Your message dated Thu, 12 May 2022 20:36:26 +0000 with message-id <e1npfxu-000iqo...@fasolo.debian.org> and subject line Bug#1010818: fixed in cifs-utils 2:6.14-1.1 has caused the Debian Bug report #1010818, regarding cifs-utils: CVE-2022-27239 CVE-2022-29869 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1010818: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010818 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: cifs-utils Version: 2:6.8-2 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 2:6.11-3.1 Control: found -1 2:6.14-1 Hi, The following vulnerabilities were published for cifs-utils. CVE-2022-27239[0]: | In cifs-utils through 6.14, a stack-based buffer overflow when parsing | the mount.cifs ip= command-line argument could lead to local attackers | gaining root privileges. CVE-2022-29869[1]: | cifs-utils through 6.14, with verbose logging, can cause an | information leak when a file contains = (equal sign) characters but is | not a valid credentials file. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-27239 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27239 [1] https://security-tracker.debian.org/tracker/CVE-2022-29869 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29869 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: cifs-utils Source-Version: 2:6.14-1.1 Done: Salvatore Bonaccorso <car...@debian.org> We believe that the bug you reported is fixed in the latest version of cifs-utils, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1010...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated cifs-utils package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 10 May 2022 21:59:48 +0200 Source: cifs-utils Architecture: source Version: 2:6.14-1.1 Distribution: unstable Urgency: high Maintainer: Debian Samba Maintainers <pkg-samba-ma...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 1010818 Changes: cifs-utils (2:6.14-1.1) unstable; urgency=high . * Non-maintainer upload. * mount.cifs: fix length check for ip option parsing (CVE-2022-27239) (Closes: #1010818) * mount.cifs: fix verbose messages on option parsing (CVE-2022-29869) (Closes: #1010818) Checksums-Sha1: bd1f9aafaa727599e930be085a41108602ac1704 2642 cifs-utils_6.14-1.1.dsc 38b8f898bef8389b2f73bd925274dc22b0e9a8bc 10156 cifs-utils_6.14-1.1.debian.tar.xz Checksums-Sha256: fd96db459bc0bf6885d33f36a0d66e814f69e7f8f7d70808c1415cb4f1ca9f28 2642 cifs-utils_6.14-1.1.dsc 1800a0aa7350a903f69208765da99ec379f3e83f2534a16aa6e7c7a8093fdf93 10156 cifs-utils_6.14-1.1.debian.tar.xz Files: 607a77891b2de97eb64aa306f9e953db 2642 otherosfs optional cifs-utils_6.14-1.1.dsc 4fc87c286d4f0fb72046eb3078619ce9 10156 otherosfs optional cifs-utils_6.14-1.1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmJ6xX5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EWrYP/jxD3O3l06osoH5J8I9HcBwIM0H7zpcB PtB5E3st+9hnZ7oDOlAAkor2WDZkKOlADgLwZ53qti6jP7T9r+9fT1E9iH3qdFtv cjYnftMKK/kEuEkDsNmxZczzE0jMUU6d5tMuiz41BPeUr0SRUhyBp08EfvKV3Q8I UNGk8xLAioV5vqCPScVAqrHFVPvsxFHHHMy/9fhflkLZps77IDTh2a3KLxfbuLzm wzGk5E95KqOCYorYZU85ILRCUcjmFrU9cIhrnZc5+5RrUjGMHI8XsE+4z68snJZp ZLDBPP2yguBSKVAaHk+PuzxgJvTJ3TF7aNKMLmnxnTCPt27xi0j1mpHZtbyFgyZm Npns/AOrlh211Hr9mdl38SXRfzhqht+6Jn0tqVHzE5LR1IPaA0a2+QGaPmq095Go g55GY2qJw70HEIjHwpubm3pKaU2PZBeNcO2aieVSNNbUvQFGBdOukbFkReuCT1y0 mL9d00FO1sSh9YuuWZXCJGvSCOIcqDSKae/OikwD/ebbb8I2Cb3Iav83cJiBVZYj keb2tii6X1kwIEp+/p1xda1Pq7lJvD6pVy1KW5cIrS3BMMg9II8ezUUbIjfkWqgV tFJRPdUpRAstFM5U+QNXm/pPENO1R4E1AGh4K3Kj8P64P1BBlcZIwg16BbAaQYxS b9Z96GDcz5Hk =lxsK -----END PGP SIGNATURE-----
--- End Message ---
