04bef965 28572 rsyslog_8.2204.1-1.debian.tar.xz 047ac857e7731a8616df8da541766c31a9fbf1d95277583f9f25ede345f5ee5c 8242 rsyslog_8.2204.1-1_source.buildinfo Files: 0b1b2bde76868e552676ab54f8c1bf9a 3226 admin important rsyslog_8.2204.1-1.dsc 44526816f93026bce67711f692b4a3da 3243183 admin important rsyslog_8.2204.1.orig.tar.gz 58ffc8473b727ece4f912ddad5876532 28572 admin important rsyslog_8.2204.1-1.debian.tar.xz a20bc5b58ba1168362cbc068f17a5e44 8242 admin important rsyslog_8.2204.1-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEECbOsLssWnJBDRcxUauHfDWCPItwFAmJ5KrgACgkQauHfDWCP Ity1rw//VdnArDCHTAEWjB2Cts/PqYOgQZR8A5EBHm+i9B7BvC+KrtEjMBwDJV3m VQ5NcSFyo34vqMHCZ5Dq4CRTUVNuTiXJZcy2cP6rlMpT3Z4bqn1Gewu2H+eHM9gV Z5cpB1gII57RzQZKWWCtL0siOx+iSQIf2819p5tZJDjgifvSAbjqYOlgdm4ik+Xp V0MUKmX8iTsyO5ntu/U7KaFe4OEiFcOLvALcx/fuQkxSD529ouVvXqA2ZAYlXr9a LoTT2CYTF/eEM9xO2kL+BKeldMihetBBRDli/LQE+R/sS3zI1lmUDbXOgAUFD0Vs 8/GWcEqjn8sqJ/XWAfoUTfLu7opP5/52f4rpushKQeaxjH/VO6cBnfJ/MqVrDSFq PmV4M+vHuGQh1ikOyT1LNmEUi8PHE+YkAbRqODK6w+3AS9XFMeDUmg1rcYGGvkRD d6qJXHZmsbaZv8y6868N+cpjHZWvi3ZpcFxZEvIiP3PYw5atFj3g67abGmMzkZoq s3NdJnj3rO03QF+g0yRMQsE6AU2AscDhZFq2XnmjjAApdWsvsZJzVLQJzpphGOZB 5fkqKn/nwRgQO8Ha8DoA+u98ZQwhZESy3OUfnUI3KE04qrihPrb0NQIdWIQH43Yx cKnkszVjGUIj/kyYSwlqr7dD9zbDrEY6NsZr6GAgwK62FVApxIE= =ohqU -----END PGP SIGNATURE-----
--- End Message ---
