Your message dated Sat, 21 Feb 2015 22:32:05 +0000
with message-id <[email protected]>
and subject line Bug#778409: fixed in vigor 0.016-19+deb7u1
has caused the Debian Bug report #778409,
regarding Henry Spencer regular expressions (regex) library contains a heap
overflow vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
778409: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778409
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: vigor
Severity: important
Tags: security patch
The security team received a report from the CERT Coordination Center that the
Henry Spencer regular expressions (regex) library contains a heap overflow
vulnerability. It looks like this package includes the affected code at that's
the reason of this bug report.
The patch is available here:
http://gitweb.dragonflybsd.org/dragonfly.git/blobdiff/4d133046c59a851141519d03553a70e903b3eefc..2841837793bd095a82f477e9c370cfe6cfb3862c:/lib/libc/regex/regcomp.c
Please, can you confirm if the binary packages are affected? Are stable and
testing affected?
More information, here:
http://www.kb.cert.org/vuls/id/695940
https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/
A CVE id has been requested already and the report will be updated with it
eventually.
Cheers, luciano
--- End Message ---
--- Begin Message ---
Source: vigor
Source-Version: 0.016-19+deb7u1
We believe that the bug you reported is fixed in the latest version of
vigor, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Colin Watson <[email protected]> (supplier of updated vigor package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 21 Feb 2015 15:21:54 +0000
Source: vigor
Binary: vigor
Architecture: source amd64
Version: 0.016-19+deb7u1
Distribution: stable
Urgency: medium
Maintainer: Colin Watson <[email protected]>
Changed-By: Colin Watson <[email protected]>
Description:
vigor - nvi with the evil paperclip
Closes: 778409
Changes:
vigor (0.016-19+deb7u1) stable; urgency=medium
.
* Use libc's regex routines rather than the bundled ones, to avoid needing
to apply security patches independently (closes: #778409).
Checksums-Sha1:
416ea6863a06984742c6b51ce0774537f18e2372 1863 vigor_0.016-19+deb7u1.dsc
d3618ef9c46839229975c085470d16c17552cf95 51701
vigor_0.016-19+deb7u1.debian.tar.gz
d0a107b433cd182cd5818b0ce86c43da9b33fdda 278116 vigor_0.016-19+deb7u1_amd64.deb
Checksums-Sha256:
5b22e4b03790c3754992d1f25b45388b5e819ac8d7b860fdf6b1202ac2763492 1863
vigor_0.016-19+deb7u1.dsc
63baf92fc92ba26689b7eb5501156a2decbf0402e4389dac9511b25ec08ecc2a 51701
vigor_0.016-19+deb7u1.debian.tar.gz
c2deb65c54ba44a8e43f867b45af47c4c39bdc0f1d4991cac321c12d4c5529f4 278116
vigor_0.016-19+deb7u1_amd64.deb
Files:
855f73b764899729bb6dce9b1bd2cf8a 1863 editors extra vigor_0.016-19+deb7u1.dsc
4b9a896f3bb8622dcd8592c3491fb2c6 51701 editors extra
vigor_0.016-19+deb7u1.debian.tar.gz
9ace6841eba824ff29fd4f22603e34a5 278116 editors extra
vigor_0.016-19+deb7u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Colin Watson <[email protected]> -- Debian developer
iQIVAwUBVOij/zk1h9l9hlALAQgeYA//eujgo70K1SAD05IktrMSJc4dfnCqeT9g
7eNXMC5Vqc5F+eHnnjIX43hIFlw1Xngm+3gq5r2xC3YgdVbcdgKkg236F8aXf7Ma
vnc/rg1Z8aY4gayQXC3twW3Z18agz83VoFHTHNkgdLByru1fXAJAiR05bq4bXNpH
cU+3JgSrY6CWpTsTWVvZTFCiqeXTiIsySj31ds5nYW+y/RBe1vwmPmwjYd/53Q5g
EGCWHNO6A50wk3sHD+X1Lku/aL1/V2bF891+FB09r0TZ+TpIRJtbXmUKJ7jtOo2r
YsQoiQ1pUyxnrEbFB+jeGJjJFxHrNX1oo9jSQHGTS5KWknzF3Qkf0czVlBuU1laY
nEF7fhTAR/JY+0YlpKF1StsgxhFCA92vXdD8FT6klYSRcnWBEFnzGLzLV4BhmPVL
aK+ObBq8VfkSqvOmENNYk/5Y7NmHratFz5HvGcRpKCqhUn6RfuTV19AU5uMWE0Ph
qfO4xY9X5NP8sEqYtNm3wrcODYFezRJ+gHFLLxoDcPcD7sUWyijEu21GO53Oztcv
wd6opQlUgJOz51oLjBCx+r73RA4jlt2CweXbsS7piWEiKcXu9WK4xXsV9U02vvyl
VnFzYhN+yauWZuSIdKC4d+V5zJ91OrzRs43l61pwMgjb/cy28QLqJP/sa62MQjEm
iDC9GypUTog=
=BzvS
-----END PGP SIGNATURE-----
--- End Message ---
