Your message dated Fri, 01 Mar 2019 21:19:46 +0000 with message-id <e1gzpzk-0009nm...@fasolo.debian.org> and subject line Bug#918846: fixed in busybox 1:1.30.1-1 has caused the Debian Bug report #918846, regarding busybox: CVE-2018-20679 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 918846: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918846 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: busybox Version: 1:1.27.2-3 Severity: normal Tags: patch security upstream Forwarded: https://bugs.busybox.net/show_bug.cgi?id=11506 Hi, The following vulnerability was published for busybox. CVE-2018-20679[0]: | An issue was discovered in BusyBox before 1.30.0. An out of bounds read | in udhcp components (consumed by the DHCP server, client, and relay) | allows a remote attacker to leak sensitive information from the stack | by sending a crafted DHCP message. This is related to verification in | udhcp_get_option() in networking/udhcp/common.c that 4-byte options are | indeed 4 bytes. Note that the only once commit initially referenced for CVE-2018-20679 is incomplete, but see security-tracker for further notes. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-20679 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20679 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: busybox Source-Version: 1:1.30.1-1 We believe that the bug you reported is fixed in the latest version of busybox, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 918...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Christoph Biedl <debian.a...@manchmal.in-ulm.de> (supplier of updated busybox package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 01 Mar 2019 21:19:43 +0100 Source: busybox Architecture: source Version: 1:1.30.1-1 Distribution: unstable Urgency: high Maintainer: Debian Install System Team <debian-boot@lists.debian.org> Changed-By: Christoph Biedl <debian.a...@manchmal.in-ulm.de> Closes: 918846 Changes: busybox (1:1.30.1-1) unstable; urgency=high . [ Christoph Biedl ] * New upstream version 1.30.1 Closes: #918846 [CVE-2018-20679] * Refresh patch queue * Update busybox configurations for new upstream version . * Debian packaging changes: [ Chris Boot ] * Check signatures on upstream tarballs: - d/watch: set opts=pgpsigurlmangle - d/upstream/signing-key.asc: import Denis Vlasenko's key * d/changelog: - Correct CVE reference in changelog entry for previous upload. - Remove trailing whitespace. * d/rules: - Remove trailing whitespace. * Switch to debhelper 11. * d/control: - Set Rules-Requires-Root: no. - Bump Standards-Version to 4.1.5; no other changes required. * Remove obsolete files: - d/bin/genorig.py: not needed since ~2008. - d/udeb-sizes: not updated since ~2012. [ Christoph Biedl ] * Add a README for any package maintainer . [ Chris Boot ] * Refresh and rework patches: - Drop patches cherry-picked from upstream. - Drop temp-deb-installer-hack.patch: no longer needed. - Rework patches to account for upstream changes: - shell-ash-export-HOME.patch - version.patch * Enable new applets for use by initramfs-tools: nuke, resume, run-init. Checksums-Sha1: aef3c74ea006d4d8a95f9401482c041b8d02fd2f 2241 busybox_1.30.1-1.dsc 5d9a78fa2789cd22cdac78058296e195e67faf59 7793781 busybox_1.30.1.orig.tar.bz2 60035f7788d6794c4b0085fa5edefc11a5f856d0 47184 busybox_1.30.1-1.debian.tar.xz 481964528dd81c64bcdd69310dd2ad7276062f61 7032 busybox_1.30.1-1_powerpc.buildinfo Checksums-Sha256: 968208464a24cf96ee9a3c6bed5ca5d85921b1ed45cb4811697e14eb89c970ea 2241 busybox_1.30.1-1.dsc 3d1d04a4dbd34048f4794815a5c48ebb9eb53c5277e09ffffc060323b95dfbdc 7793781 busybox_1.30.1.orig.tar.bz2 c6ffbf3a84b51e587fa938d1f2775c7febc5e4f09bce5e71c313a8d391ca4822 47184 busybox_1.30.1-1.debian.tar.xz 30659b1a51cdd7bbda39b568c4024127102366cf517c613e07f9008bea3d84e9 7032 busybox_1.30.1-1_powerpc.buildinfo Files: adcb7172ec4015680cc34e5439b303eb 2241 utils optional busybox_1.30.1-1.dsc 4f72fc6abd736d5f4741fc4a2485547a 7793781 utils optional busybox_1.30.1.orig.tar.bz2 937f187dffb9b796b88292e51bc31022 47184 utils optional busybox_1.30.1-1.debian.tar.xz 6a68db70949d0967051364495df0df53 7032 utils optional busybox_1.30.1-1_powerpc.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEWXMI+726A12MfJXdxCxY61kUkv0FAlx5ngIACgkQxCxY61kU kv2OrxAAj0fL86T94vD1SbNiszgRbUG+N1GTcwACNbEqihMcDaFD4x5tzFjAyvRV x0Jm4GxU4eF6HZfWlmLdh6qkjgZu8H/uBcoAN7oX8D6ygzaEgFSIj87XylTA++XL 33dzhkSNg9RBN8DrVVdAV2JFfbSYszBW78C+5MdMFmL9g3SzWsejiHIrx8p+/Ias 3bs+4nMsd6Of1fMtJvc10JuSsYMoIlTZ+psRqYbjbKXx6Qt6pdNvCEEP1vjJboDr WxqQCUEQnpa+PyjF+PYvQEyop+BykelYEQgZ51dyNVS2Ojvnd7z+YQFk2z/Vylyj 7knzNS51XwkxgrEcOV6wu+cJzmfH2+NQnKhsa3bNl0wUbG8t7gc6s7Dud7Dhha7H QuNh/C0F77KHHtJlIDBhDv18CJLKqzyNBNfg0dGhyjqag8fnzLyWGMHU7r1cL2X0 mTMBE9c/PGaNHdlHugOAvRVGS1O6Vg0UZGVPIPcCf4gNuCTnddAyA6DOTl3P6A9u q1DuWGNRY0JTwjL7/ouvvSHaMQmBOn8Zk+uKE6Gb9AiVhUEUMLJQeDeunvex7qz3 PwBWiOynvVMO2M5IV6btM6CdabxxU6ex0slTXMFX1VmhRa3h+a6zPtFLueQcyqQT 8k4eLNrttx7Wi3J3JfXD4JjT6+H02LFOEGCeXWQYYdb6XmWV7iw= =7PTC -----END PGP SIGNATURE-----
--- End Message ---
