Your message dated Sat, 18 Jun 2022 10:32:07 +0000 with message-id <e1o2vkn-000ahu...@fasolo.debian.org> and subject line Bug#1010818: fixed in cifs-utils 2:6.11-3.1+deb11u1 has caused the Debian Bug report #1010818, regarding cifs-utils: CVE-2022-27239 CVE-2022-29869 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1010818: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010818 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: cifs-utils Version: 2:6.8-2 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 2:6.11-3.1 Control: found -1 2:6.14-1 Hi, The following vulnerabilities were published for cifs-utils. CVE-2022-27239[0]: | In cifs-utils through 6.14, a stack-based buffer overflow when parsing | the mount.cifs ip= command-line argument could lead to local attackers | gaining root privileges. CVE-2022-29869[1]: | cifs-utils through 6.14, with verbose logging, can cause an | information leak when a file contains = (equal sign) characters but is | not a valid credentials file. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-27239 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27239 [1] https://security-tracker.debian.org/tracker/CVE-2022-29869 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29869 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: cifs-utils Source-Version: 2:6.11-3.1+deb11u1 Done: Salvatore Bonaccorso <car...@debian.org> We believe that the bug you reported is fixed in the latest version of cifs-utils, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1010...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated cifs-utils package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 10 May 2022 22:12:42 +0200 Source: cifs-utils Architecture: source Version: 2:6.11-3.1+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: Debian Samba Maintainers <pkg-samba-ma...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 1010818 Changes: cifs-utils (2:6.11-3.1+deb11u1) bullseye-security; urgency=high . * Non-maintainer upload by the Security Team. * mount.cifs: fix length check for ip option parsing (CVE-2022-27239) (Closes: #1010818) * mount.cifs: fix verbose messages on option parsing (CVE-2022-29869) (Closes: #1010818) Checksums-Sha1: b3be2a53acee1d7b29a078f36814cad74db9ad43 2674 cifs-utils_6.11-3.1+deb11u1.dsc f9c9c0b54b002ba17e7194e51ba5c0390af6a147 408903 cifs-utils_6.11.orig.tar.bz2 d7d25acd8e2e8bffcfdc7a9f3155bd5619b8be03 819 cifs-utils_6.11.orig.tar.bz2.asc c85d5f5959b7e46d48d87082cbc4532075dfdb55 16212 cifs-utils_6.11-3.1+deb11u1.debian.tar.xz Checksums-Sha256: f99420d5f3b5aec6ba40cda686e55389359f5a8441f7511e6082078ef3ddf8a6 2674 cifs-utils_6.11-3.1+deb11u1.dsc b859239a3f204f8220d3e54ed43bf8109e1ef202042dd87ba87492f8878728d9 408903 cifs-utils_6.11.orig.tar.bz2 e4a4a333e686169e3908d0b8bb759e67dd7e791fe4524c185bf4cc77199268c1 819 cifs-utils_6.11.orig.tar.bz2.asc 912b4ec642c47f94ab7a1743d19f5b1b14a1ca15c783aceb40071e974cae2821 16212 cifs-utils_6.11-3.1+deb11u1.debian.tar.xz Files: 8e41213ea33445ed36bc5c6ef85a3a0e 2674 otherosfs optional cifs-utils_6.11-3.1+deb11u1.dsc df8756f1644fee193cab2a45ebc896b7 408903 otherosfs optional cifs-utils_6.11.orig.tar.bz2 8a826986b3c858c2a2d9e93de20ad699 819 otherosfs optional cifs-utils_6.11.orig.tar.bz2.asc 3d3a67c2c6b959d550cb76eaea9a5f15 16212 otherosfs optional cifs-utils_6.11-3.1+deb11u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmJ6x+9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89E07cP/R8MQRr2i2aew6eFI5wJkq0ENjQGhu5Q M2cj8iQT/y5m0kf/WrXVyctCatxSZsSizMj9ZsVB1GCbriIXUQvuZ923Q5bebNjQ 5xWmMGuPCk29vQmVx3uniF+klGVirjAtXLuQ7iBMhrsB6EjDnL0B3pjgoYnvrD0q LJ3HngSyLzMlmRwaOddV6eHnDrUfzcGuByR5uM+wVnluic5HydaUAEjvUXBX7ZT2 R2A/9Wy+lFamUiwONeXwQyRqydst7rB1QMFUjm7GGA7nmj/c/eJfCVmXpvtHCDHH kBSbTTKcm3DwkEYTdUWBKeLRAPGdM67G2FL9hpsYsYAFvBKcWZBjeYAdixLWpdqE NxdGb/exwyguoAEtUtQP6zK6Y+rbEaLs4mFGqpSlGy+2037/IfqfJyYJDfNCim8Y acw761wh1WL66L+z5wfwnSv5kKfMTJpw2KJimih6Upm2xEc0aAAPDsbhWE7MLY84 9DgXEt88yPJL8GuTLAnI2C1KhGmShK2L1GNEI9IRe6i8ar/w7xDHFhEOZ1qaMyYQ SSKP5Lz7hGKcyYRgCimttfqFOWO+ynp5wy1Ey0roH7q88RfkSbzWG2Re5P3Ix0/x Kr/DLYXYBRXu0+h8mfXcDli2jPv0IHVvfdTqpPnaHKjN4nHsZsIDVxD0sDIgtjsZ qURL6g/Mplry =XTAv -----END PGP SIGNATURE-----
--- End Message ---
