Your message dated Fri, 22 Dec 2023 19:04:54 +0000 with message-id <e1rgkpk-00fw9l...@fasolo.debian.org> and subject line Bug#1059293: fixed in lrzip 0.651-3 has caused the Debian Bug report #1059293, regarding lrzip: CVE-2023-39741 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1059293: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059293 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: lrzip X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for lrzip. CVE-2023-39741[0]: | lrzip v0.651 was discovered to contain a heap overflow via the | libzpaq::PostProcessor::write(int) function at /libzpaq/libzpaq.cpp. | This vulnerability allows attackers to cause a Denial of Service | (DoS) via a crafted file. https://github.com/ckolivas/lrzip/issues/246 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-39741 https://www.cve.org/CVERecord?id=CVE-2023-39741 Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---Source: lrzip Source-Version: 0.651-3 Done: Laszlo Boszormenyi (GCS) <g...@debian.org> We believe that the bug you reported is fixed in the latest version of lrzip, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1059...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Laszlo Boszormenyi (GCS) <g...@debian.org> (supplier of updated lrzip package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 22 Dec 2023 19:05:20 +0100 Source: lrzip Architecture: source Version: 0.651-3 Distribution: unstable Urgency: high Maintainer: Laszlo Boszormenyi (GCS) <g...@debian.org> Changed-By: Laszlo Boszormenyi (GCS) <g...@debian.org> Closes: 1059293 Changes: lrzip (0.651-3) unstable; urgency=high . * Backport hsize validation for empty PCOMP to prevent Denial of Service, fixes CVE-2023-39741 (closes: #1059293). * Use no for Rules-Requires-Root. * Update debhelper level to 13 . * Update Standards-Version to 4.6.2 . Checksums-Sha1: 1624014a2a00cfb802d4e73c445d6ef2e1cc72e1 1781 lrzip_0.651-3.dsc 91575c069fc851c0e691beab687afc6f8e06039a 8652 lrzip_0.651-3.debian.tar.xz Checksums-Sha256: 83a722dfa1a6a02efdc82dd9e5fdc4ec0de00e249f2a1a59e6540552f8af6304 1781 lrzip_0.651-3.dsc 96eb9f75bed31b51a12804bb485a65b3852dc4c4281229dcf18aa81b2fb9bfed 8652 lrzip_0.651-3.debian.tar.xz Files: 14fac7955a5b37047536a025b5a2f53b 1781 utils optional lrzip_0.651-3.dsc 0d59f1d5fd4b9199ecc0c48bce411464 8652 utils optional lrzip_0.651-3.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAmWF2ZkACgkQ3OMQ54ZM yL/tTQ//axb6maBt1ebRJ69zYL832i/JPN3en+sm5A1QE7c3m8GiY6PXUkn857MN Toc3PDbnKH7r6kYOmKjZLw6fffgUeuJB95wuGNI1lJHn1YVeIRhRjp5Au6rz8CbI 70w9nNTKRFqoGuAV/oS3jGEvBTNwhcieticl+1Oe2ahoevnB37IbzgURlgoIl6yw 38eh045YnnuAwn8Rqj9vW6Qo2dnM1C7oDqJOdkC3GI1UZcy4awcj8m7TKJrGKEWS OX3AbJRcSTMwimJ+o/Sertx7Hks50tT3ClKUOloWWulra0oo9Ds+3moCfdRst4+o a491a47KIWzUwywrpDigupv9dx9Jg5Ru6oM/gkpHUQpELsX9HG5PqtrDe1yp1pbj 1Ey9dcfanjMNsmxUixJsV2hETXYhq/GTuYL/iXP0MqEZ0E8KSYWVjZvG5Gz7k793 HkjYGXh+GgzWakVd/Wro6tAxEIFjems9IYv9OIaiK1VpA1xJLTDDopA6cpAvD+Z0 mQTow1qaGs3SVMKtNAHx8/c8BBD4xI51I+Vb1mA2IcjtyrLZKNN+zCISIizYbcTT pKNmv+xvhedNMX8O6ygi4cE4R94N9wci4L6OSG+QvBUzNtoiVK3LRoify2VBCwqu 5yyjwfaGnyXNNt3rFxwtogTfPI7o6fJZdjBePmQS+r5F3tejlWU= =4M/Z -----END PGP SIGNATURE-----
--- End Message ---
