Your message dated Sat, 20 Feb 2016 18:47:09 +0000
with message-id <[email protected]>
and subject line Bug#812401: fixed in cpio 2.11+dfsg-4.1+deb8u1
has caused the Debian Bug report #812401,
regarding cpio: CVE-2016-2037: out-of-bounds write
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
812401: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812401
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: cpio
Version: 2.11-4
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for cpio.
CVE-2016-2037[0]:
out-of-bounds write with cpio 2.11
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-2037
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: cpio
Source-Version: 2.11+dfsg-4.1+deb8u1
We believe that the bug you reported is fixed in the latest version of
cpio, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated cpio package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 14 Feb 2016 13:42:19 +0100
Source: cpio
Binary: cpio cpio-win32
Architecture: all source
Version: 2.11+dfsg-4.1+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Anibal Monsalve Salazar <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 812401
Description:
cpio - GNU cpio -- a program to manage archives of files
cpio-win32 - GNU cpio -- a program to manage archives of files (win32 build)
Changes:
cpio (2.11+dfsg-4.1+deb8u1) jessie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2016-2037: 1-byte out-of-bounds write (Closes: #812401)
Checksums-Sha1:
84b1dd159caa2161af52df660c86b91e5cda7eaf 1879 cpio_2.11+dfsg-4.1+deb8u1.dsc
db17d80369acf691611a38979f42f31e47ee6fac 802940 cpio_2.11+dfsg.orig.tar.xz
c3f91cfe10fb87eef693972bf50e99e7056094cc 19628
cpio_2.11+dfsg-4.1+deb8u1.debian.tar.xz
9b612d9e1c4392d778c6fa5f0162c70ec23d7d1b 59666
cpio-win32_2.11+dfsg-4.1+deb8u1_all.deb
Checksums-Sha256:
59e5a67050cfe1705c94a355dee2e559fd72033e6893221bdc0e14411e7aec7c 1879
cpio_2.11+dfsg-4.1+deb8u1.dsc
f3208df43692895e1ff84cb7625c6cc27b431c9a321fe414faed402b70660cd0 802940
cpio_2.11+dfsg.orig.tar.xz
e7eea84ff0f37f3e5dd6dcac1b8cd084ca251e73a28d2abcabd3d3cb2ce729fd 19628
cpio_2.11+dfsg-4.1+deb8u1.debian.tar.xz
8a943a110eb4898c113df85273e2681b5567e142ae72505be6d02d528394ece5 59666
cpio-win32_2.11+dfsg-4.1+deb8u1_all.deb
Files:
df66f58386ef65763fc3ad5c4a2f043c 1879 utils important
cpio_2.11+dfsg-4.1+deb8u1.dsc
54d2f3b3561c3a1ca2c192e94f00bc38 802940 utils important
cpio_2.11+dfsg.orig.tar.xz
26032ca0d2edaca959d0784ec18f8a79 19628 utils important
cpio_2.11+dfsg-4.1+deb8u1.debian.tar.xz
acc80f4a536ed2750c3da49cb76ab9dd 59666 utils extra
cpio-win32_2.11+dfsg-4.1+deb8u1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJWwHdeAAoJEAVMuPMTQ89EexoP/1CrCCGRUgAkhsotcPLtekwk
bElAxVF7Nr4KmuJCYiW4UIPiOz7gWc0drKR/fg0DFuvuGQ54r9XtoTWzmiVedeHl
Yx6oarmj0eBmqq8JtvpmKZVGDwSM0GGP1TSSKJYK+rln6uFQygSHfqC+dxjKe8hk
SyiUA0bdWjgQsOVg8If0RVBX7woQ4hqrlM0P0rdd8/DUtUsOyuCdj7IZMAECbT01
sZJfZQA7XoqkFHOMraUIzmqc68dTGVaYpdOJmKPpFBTaeLd76pl0OuDGX8g8Kksl
55tpNo6aUt4MAPiurbx+t9lKebusskia81BfS2XcI+sVea0NJ8O82fi9cAL3nzEu
cJysFME5jvLoZQfwQmiLTzMNwvAwRTH23kyT8rKazqtMuJ5vo7qXlM4egqGskc6a
at+JBj0evlQsUx3IhyuGWM2FbconN94ivH4wfKCILBFTKdYaM2ZY4nQlEhZbPdME
yBEZevVpbEbMJ2r73HKMG/IDdtbWliPCakpmuMiGnWC3Qz0eNVc1U7DjOy0SS/ja
TpbGkGR1T/DO9Vnj/Pdge/3HkGdS1zSFtdSBMANdXJtZzbaAgSfYxG2URGJaJc5y
k93mQbpfwSgaUoi/773Uc6iNxoJH9jvr8D/VhNClOR6LegSrb4MFrfnsOgXGLq9M
OsdwyJdMKu86BGdU/GXk
=/U1M
-----END PGP SIGNATURE-----
--- End Message ---
