Bug#847270: marked as done (zlib: CVE-2016-9840 CVE-2016-9841: out-of-bounds pointer)

[Debian Bug Tracking System]

Your message dated Wed, 7 Dec 2016 15:42:03 +0000
with message-id <20161207154203.jp4cgoawjv2zj...@sirena.org.uk>
and subject line Re: Bug#847270: zlib CVE-2016-9840 and CVE-2016-9841
has caused the Debian Bug report #847270,
regarding zlib: CVE-2016-9840 CVE-2016-9841: out-of-bounds pointer
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
847270: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847270
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: zlib
Version: 1:1.2.8.dfsg-2
Severity: important
Tags: security upstream patch

Hi,

the following vulnerabilities were published for zlib.

CVE-2016-9840[0] and CVVE-2016-9841[1].

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-9840
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9840
    
https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0
[1] https://security-tracker.debian.org/tracker/CVE-2016-9841
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9841
    
https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

On Wed, Dec 07, 2016 at 12:31:43PM +0100, Salvatore Bonaccorso wrote:
> On Wed, Dec 07, 2016 at 10:24:05AM +0000, Debian Bug Tracking System wrote:
> >    * Apply upstream fix for CVE-2016-9841 (closes: #847270).

> It looks that there was some confusion about the CVE used? I see the
> patch applied in this upload is the change for CVE-2016-9840, not the
> one for CVE-2016-9841?

That's because you filed three different bug reports about CVEs all with
just boilerplate and no directly readable content about them, mainly a
series of links.  Two of these linked to one CVE but this one linked to
two.  Please be consistent when filing bug reports like this - either
file one report per CVE or file everything in a single report but don't
mix the two models.

signature.asc
Description: PGP signature

--- End Message ---