Your message dated Sat, 20 Aug 2022 19:34:00 +0000 with message-id <e1opuek-008yti...@fasolo.debian.org> and subject line Bug#1014534: fixed in dlt-daemon 2.18.6-2.1 has caused the Debian Bug report #1014534, regarding dlt-daemon: CVE-2022-31291 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1014534: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014534 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: dlt-daemon X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for dlt-daemon. CVE-2022-31291[0]: | An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allows | attackers to cause a double free via crafted TCP packets. https://github.com/COVESA/dlt-daemon/pull/376 https://github.com/COVESA/dlt-daemon/commit/6a3bd901d825c7206797e36ea98e10a218f5aad2 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-31291 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31291 Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---Source: dlt-daemon Source-Version: 2.18.6-2.1 Done: Adrian Bunk <b...@debian.org> We believe that the bug you reported is fixed in the latest version of dlt-daemon, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1014...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Adrian Bunk <b...@debian.org> (supplier of updated dlt-daemon package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 18 Aug 2022 19:39:48 +0300 Source: dlt-daemon Architecture: source Version: 2.18.6-2.1 Distribution: unstable Urgency: high Maintainer: Aigars Mahinovs <aigar...@debian.org> Changed-By: Adrian Bunk <b...@debian.org> Closes: 1014534 Changes: dlt-daemon (2.18.6-2.1) unstable; urgency=high . * Non-maintainer upload. * CVE-2022-31291: Double free in dlt_config_file_set_section(). (Closes: #1014534) Checksums-Sha1: 2f8d25da4a2b5000e36ab94e7e7b52344788ffd6 2152 dlt-daemon_2.18.6-2.1.dsc 68717c5eb32ba46659a0c9d15eaa4cde27a67d2f 6276 dlt-daemon_2.18.6-2.1.debian.tar.xz Checksums-Sha256: 3072d841543726662336eb32c3158065fee9eb2da61f5473e3eb3fc5386c9d9d 2152 dlt-daemon_2.18.6-2.1.dsc fdc38d4c5226796bea6184da7353cba6fc335c4af0b8755382995c101099effa 6276 dlt-daemon_2.18.6-2.1.debian.tar.xz Files: 8c2e044d22e266eead3893d5c502aea4 2152 libs optional dlt-daemon_2.18.6-2.1.dsc dd48d1e0348d284e6a3f8559bfe1220f 6276 libs optional dlt-daemon_2.18.6-2.1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmL+bPwACgkQiNJCh6LY mLEtqxAAvR8i6oysIAQ1oJFBtc3xralv9n95meT7d6PGzwtvRNhyY6b+rx3VtpYQ JeiAnJ+09qsp7wlLKUkrQ3QufSvHBH71eUi8Gn6GXGyn8Gj9txyqbgMYY/naoLjE odDecbXLY/6Sh8mNduDpN9SoVvFe4fjDhDIoPsj2XRn1+mPxi012QL1PwDVYvaar nPwpALMkDTKBucic7mKQdQjkmXjkruAyVzThR275YjJSR9mWjbLAk4TEwF3Ox6Rd zTRt+MEyt2db/dtlXD1fTgfCrQfAOCPb5tmyjbk6zgCT7EcKynMjuEYHlzWKLhoN US/D9a5YSoY2aueMiJlcJ0XfHN1XhqlV03a/WNA1b53Fa9sQkLx1ZX7oS4rwNbAp dQi/FKr19aTUSZRAOpuFCgmovvKkggo5TtscYYaTV8SR/a44/BgKYp5JZDUvSZS5 +eHifg1YIGw33uK+qidUgS2AZmcEkIomZ0T90B3I4gNNBBE2sGrmptkCA1HEJuK9 uauld4yifUYy87jwhw6D0rmBGxAcxXRoqyb+x172sJVrYO0ib6rdiVYue+sVGr6k +bvx+yEP8zG68/5fSbJyEd11bmwLF0kLNTCmujNh363CvkJMtjr8I7IrEod0z4uy H48o1Uoaes1CL0sWaybFOG3tERzEP83fL8+NTcJ8dJj9j2wmcms= =7fQr -----END PGP SIGNATURE-----
--- End Message ---
