Bug#669197: marked as done (libarchive: cve-2010-4666 and cve-2011-1777)

Thu, 06 Dec 2012 23:24:21 -0800 

Your message dated Fri, 7 Dec 2012 08:19:08 +0100
with message-id <[email protected]>
and subject line Re: Bug#669197: libarchive: cve-2010-4666 and cve-2011-1777
has caused the Debian Bug report #669197,
regarding libarchive: cve-2010-4666 and cve-2011-1777
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
669197: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669197
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
package: libarchive
severity: important
tag: security

A couple issues were reported in libarchive >= 3.0, and are likely
fixed already, but there outside access to the bug reports are still
restricted, so its impossible to know.  Please check the info at the
following google code restricted links or with upstream:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4666
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1779

More info can be found in the redhat bug report:
https://bugzilla.redhat.com/show_bug.cgi?id=705849

--- End Message ---
--- Begin Message --- 
Version: 3.0.4-2

On Sun, Apr 29, 2012 at 12:35:00AM -0400, Michael Gilbert wrote:
> That is based on the statement toward the bottom of the redhat bug
> report, which may be right or wrong.  Again, its something that needs
> to be checked against real information.  Unfortunately all of it is
> behind those restricted chrome reports.

The references are not hidden bug reports, but SVN revisions for a repo
that now uses git (that's why the refs 404).

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1779
http://code.google.com/p/libarchive/source/detail?r=0736e0890a8fce59e96d57340405c56f084407e7

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4666
http://code.google.com/p/libarchive/source/detail?r=488ef3fb28c416285ebe4c00266268db7330466b

I've verified that these fixes are present in Wheezy, closing.

Cheers,
        Moritz

--- End Message ---

Reply via email to