Your message dated Sat, 27 Apr 2024 04:34:24 +0000
with message-id <e1s0zly-00aclb...@fasolo.debian.org>
and subject line Bug#1034154: fixed in libyang2 2.1.148-0.1
has caused the Debian Bug report #1034154,
regarding libyang2: CVE-2023-26916
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1034154: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034154
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libyang2
Version: 2.1.30-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/CESNET/libyang/issues/1979
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for libyang2.
CVE-2023-26916[0]:
| libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL
| pointer dereference via the function lys_parse_mem at lys_parse_mem.c.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-26916
https://www.cve.org/CVERecord?id=CVE-2023-26916
[1] https://github.com/CESNET/libyang/issues/1979
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libyang2
Source-Version: 2.1.148-0.1
Done: Daniel Baumann <daniel.baum...@progress-linux.org>
We believe that the bug you reported is fixed in the latest version of
libyang2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1034...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Daniel Baumann <daniel.baum...@progress-linux.org> (supplier of updated
libyang2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 27 Apr 2024 05:52:11 +0200
Source: libyang2
Architecture: source
Version: 2.1.148-0.1
Distribution: unstable
Urgency: medium
Maintainer: Ondřej Surý <ond...@debian.org>
Changed-By: Daniel Baumann <daniel.baum...@progress-linux.org>
Closes: 1034154 1034724 1068952
Changes:
libyang2 (2.1.148-0.1) unstable; urgency=medium
.
* Non-maintainer upload.
* New upstream release (Closes: #1068952):
- fixes a NULL pointer dereference in lys_parse_mem() [CVE-2023-26916]
(Closes: #1034154).
- fixes a NULL pointer dereference in lysp_stmt_validate_value()
[CVE-2023-26917] (Closes: #1034724).
* Updating libyang2t64.symbols for new upstream version.
Checksums-Sha1:
7acb4949f97d211034bd3a5b90029a2dfe33a6d9 2193 libyang2_2.1.148-0.1.dsc
1b5a2b5397c53d16eb3a1c4174cd2bf5b61a7df0 852880 libyang2_2.1.148.orig.tar.xz
1474695156cb7a2b1753e9e962cadfe24fd1cb09 12648
libyang2_2.1.148-0.1.debian.tar.xz
17bfe4bad7fe0bc45b4fea488f77319b175ce0ee 8690
libyang2_2.1.148-0.1_amd64.buildinfo
Checksums-Sha256:
3dae4a3c8c0b87e8df4faf7512837fd416a60e019f75e4a177939c3d4ec47c12 2193
libyang2_2.1.148-0.1.dsc
9813ae052e14312e34965b9d294a0529f392c4e21611c47c0c5732011296f2b8 852880
libyang2_2.1.148.orig.tar.xz
6197b33e0103b8a33995ce388729933827e6e8c258d5659cd2811bbbbf1eb247 12648
libyang2_2.1.148-0.1.debian.tar.xz
90372452df263ba06cf518d8d59687c8e95e73640b5f93c786fe310ee2c45e45 8690
libyang2_2.1.148-0.1_amd64.buildinfo
Files:
afd09c5af50a2a210101568cf83ee7d2 2193 libs optional libyang2_2.1.148-0.1.dsc
ca6915c2c2e02525630777a626224ec7 852880 libs optional
libyang2_2.1.148.orig.tar.xz
c4873d50e28c0370928f9c3feffb53bb 12648 libs optional
libyang2_2.1.148-0.1.debian.tar.xz
25275ebb03618452299cfb276ae705de 8690 libs optional
libyang2_2.1.148-0.1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEgTbtJcfWfpLHSkKSVc8b+YaruccFAmYsfGMACgkQVc8b+Yar
uceVxQ/+PyR6KSetRF45ZwXd5uglI37AlSm/OYs/dPAxctPJ+il2eWpMKrzP8F+f
o0MNuZ7871Ykkzfx6pMOfpNUKZj5PjhEnTxBkgbICsCNylh4D/oaSQf+IfSUq7r7
aOvIzCo6vuLzxdj5ygMg0FcnEEUR/9wH+rQdvRzvm1r1Y7s63FwASXo8wOLO7nnU
hk0I9NU21zl0qDE7xc8o0A3y8TRswnsl/fWI691+luHRe8UoFvI/rFHjdemewi80
4nsqja9SYh3N/lLCABJkXnYObnNNfNEzbrZLpZE2Cxf2ROpFEcFNWG6Pqh+ai16d
dzticNdGoemqKq0GxrkyR0eUHpahlHn1D402AiHxxOksG8HoOLVcVa6NKoOzFSNz
YQaP9yIt0ozKvqxmgKm2aZd9vJ95j7aRnVXlj48cGs63PZdB5RhRCxtmcchO03BQ
xL/it3Z4fK/5QOFhD1t4VN5Jz1glwbUUUiWM7kt+LQAT4Q+TATnYZ6wL2AVqSbkG
NIZfYXmpikh2l+ANEHQ5bieY1cmhh5WvZ0cz8PgfB+k/ijy5YbG+uJ7J1HTsdmxk
NXeXAyzNAsiJD/4lLg/pSz7rw0oligXlZKhe/sr1fcClOPuavUKUqRloZnBW2iTS
ntvH5h7drxDwlOxqEpFMkgNIO5XEtgBxQakvqmcY60rHTtSbw0M=
=eETj
-----END PGP SIGNATURE-----
pgpKiJ4kMsyvf.pgp
Description: PGP signature
--- End Message ---
