Your message dated Sun, 21 Feb 2016 12:17:41 +0000
with message-id <[email protected]>
and subject line Bug#812401: fixed in cpio 2.11+dfsg-0.1+deb7u2
has caused the Debian Bug report #812401,
regarding cpio: CVE-2016-2037: out-of-bounds write
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
812401: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812401
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: cpio
Version: 2.11-4
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for cpio.
CVE-2016-2037[0]:
out-of-bounds write with cpio 2.11
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-2037
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: cpio
Source-Version: 2.11+dfsg-0.1+deb7u2
We believe that the bug you reported is fixed in the latest version of
cpio, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated cpio package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 14 Feb 2016 13:51:33 +0100
Source: cpio
Binary: cpio cpio-win32
Architecture: source all amd64
Version: 2.11+dfsg-0.1+deb7u2
Distribution: wheezy-security
Urgency: high
Maintainer: Ruben Molina <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Description:
cpio - GNU cpio -- a program to manage archives of files
cpio-win32 - GNU cpio -- a program to manage archives of files (win32 build)
Closes: 812401
Changes:
cpio (2.11+dfsg-0.1+deb7u2) wheezy-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2016-2037: 1-byte out-of-bounds write (Closes: #812401)
Checksums-Sha1:
4665cfed702d2cae67c04e3bcb270d5b5ecfe469 1968 cpio_2.11+dfsg-0.1+deb7u2.dsc
afbf9f9e41a8f96fae5a072c5c046e200db810f1 17364
cpio_2.11+dfsg-0.1+deb7u2.debian.tar.bz2
5c4baeb31003c354492bb0ae70cb5d100155f4af 74330
cpio-win32_2.11+dfsg-0.1+deb7u2_all.deb
50289aa7b0adb9a8d784e255941976dc10fb0db1 268750
cpio_2.11+dfsg-0.1+deb7u2_amd64.deb
Checksums-Sha256:
3c9f5337b16d022ae93e3689845dd6b74587aac0a2f6c7754fad5eedeb574c54 1968
cpio_2.11+dfsg-0.1+deb7u2.dsc
c6bbdaeca639a31e14788bb5ffe3858106d1ce2eba99e3b03a7c750fcba80b54 17364
cpio_2.11+dfsg-0.1+deb7u2.debian.tar.bz2
6df7f2bb85c62a92861cc8d19eeccc102afa71dbbc1c04bfe08401721fd7cb78 74330
cpio-win32_2.11+dfsg-0.1+deb7u2_all.deb
fc578304eb1e1f42e082ef39d715d7c2861db5c4c5f0f923c4cf3bf33afd53fd 268750
cpio_2.11+dfsg-0.1+deb7u2_amd64.deb
Files:
a5f4cee940b1a335c4594cc249430fe6 1968 utils important
cpio_2.11+dfsg-0.1+deb7u2.dsc
e7688f5c665a842aaba1eaa639417425 17364 utils important
cpio_2.11+dfsg-0.1+deb7u2.debian.tar.bz2
4c11cf15cd3df1386856591f57d8402a 74330 utils extra
cpio-win32_2.11+dfsg-0.1+deb7u2_all.deb
dfb6240161cbc8d035fbe67f3b5c5554 268750 utils important
cpio_2.11+dfsg-0.1+deb7u2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJWwHjHAAoJEAVMuPMTQ89EC00P/31ykR8cE2qEFu6LQ/ujTtes
PUQcNUHzl4ycmsTtIKxFBPvYc2j7I1jEiDPjX/1ARIQfNMEkWhNTLq1njb0B8zpC
lDelGmwuOtCmif8X1XyMbWqN02O4sfjyFOVmv2XRJf7HwLYHipmWOF/AyH/DPUyE
FKFFbkFzoBRX+70pBH762xHJv0pnxrwgsTd7rSZYKlmTbUA9KjpyCvZR/fJSk7Bj
acnmPHh4uWXq3q98SuGvGPSBqKdqEQBtbJYi5KRm7VUdUx8eIvgqSjI1fzbzarI1
fvbJE2uw+4kozOhUU05NAL94HtJKd98asuCaa9DlUM6b0qgsGD4UuN2BZ5YyVbel
eu6Rx8NellJ9fvRQbUmVVtak3XHVaoeMNuP3vUFRJpKOC++LxImsf/hp08+OHEaY
0TxOuNqs/wnhLJpL/qxj/fm/ryHjotLir8xX9JTpF/77bl9rALcihtQDET8uGslQ
hXZ2ARFMNcWkkKSM2FVqkOe8CZihURUAQPBFWzJG1/qbR30W1dBFPa2pwIAMAA4/
zuNV2X7lCuRA5uG5Yw/16zyHYHHilA5N1hNIsToXzi6UFlkTBVVOyTCybg8XSJ8w
y19wkkHrFw4Q4DrtCIMO/j2sp98WGI+mDufX0Uq+uG7eRPAlGQUPlpvKupGGJkaO
9hCAy3R9j7hl1ZmjVeoh
=V0+n
-----END PGP SIGNATURE-----
--- End Message ---
