Your message dated Wed, 01 Nov 2017 23:34:55 +0000
with message-id <[email protected]>
and subject line Bug#877442: fixed in libofx 1:0.9.11-5
has caused the Debian Bug report #877442,
regarding libofx: CVE-2017-14731
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
877442: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877442
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libofx
Version: 1:0.9.11-4
Severity: important
Tags: security upstream
Forwarded: https://github.com/libofx/libofx/issues/10
Hi,
the following vulnerability was published for libofx.
CVE-2017-14731[0]:
| ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote
| attackers to cause a denial of service (heap-based buffer over-read and
| application crash) via a crafted file, as demonstrated by an ofxdump
| call.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-14731
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14731
[1] https://github.com/libofx/libofx/issues/10
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libofx
Source-Version: 1:0.9.11-5
We believe that the bug you reported is fixed in the latest version of
libofx, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Dylan Aïssi <[email protected]> (supplier of updated libofx package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 01 Nov 2017 23:07:52 +0100
Source: libofx
Binary: libofx7 libofx-dev libofx-doc ofx
Architecture: source
Version: 1:0.9.11-5
Distribution: unstable
Urgency: high
Maintainer: Dylan Aïssi <[email protected]>
Changed-By: Dylan Aïssi <[email protected]>
Description:
libofx-dev - development package for libofx7
libofx-doc - documentation for libofx7
libofx7 - library to support the Open Financial Exchange format
ofx - Open Financial Exchange programs
Closes: 877442
Changes:
libofx (1:0.9.11-5) unstable; urgency=high
.
* Add an upstream patch to fix CVE-2017-14731 (Closes: #877442).
* cme fix dpkg-control.
* Remove trailing whitespace characters in d/changelog.
* Bump Standards-Version: 4.1.1 (no changes needed).
Checksums-Sha1:
8c2e6f51cd4aedf275acc615d999ffe3cce97f2a 2119 libofx_0.9.11-5.dsc
6d4abdef7c69e9d0c288f375f3c1b0da48a30b51 47488 libofx_0.9.11-5.debian.tar.xz
d93396b1db78ad6039230d8ea0ce752ea2499157 8477 libofx_0.9.11-5_amd64.buildinfo
Checksums-Sha256:
b6f71babc06482a134905198a71690828af19bd0893d2023ade6a190b83a2baa 2119
libofx_0.9.11-5.dsc
2940339f834a69eae630579e3b2a30ff62b87013f5660d79e77aa35db505805a 47488
libofx_0.9.11-5.debian.tar.xz
5574bfe0e4caaa1013b79a713c7c38e9d4a91cc7a92f471185b6703f5a6e31ee 8477
libofx_0.9.11-5_amd64.buildinfo
Files:
e732f947f7df77468358a5e024eb0b73 2119 libs optional libofx_0.9.11-5.dsc
05f44b2cfd07be7798b63f34de92979e 47488 libs optional
libofx_0.9.11-5.debian.tar.xz
244844799dc20f0ed8934d1bf60ebd8e 8477 libs optional
libofx_0.9.11-5_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJJBAEBCgAzFiEEmjwHvQbeL0FugTpdYS7xYT4FD1QFAln6ShoVHGJvYi5keWJp
YW5AZ21haWwuY29tAAoJEGEu8WE+BQ9UoqkP/AmLHiIh4vm1pL0g11k+1RU9iYf7
QBqLFqD1okkBaCTwBD8jzH+IBVpUS48gx8B2rKSn5bfvXF9VQ68ykuUlZ3iDsQrU
U2v+BbaivphM+/GkgK2Fostiljm4LlcVq2dmnz674+38NmhkC240dWTZlBMlUaYn
aL2Sb6mAq0yvb+7D4JwXBmM7wz1E38Xv9PxavLIlojaztZ65eLssbqhLkW1BcbNt
gC3tQeGil0eX6C1xqj4vElCa/szJrjXPB/CVY2V3xSk8oTW4xdjtTKeEE4UqnAGJ
ifesLWfWmVrXkmK1tc8LDN6rVWKkabqgGWWvREkuPlCO5gufwaGmWTSHKVSod4XG
0iaFLR81ediOMm1bxzanup6bu7HMSgPpBk5R3qC+GlaqrEjw7aNE4t9PtFpHJhJH
ZOj2Z8X7twdNTCRULPbPSmlgTllE5+xa9UuqwDvG6mlRIR4/7/cR2knSaEtWaw3B
azzlB4+fGoSaxHUOgBJxyQBbhux/Rg1gYR3d+Zmm3IdWkRDjmXBOKa+9bH4HpXRZ
uWV1TxnV/AV8ogeqt67F+mJ+wwmsPxyXUlip/tzsBMy4Lgwl9wp/yfwR0R0D4KXT
8friW/DwI83xcL62WRcwH98m2kdyk8n7flxm3HGMAlS2ylEXKTnQTBDNUqZyrr+s
yh45w/mcspW1n35T
=mhhU
-----END PGP SIGNATURE-----
--- End Message ---
