Your message dated Sat, 23 Sep 2017 10:02:57 +0000 with message-id <e1dvhgz-00021j...@fasolo.debian.org> and subject line Bug#875690: fixed in freexl 1.0.2-2+deb9u1 has caused the Debian Bug report #875690, regarding freexl: CVE-2017-2923: Heap-based buffer overflow in the read_biff_next_record function to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 875690: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875690 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: freexl Version: 1.0.3-1 Severity: grave Tags: upstream security Hi, the following vulnerability was published for freexl. CVE-2017-2923[0]: Heap-based buffer overflow in the read_biff_next_record function If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-2923 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2923 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1490898 [2] https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0430 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: freexl Source-Version: 1.0.2-2+deb9u1 We believe that the bug you reported is fixed in the latest version of freexl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 875...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bas Couwenberg <sebas...@debian.org> (supplier of updated freexl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 16 Sep 2017 23:19:22 +0200 Source: freexl Binary: libfreexl-dev libfreexl1 libfreexl1-dbg Architecture: source amd64 Version: 1.0.2-2+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Debian GIS Project <pkg-grass-de...@lists.alioth.debian.org> Changed-By: Bas Couwenberg <sebas...@debian.org> Description: libfreexl-dev - library for direct reading of Microsoft Excel spreadsheets - deve libfreexl1 - library for direct reading of Microsoft Excel spreadsheets libfreexl1-dbg - library for direct reading of Microsoft Excel spreadsheets - debu Closes: 875690 875691 Changes: freexl (1.0.2-2+deb9u1) stretch-security; urgency=high . * Update branch in gbp.conf & Vcs-Git URL. * Add upstream patch to fix CVE-2017-2923 & CVE-2017-2924. (closes: #875690, #875691) Checksums-Sha1: 8b199325e69e45329b018617d27e56790ae1984a 2127 freexl_1.0.2-2+deb9u1.dsc 9878a2dfb23ba00be34605557ac454539411071d 939064 freexl_1.0.2.orig.tar.gz aecd0e7490172e709c5b43a15e8000c13026109d 14600 freexl_1.0.2-2+deb9u1.debian.tar.xz a80e757eb7672d77f9da5369e50b7d6e5555c872 6362 freexl_1.0.2-2+deb9u1_amd64.buildinfo c53b2efd9d716d86e5679c66bf80b59e60ab86f9 32648 libfreexl-dev_1.0.2-2+deb9u1_amd64.deb 9baafc2c8a0c533e9b6da15da45efedd7ef1eb84 50660 libfreexl1-dbg_1.0.2-2+deb9u1_amd64.deb e674a4005930e2cc8f9e89cc00f7d167ca2cdab2 33792 libfreexl1_1.0.2-2+deb9u1_amd64.deb Checksums-Sha256: dc86625a56096baf01db9e8ada0e29cd63ae2f1c26101f4b095b136bee098bfe 2127 freexl_1.0.2-2+deb9u1.dsc b39a4814a0f53f5e09a9192c41e3e51bd658843f770399023a963eb064f6409d 939064 freexl_1.0.2.orig.tar.gz 9f5e6b71205c650b89d9e781dde7eb0010cef84400588b33f8a1865f0939b88f 14600 freexl_1.0.2-2+deb9u1.debian.tar.xz 8833dc2ab9b48d65dc3b368b07dcc95c8df7d3ed897afce3b22781faab64099f 6362 freexl_1.0.2-2+deb9u1_amd64.buildinfo 2fc42244c0645579dc7c794a834ba249fe390c97ec357140427ce3a4b8fb0e81 32648 libfreexl-dev_1.0.2-2+deb9u1_amd64.deb 8a56b7440676c4063c1e6688dc5208c180920ebeaf7ded1a4d32142d453e71ff 50660 libfreexl1-dbg_1.0.2-2+deb9u1_amd64.deb b0c09bd3e99f008066f4112a3448ab6a7da466aa8d38204ff849b9c4c0ef24b4 33792 libfreexl1_1.0.2-2+deb9u1_amd64.deb Files: ccfea2082d0aaea7bb19d2046c96eb09 2127 libs optional freexl_1.0.2-2+deb9u1.dsc 9954640e5fed76a5d9deb9b02b0169a0 939064 libs optional freexl_1.0.2.orig.tar.gz d2f44db313e993e954c6e1114dd45e3f 14600 libs optional freexl_1.0.2-2+deb9u1.debian.tar.xz 1a9b1864e0d22cc5e4bd7a1825f9fcca 6362 libs optional freexl_1.0.2-2+deb9u1_amd64.buildinfo 9f18dd57b25e6466b3be0cc439a9600f 32648 libdevel optional libfreexl-dev_1.0.2-2+deb9u1_amd64.deb f769906ff983949c3169d2871552e906 50660 debug extra libfreexl1-dbg_1.0.2-2+deb9u1_amd64.deb 497618d4ab7105ebe448b7d218c3db09 33792 libs optional libfreexl1_1.0.2-2+deb9u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEgYLeQXBWQI1hRlDRZ1DxCuiNSvEFAlm+fXIACgkQZ1DxCuiN SvHfNxAAuh9eJdfoXd6N4Oer5rzrbBqoM1I+3qDG0N/tUqrrjr7fxWHD/P/rS5uK 9TCgAlwiKYOpTxLHop86B52gS79K3H81A5XeieQ2Q9DpC9S6TfIpWkpgmcq20ywI MI2VCwfy5P5hbhNHMU2GDQVMTgzmdysJij5UyT+ASp9MI1tC4UIxIbFtAm90ApJa tU7y+EgbeJLAjf7Qh1lFyKDMG+cJz2KsfNusMLMwXc1byhxXrgbbM7vUAJaibgM9 LhO7GEQKFIVFOdQqhvnqmYG84ASAczmMwT0rk7vZgC/fxMYk84S5UPjKqXeJFbZd hEbRAdAER/Qmu7kZBb/DrkDJkFmYXD92a87o8Cul0FvsIvSaECb21rTfPRJ73MfW RRILDnN8r3H215gNJU6bxp/bhOYNZC42eSs0GwJXtsLcfChWGjkGegpFIMMNqN3L fDfgstBLgzimVI9SkLXIa+keOngxmhc3aqu/WN5To8kY7cClsAWVu+X0QlihVSFl t42g/nuek0jOSeJLjvKbLgWTwsUNMS44ofTl7jSVgwe1xLyMtfMXI1tp2XtT7dU7 eY0HAmKexfVBinGGefdF98CC3mjbX7l26p8ABfnSK+0POqDqpO4WAZVtu7HCa1Nc 6+h7lFsfyrpXVc1NctsGNKAP3QF3zl3z7cO41XKNCwjQoLIqrm0= =X+xI -----END PGP SIGNATURE-----
--- End Message ---
