Your message dated Tue, 11 Apr 2017 14:49:34 +0000
with message-id <[email protected]>
and subject line Bug#859448: fixed in radare2 1.1.0+dfsg-4
has caused the Debian Bug report #859448,
regarding radare2: CVE-2017-6194
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
859448: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859448
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: radare2
Version: 1.1.0+dfsg-3
Severity: important
Tags: security patch upstream
Forwarded: https://github.com/radare/radare2/issues/6829
Control: fixed -1 1.3.0+dfsg-1
Hi,
the following vulnerability was published for radare2.
CVE-2017-6194[0]:
| The relocs function in libr/bin/p/bin_bflt.c in radare2 1.2.1 allows
| remote attackers to cause a denial of service (heap-based buffer
| overflow and application crash) or possibly have unspecified other
| impact via a crafted binary file.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-6194
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6194
Please adjust the affected versions in the BTS as needed, only
unstable has been checked and experimental verified to contain the
fix.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: radare2
Source-Version: 1.1.0+dfsg-4
We believe that the bug you reported is fixed in the latest version of
radare2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sebastian Reichel <[email protected]> (supplier of updated radare2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 11 Apr 2017 15:34:39 +0200
Source: radare2
Binary: radare2 libradare2-1.1 libradare2-dev libradare2-common
Architecture: source amd64 all
Version: 1.1.0+dfsg-4
Distribution: unstable
Urgency: high
Maintainer: Sebastian Reichel <[email protected]>
Changed-By: Sebastian Reichel <[email protected]>
Description:
libradare2-1.1 - libraries from the radare2 suite
libradare2-common - arch independent files from the radare2 suite
libradare2-dev - devel files from the radare2 suite
radare2 - free and advanced command line hexadecimal editor
Closes: 859447 859448
Changes:
radare2 (1.1.0+dfsg-4) unstable; urgency=high
.
* Add upstream patches to fix security bugs
- CVE-2017-6194 (Closes: #859448)
The relocs function in libr/bin/p/bin_bflt.c allows remote
attackers to cause a denial of service (heap-based buffer
overflow and application crash) or possibly have unspecified
other impact via a crafted binary file.
- CVE-2017-6448 (Closes: #859447)
The dalvik_disassemble function in libr/asm/p/asm_dalvik.c allows
remote attackers to cause a denial of service (stack-based buffer
overflow and application crash) or possibly have unspecified other
impact via a crafted DEX file.
Checksums-Sha1:
147b0d7b2fe30e86480a9b022bd04f9acafe79b8 2234 radare2_1.1.0+dfsg-4.dsc
ea8b83abf831121bb02bdc887c5e8711bde7a9a5 24512
radare2_1.1.0+dfsg-4.debian.tar.xz
b6bec9567891cb9228661d30f0c7eca02ddec8f8 8649738
libradare2-1.1-dbgsym_1.1.0+dfsg-4_amd64.deb
db809e8f6489637198cb5be62d59e2dad0e5874a 2056216
libradare2-1.1_1.1.0+dfsg-4_amd64.deb
