Your message dated Sun, 14 May 2017 15:03:50 +0000
with message-id <[email protected]>
and subject line Bug#861347: fixed in udfclient 0.8.8-1
has caused the Debian Bug report #861347,
regarding udfclient: CVE-2017-8305: Buffer overflow in own strlcpy
implementation
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
861347: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861347
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: udfclient
Version: 0.8.7-1
UDFClient has its own implementation of strlcpy function as standard
glibc in libc.so does not provide one. But this implementation in
UDFClient prior to version 0.8.8 has buffer overflow defect and writes
more characters as buffer size.
Mitre assigned CVE-2017-8305 for this issue.
--
Pali Rohár
[email protected]
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---
Source: udfclient
Source-Version: 0.8.8-1
We believe that the bug you reported is fixed in the latest version of
udfclient, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Pali Rohár <[email protected]> (supplier of updated udfclient package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 27 Apr 2017 22:10:27 +0200
Source: udfclient
Binary: udfclient
Architecture: source
Version: 0.8.8-1
Distribution: unstable
Urgency: low
Maintainer: Pali Rohár <[email protected]>
Changed-By: Pali Rohár <[email protected]>
Description:
udfclient - userland implementation of the UDF filesystem
Closes: 861347
Changes:
udfclient (0.8.8-1) unstable; urgency=low
.
* New upstream release.
- CVE-2017-8305: Fix buffer overflow in strlcpy implementation
(Closes: #861347)
* Enable hardening.
* Install new man pages.
* Update debian/watch.
Checksums-Sha1:
a18418239d2aea8390ac2f8f665650ea43412086 1745 udfclient_0.8.8-1.dsc
7d730739dcdc8686a5d146423665900db7daeca2 257978 udfclient_0.8.8.orig.tar.gz
0ef8b1e30144d8d8d848ee8e2e0f687f1f945c3d 4872 udfclient_0.8.8-1.debian.tar.xz
Checksums-Sha256:
4bda69c3b5aaa4641c37de58232bba178bfdc3c7e924822515fba475e865eb15 1745
udfclient_0.8.8-1.dsc
962bd2aa578f9056fba19f920bb8444501020774298dc809d6239c480c96c6c5 257978
udfclient_0.8.8.orig.tar.gz
1dff68723d228352201b8564d2b6a9329ae33860b9a90af01085e73cf17e918e 4872
udfclient_0.8.8-1.debian.tar.xz
Files:
83dd95782af78b0c9dce79fd7c3c9c2f 1745 otherosfs optional udfclient_0.8.8-1.dsc
529a047f5e87b04540d06e369747c50b 257978 otherosfs optional
udfclient_0.8.8.orig.tar.gz
6494ca9c759a40632dd111ee3b4bb79d 4872 otherosfs optional
udfclient_0.8.8-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJZBJSsAAoJEPNPCXROn13ZBakP/3E6T1LoZajivF5tbI3SAtzl
NDHBZX7MI33okcQgkz3eajrjWov/RvhUKOIcYq1fRKXIDSb0z4c/aRDkA4pUZ2o+
VPKjU7F1PaqnHixzs1Ggqu3fRSSinpQ0+iwnKwgLOFj0CRc0IIw+bkQfrtbIDZHY
1VCBxsTuWnATNfRZiVn0y5+wp5dtC9X7IxS8rQ3tRGDQNw+bSxAN1uxP+MoX3R96
/ju+IlDXrOVZKbcpry5UR0u2fTsjWSJorxt2n05fOIsmV9cTWS/gd1osLwKEgKJ7
cGQsgVSejW4Lwrs1aP28Oh5npgykhhRtOeNkD5z6+nm9ySpORzuoI6twa9yGeIXH
xxacwGThLRqw8NeTPiUaPD80Jes5j1gL8QLhjbbQjdWwMI0EFw/h4C0D3+59O5PN
gyPyHJTx/AGO8MU5B7zH0VivpAxCuBI2jiOQlTxpvnD6uiprirTYTHzQRx/1u+Cr
/uiyl3NleM/a6HyiuQ9pwRqghn3jmU7SStLumACORcleRFFrRbHy/HuFqew6Nshl
K8mDTrG+sI2F/wxK/DVzUDZ14Od0NzyCiBAFm4UCiD+QNkZDDSRlRzuGfdNZLGB5
bNHxT/ffhED6aTzpTCwhJ5dmtbzpDdqS8EZ5pKiPfjQdMxsrMnw3c6b5OE8TzNMX
KftrWgw49DPryq9J4cEE
=XlSk
-----END PGP SIGNATURE-----
--- End Message ---
