Your message dated Thu, 02 Mar 2023 10:20:38 +0000 with message-id <e1pxg3c-002agw...@fasolo.debian.org> and subject line Bug#1026106: fixed in pacparser 1.3.6-1.4 has caused the Debian Bug report #1026106, regarding pacparser: CVE-2019-25078: memory overwrite issue for pacparser_find_proxy function to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1026106: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026106 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: pacparser Version: 1.3.6-1.1 Severity: important Tags: security upstream Forwarded: https://github.com/manugarg/pacparser/issues/99 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for pacparser. CVE-2019-25078[0]: | A vulnerability classified as problematic was found in pacparser up to | 1.3.x. Affected by this vulnerability is the function | pacparser_find_proxy of the file src/pacparser.c. The manipulation of | the argument url leads to buffer overflow. Attacking locally is a | requirement. Upgrading to version 1.4.0 is able to address this issue. | The name of the patch is 853e8f45607cb07b877ffd270c63dbcdd5201ad9. It | is recommended to upgrade the affected component. The associated | identifier of this vulnerability is VDB-215443. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-25078 https://www.cve.org/CVERecord?id=CVE-2019-25078 [1] https://github.com/manugarg/pacparser/issues/99 [2] https://github.com/manugarg/pacparser/commit/853e8f45607cb07b877ffd270c63dbcdd5201ad9 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: pacparser Source-Version: 1.3.6-1.4 Done: Adrian Bunk <b...@debian.org> We believe that the bug you reported is fixed in the latest version of pacparser, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1026...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Adrian Bunk <b...@debian.org> (supplier of updated pacparser package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 25 Feb 2023 16:48:20 +0200 Source: pacparser Architecture: source Version: 1.3.6-1.4 Distribution: unstable Urgency: medium Maintainer: Manu Garg <manug...@gmail.com> Changed-By: Adrian Bunk <b...@debian.org> Closes: 1026106 Changes: pacparser (1.3.6-1.4) unstable; urgency=medium . * Non-maintainer upload. * CVE-2019-25078: Possible memory overwrite in pacparser_find_proxy() (Closes: #1026106) Checksums-Sha1: 45a9260ffea5b020f0975684306d7eede88c7f36 1884 pacparser_1.3.6-1.4.dsc bad028a28cbbc21d4ff100cda4c2c34a5880d8a6 4972 pacparser_1.3.6-1.4.debian.tar.xz Checksums-Sha256: d475ed3159fcd01f9c6e8328db885a8f8d5619df03625310f33f7744e9aca8cf 1884 pacparser_1.3.6-1.4.dsc 2840cc627eaf0518fd8a897188c71e83257789fef4f5e3078be2c03496329543 4972 pacparser_1.3.6-1.4.debian.tar.xz Files: d1aada5cb8c8f9ff25f588eb185a8833 1884 libs extra pacparser_1.3.6-1.4.dsc 94aeedf00fe5382d04410a7f2206e518 4972 libs extra pacparser_1.3.6-1.4.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmP6JUoACgkQiNJCh6LY mLE/mhAAqTh7t9zIXAF7gBQKSbjt7wdTO/fmHJz3gMxuI+3E5gheFPMXl3KDYgKN NN5wYJLeUan/de64yMEx3vSi1g6eZOZjja0CDouzewg14jTUnsiBRjkf66kRiytr W8JlFUQLhT6KLev3HJJ6e5uzu6fOpWe1troVxC9ihmWn1j5v+Yb4XHKdIRq3MP4Z iwERDrBsd3b481ES3j4LhyFwPBFTWLjHnvpLzA4f7ed4FY+ot1ljMiRQHN2O394b yYQSaVSf7IjU1sYnttBoAJwASpgddJYa5NCXa53Y8rnfPgp5QDDm0dVXtAjLPadv i9aMZYGBTuR6BigqHn6canpbiFDxzQ2DAYgxdz+2NK54BdheRMTL8wgTtEvMVtO/ mRKsTYu0tL3Ihl1C5kB/E9sY3KG0OgJWwitZ9kr02CUDadu0qT4v+9cCBY0LCo6h OCjzodJY0gejW2FSDEqBGmOM39S/el3N8EJ4cHKDC1F5rhgsTBl/+QJRIUgcc8iC TaAT+skp4TIVFauh2gEm1n96pYOxdC7JLlIh4bSS4t/oOvgOvtycbwZ+KfQ5UdOR HidbSyEipHS63TOY1v1w/FAWKON7KnH6ZONuBQ3aV3HzZWnmH+8vV+3i67Si+5iw zt41Xcsg67FOEDkozyEA/qDNoqSCttCJxwtw4jPkD1xxa2HTDb8= =pPS3 -----END PGP SIGNATURE-----
--- End Message ---