784775ca3db33375036ed2ffbb484b4f4a431a4f 522136
libradare2-common_1.1.0+dfsg-4_all.deb
0d33ea7fcceb6b7dffdea2a06a93f9de0505c165 146596
libradare2-dev_1.1.0+dfsg-4_amd64.deb
b680aa188e2bbb411b677771ad1a91c70f98fc9f 294844
radare2-dbgsym_1.1.0+dfsg-4_amd64.deb
55fef530ad26e370d8d0cbbbac02acb67d138acd 9220
radare2_1.1.0+dfsg-4_amd64.buildinfo
2a8f84b0b238d312a938bf9d30c462361a4fb0f1 151620 radare2_1.1.0+dfsg-4_amd64.deb
Checksums-Sha256:
d3a474dec8d60a506340163798c3d036e341be95a628d889455ac89d208d52cb 2234
radare2_1.1.0+dfsg-4.dsc
396e8e559e06a89339ce3be2338b2526f0483f07267df9e228daaa77cd3d9bb9 24512
radare2_1.1.0+dfsg-4.debian.tar.xz
71b9fa3c131aa012302c48cd93e613ba4759b0fd8b70dbf305c591181a185ac2 8649738
libradare2-1.1-dbgsym_1.1.0+dfsg-4_amd64.deb
d13cd7ee7d49328694378122e377beaeae2c491256ff87393cee4804a3c41c49 2056216
libradare2-1.1_1.1.0+dfsg-4_amd64.deb
cff5d3eea557289722e399220d1454a5436c34a7b5ec4ace7ab62ca2308c3dd0 522136
libradare2-common_1.1.0+dfsg-4_all.deb
3790b0739baadf6bacd2a0502ba6bb11af79857feb633c440728f6af6fa9f6f1 146596
libradare2-dev_1.1.0+dfsg-4_amd64.deb
36d77dde4a48e2bdd9853b6d7c50019c689cd6b029c991ac5b929c5b48b2e74b 294844
radare2-dbgsym_1.1.0+dfsg-4_amd64.deb
edc431fb2ed44294056b5f2e3c7fb645040655efd21cb7f534e6e6f67b468e07 9220
radare2_1.1.0+dfsg-4_amd64.buildinfo
d13e652c9d67e3946b42c9468b3ebef5f2ad99b7e8ace3b96831585ed0a46ddd 151620
radare2_1.1.0+dfsg-4_amd64.deb
Files:
905cd5926b0fa543c128ff81f1706ea8 2234 devel extra radare2_1.1.0+dfsg-4.dsc
7b4c10554a0f502b175175f3f8336f67 24512 devel extra
radare2_1.1.0+dfsg-4.debian.tar.xz
dfd3e702c1b53c3d1441517c696835b6 8649738 debug extra
libradare2-1.1-dbgsym_1.1.0+dfsg-4_amd64.deb
87e284ccbde21a9bd29c7afc607e3509 2056216 libs extra
libradare2-1.1_1.1.0+dfsg-4_amd64.deb
3bbcf96a3247a0354888893c7612f8d1 522136 devel extra
libradare2-common_1.1.0+dfsg-4_all.deb
66275a8dd5ba1ad80ddb0a9b81a20076 146596 libdevel extra
libradare2-dev_1.1.0+dfsg-4_amd64.deb
0f45d80165e73844a8b019ba92b58471 294844 debug extra
radare2-dbgsym_1.1.0+dfsg-4_amd64.deb
e0b4ca35456d658c1ef71e0608fe805a 9220 devel extra
radare2_1.1.0+dfsg-4_amd64.buildinfo
d1ac88aa2522ca9e28f1ac0031afff8d 151620 devel extra
radare2_1.1.0+dfsg-4_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJY7OK5AAoJENju1/PIO/qaEsAP/0vHKzH9k7HXauYvC1EJEp/X
vhEm/2MoqTi6qFErL23TgIbVgJjMJgvHa1L6uHdKNXF3tFBw0O15q3/LP8wiwxrM
lVmvdNG/HlYQfqmups6ZM5ZSGKo1BtOFKiY3XZzU7fHXbaNea/DLovGKAS/sw6gZ
kvedLvqC7ZgD/Ssthh1b40U0zRALYQ+d8qZZ5tbF/6G9DX11zj8XocOdpYxLgzx6
V/1OslvbIlS+JD5thPS7UqvdPky6KIWB49NUalvkSSOzcqgWdxPddC59cg/ya2gf
XPjhUxOPupafPVeUtuAWeb/uVWiR++GLikQc0fgqUs2KY+kcC+REv/iyTOtoY/+L
ik4H/lajmGGFXWsoU92D+gqfDIQkoUllVQj0+ZZTsaCqqNomo/W6Hv6ik6arNNji
nha0nPA3+y2ZvrAjZyFxHbv/P7qh8Ev1y43waNDnZ+D2wT1xtLN5kvBJSv+8YGHs
pjReDsTzLN/mNiU4Yv5Q9UpMQPO7LqiPILYu/QS7vgqpeyl6BUlSqdsiQ7WuVmCf
3mZrNDcb8rDYpjGrS+xPfJL8omQDTpdXJ35HBPneVzHVLvbR1PKIa444nrF4pHF6
v5Bso/7gRTaUC41paFW5gmPAgBi+RU9xWr6DBqNqM7akLXOTx+3quQh5tP0a5soF
c/ZoNPk/MPmiyiY12UGw
=Y6Jj
-----END PGP SIGNATURE-----
--- End Message ---