Your message dated Wed, 9 Mar 2016 09:45:04 +0100
with message-id <20160309084504.GA8996@feivel>
and subject line Not vulnerable
has caused the Debian Bug report #798067,
regarding bsdmainutils: CVE-2015-5218
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
798067: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798067
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: bsdmainutils
Version: 8.0.13
Severity: normal
Tags: security upstream
Hi,
the following vulnerability was published for bsdmainutils.
CVE-2015-5218[0]:
buffer overflow in colcrt
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-5218
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1259322
The impact is not clear.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
It appears this CVE is against colcrt from util-linux, not the one dereived
from bsd which we use. Ours does not seem to be vulnerable at all:
michael@feivel:~$ colcrt Downloads/binZ8dhbQ3bFM.bin
colcrt: Invalid or incomplete multibyte or wide character
The file used is the one from the original bug report.
Hence, I just close the bug report. Please re-open if I missed anything.
Michael
--
Michael Meskes
Michael at Fam-Meskes dot De, Michael at Meskes dot (De|Com|Net|Org)
Meskes at (Debian|Postgresql) dot Org
Jabber: michael at xmpp dot meskes dot org
VfL Borussia! Força Barça! Go SF 49ers! Use Debian GNU/Linux, PostgreSQL
--- End Message ---
