Your message dated Thu, 07 Dec 2023 06:19:05 +0000
with message-id <e1rb7iz-008d2f...@fasolo.debian.org>
and subject line Bug#1055253: fixed in amanda 1:3.5.1-11.1
has caused the Debian Bug report #1055253,
regarding amanda: CVE-2023-30577
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1055253: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055253
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: amanda
Version: 1:3.5.1-11
Severity: grave
Tags: security upstream
Forwarded: https://github.com/zmanda/amanda/pull/228
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: found -1 1:3.5.1-7
Hi,
The following vulnerability was published for amanda.
CVE-2023-30577[0]:
| AMANDA (Advanced Maryland Automatic Network Disk Archiver) before
| tag-community-3.5.4 mishandles argument checking for runtar.c, a
| different vulnerability than CVE-2022-37705.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-30577
https://www.cve.org/CVERecord?id=CVE-2023-30577
[1] https://github.com/zmanda/amanda/security/advisories/GHSA-crrw-v393-h5q3
[2] https://github.com/zmanda/amanda/pull/228
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: amanda
Source-Version: 1:3.5.1-11.1
Done: Tobias Frost <t...@debian.org>
We believe that the bug you reported is fixed in the latest version of
amanda, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1055...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Tobias Frost <t...@debian.org> (supplier of updated amanda package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 03 Dec 2023 14:09:23 +0100
Source: amanda
Architecture: source
Version: 1:3.5.1-11.1
Distribution: unstable
Urgency: medium
Maintainer: Jose M Calhariz <calha...@debian.org>
Changed-By: Tobias Frost <t...@debian.org>
Closes: 1055253
Changes:
amanda (1:3.5.1-11.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Apply upstream fix for CVE-2023-30577 (Closes: #1055253)
Checksums-Sha1:
267ab58fd85b157e1c8bb481eda0f8a30716d600 2224 amanda_3.5.1-11.1.dsc
92fe801d1e27e1638cac8d58fe779bb126b7210f 59608 amanda_3.5.1-11.1.debian.tar.xz
bf2769d2f8c8cf3f3edc421fdaa2c36c0f3b7f31 15376
amanda_3.5.1-11.1_amd64.buildinfo
Checksums-Sha256:
d9a287d391d6e73fa27f40b850ece8034c2cdb53d4a373b59931a09c9d261ed6 2224
amanda_3.5.1-11.1.dsc
54b0a8d7a8e073cb3cc0fa5658d6aa87ed4a2584c17de71bcbd0c39f05c32df5 59608
amanda_3.5.1-11.1.debian.tar.xz
de2a61f40d26eceb30ae46ee929c8127eb9b86b9eac30475d0294320e851a5a7 15376
amanda_3.5.1-11.1_amd64.buildinfo
Files:
97716853fef88f3d0bba7211c3ae12e5 2224 utils optional amanda_3.5.1-11.1.dsc
80e786513f4f11f7ca60cce32572c581 59608 utils optional
amanda_3.5.1-11.1.debian.tar.xz
13f41f3f28f231cc98bcd4961bb26f96 15376 utils optional
amanda_3.5.1-11.1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAmVsfxIACgkQkWT6HRe9
XTbSYxAA2vbw+TyUMz1G/wrfK1WVMTevsjqM6Zt/j0iDc3CYqATwFeEn6liwfOnt
T0eHYxz5yMVQcQOWaUDwK8HKbVQ32mwdfSFRcVgRurV8qbLoLv4O8lMROnYBq1FD
WUZHt52RbmEkw06lz9omsf1906bs2rbovXTKD1V4rNoHm4GrqhxMcfihG1jhgUn7
g4UCrdZI2N1RORkf3rJc7KlXCh0WYnX2fzkp2N2C4Poj0RS29aGSSs8RuGkwk2cp
bHV37Eop7D0LnMRnF2AbS1epAYDEpvwIdqYtdjCb1+rF50vlQAhr8CQfCGew5ZiK
6dwoz5z1MFoL8EIvrrEFLbtWbonx5XusXP9P3Y7UuaxkYQWellC+Lh9ijxHWZdUK
h7vobc9za3VpXLphtiy+IzCkfqsw/dZ5/kGAhFKkJK31+tc1r/jct969MZV3R3rY
WwV9n2VJB4LzZWkTxRRCdAm6gSmms4m/F5lMN++3m41TiKMSTPWTMbHCa9lJTC4U
BnntTLxBgo8AMS+gezI+VE2LO1+wNSpxrJvXM8ONk+oO+rj1sFlAtgUKZqX2TBB8
VSbpQRR5vJ/3Kf72LMo7N4XtBRJDKYF53u5BoA6mxqsW4c8crQxNM8s3y9uKZl3E
dK4IIS6z9hyPWL/ZqgVm4qVXBifPEoSXxfSHLG9kVEXDRbk+K+w=
=UK+8
-----END PGP SIGNATURE-----
--- End Message ---
