Your message dated Sun, 03 Dec 2023 17:02:08 +0000
with message-id <e1r9pr6-008usz...@fasolo.debian.org>
and subject line Bug#1055253: fixed in amanda 1:3.5.1-11+deb12u1
has caused the Debian Bug report #1055253,
regarding amanda: CVE-2023-30577
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1055253: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055253
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: amanda
Version: 1:3.5.1-11
Severity: grave
Tags: security upstream
Forwarded: https://github.com/zmanda/amanda/pull/228
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: found -1 1:3.5.1-7
Hi,
The following vulnerability was published for amanda.
CVE-2023-30577[0]:
| AMANDA (Advanced Maryland Automatic Network Disk Archiver) before
| tag-community-3.5.4 mishandles argument checking for runtar.c, a
| different vulnerability than CVE-2022-37705.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-30577
https://www.cve.org/CVERecord?id=CVE-2023-30577
[1] https://github.com/zmanda/amanda/security/advisories/GHSA-crrw-v393-h5q3
[2] https://github.com/zmanda/amanda/pull/228
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: amanda
Source-Version: 1:3.5.1-11+deb12u1
Done: Tobias Frost <t...@debian.org>
We believe that the bug you reported is fixed in the latest version of
amanda, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1055...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Tobias Frost <t...@debian.org> (supplier of updated amanda package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 03 Dec 2023 14:17:07 +0100
Source: amanda
Architecture: source
Version: 1:3.5.1-11+deb12u1
Distribution: bookworm
Urgency: high
Maintainer: Jose M Calhariz <calha...@debian.org>
Changed-By: Tobias Frost <t...@debian.org>
Closes: 1055253
Changes:
amanda (1:3.5.1-11+deb12u1) bookworm; urgency=high
.
* Non-maintainer upload by the Security Team.
* Apply upstream fix for CVE-2023-30577 (Closes: #1055253)
Checksums-Sha1:
40a5a6f5c4bb2d41ff90f9593b03e1b2e04bc724 2248 amanda_3.5.1-11+deb12u1.dsc
a92fa595ad525e3cc86565a81353220c146a0ac4 5239952 amanda_3.5.1.orig.tar.gz
ccc40ea5ce937f5cb87557f5ec5b795ad399d9d4 59616
amanda_3.5.1-11+deb12u1.debian.tar.xz
d8371c3607e6d86c260efc7680b2d931c56d1b90 15803
amanda_3.5.1-11+deb12u1_amd64.buildinfo
Checksums-Sha256:
8d90cf85be217e721566b9d1deca7899966598203a1554dc75bf17a48bc5d1b4 2248
amanda_3.5.1-11+deb12u1.dsc
6cb9a13fb7a09970d288ddb2c380e7165c5fe38b85bc761ca7ffe334bc5c534b 5239952
amanda_3.5.1.orig.tar.gz
c05e264b27f28ab9903554619ecec29109deaac6983f3923251bfa424a5e008d 59616
amanda_3.5.1-11+deb12u1.debian.tar.xz
09d761eb6f8086ec18a427b275e4c236ba631492bc7c5e8496296df73ca0cd4f 15803
amanda_3.5.1-11+deb12u1_amd64.buildinfo
Files:
d0da15ca741d7e567d71dd86d2b1d50c 2248 utils optional
amanda_3.5.1-11+deb12u1.dsc
a780f158cbbacfb017ce4a519120b772 5239952 utils optional
amanda_3.5.1.orig.tar.gz
0477dbf456a5fec4f1c540330d49a08c 59616 utils optional
amanda_3.5.1-11+deb12u1.debian.tar.xz
3322511674fd8f15f38a8538f37a9ed5 15803 utils optional
amanda_3.5.1-11+deb12u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAmVsg+AACgkQkWT6HRe9
XTYE3BAAlFF01XhEq0bbgAerLJCG4llVbjRGGORS30GbWTgVnPBsTGXmeUEzUlQf
z7f215uZijIg385ybRXfdKSYbKyYVjpX7+ccpWd2hT+qXNBxJ0qdwqAesZc7qbYq
udZHmBd0Sv3N1c0oGI0Sx9D5JPiKn7UuFFoZceRtVmGCEBoMC2d1OLM3/1ty3w15
6IjNhQeSZQvV6f551yR2MkcnCTdsJeHjf5YpPEiZO0Dor7Yu8MG1U9MicfC/y/+W
SBVDj4vJS+vVHru43L6KksdPtdQJNYVLYYBKs7s8K70EBRGbjGUcYfSK0s4Q7N4r
qYCLAsIdS9ocTei+zIE64f65ycV79IzrZP4xa1DGDZY46c02OGvOhU6FakV26hRB
30nGWk4AL/E4T2gghE0E/hhNHi3jpyXEHghy1hakfDB656Ha7dktBqDuCbaRRQzK
EYVFSomEEtoXBb0NSTG4YbcMLtiPlfVq0xNB4SpRYT7Pe1BRTQ+mxGDeDmYrVbmA
cY1l6FxVhIKP7QVIiQGu427zsEq1FgQPsfXIycvhWTa0gbRCmfSqwrF/iyIbPd8b
eeurDGrg6Wl/Qw1ItVcQGuKAy+z9G1MQenpWOe0r+RumWBzEAGUsxW8Mj8lIc0HI
1/OZfRmrYJ2Wh3CwAqeyAhRxxDA47qPN9VlOHDh58p7j3WKN684=
=uR7h
-----END PGP SIGNATURE-----
--- End Message ---
