Your message dated Mon, 06 Nov 2017 15:15:36 +0000
with message-id <[email protected]>
and subject line Bug#880017: fixed in glusterfs 3.12.2-1
has caused the Debian Bug report #880017,
regarding glusterfs: CVE-2017-15096: Null pointer dereference
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
880017: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880017
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: glusterfs
Version: 3.12.1-1
Severity: important
Tags: patch security upstream
Forwarded: https://bugzilla.redhat.com/show_bug.cgi?id=1502928
Hi,
the following vulnerability was published for glusterfs.
CVE-2017-15096[0]:
| A flaw was found in GlusterFS in versions prior to 3.10. A null
| pointer dereference in send_brick_req function in
| glusterfsd/src/gf_attach.c may be used to cause denial of service.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-15096
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15096
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1502928
[2]
http://git.gluster.org/cgit/glusterfs.git/commit/?id=1f48d17fee0cac95648ec34d13f038b27ef5c6ac
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: glusterfs
Source-Version: 3.12.2-1
We believe that the bug you reported is fixed in the latest version of
glusterfs, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Patrick Matthäi <[email protected]> (supplier of updated glusterfs package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 06 Nov 2017 14:42:55 +0100
Source: glusterfs
Binary: glusterfs-client glusterfs-server glusterfs-common
Architecture: source amd64
Version: 3.12.2-1
Distribution: unstable
Urgency: high
Maintainer: Patrick Matthäi <[email protected]>
Changed-By: Patrick Matthäi <[email protected]>
Description:
glusterfs-client - clustered file-system (client package)
glusterfs-common - GlusterFS common libraries and translator modules
glusterfs-server - clustered file-system (server package)
Closes: 880017
Changes:
glusterfs (3.12.2-1) unstable; urgency=high
.
* New upstream release.
- Fixes CVE-2017-15096:
A flaw was found in GlusterFS in versions prior to 3.10. A null pointer
dereference in send_brick_req function in glusterfsd/src/gf_attach.c may
be used to cause denial of service.
Closes: #880017
- Remove merged patch 03-spelling-errors.
* Remove init scripts from .install file to avoid a FTBFS on backporting.
* Remove obsolete build dependency on dh-systemd.
* Bump Standards-Version to 4.1.1 (no changes required).
* Use secure URI in debian/watch and for the homepage control field.
* Add patch 01-spelling-error.
* Do not set DEB_HOST_MULTIARCH.
Checksums-Sha1:
0e4325fef3bb8ad808a89c81ee089a872a0ce528 2215 glusterfs_3.12.2-1.dsc
561c9bf5aa8fb767dc51fc20a7849c8888a2e5cd 9404275 glusterfs_3.12.2.orig.tar.gz
d1d0084fa38e3b79935b82b7b744c6aedd425b8d 16124 glusterfs_3.12.2-1.debian.tar.xz
00ad99e1b583ae884176b5b1ad317cd8fd8cc52f 32700
glusterfs-client-dbgsym_3.12.2-1_amd64.deb
62879649a6d9619c2149c0dbbaf905cbb549fc49 4335112
glusterfs-client_3.12.2-1_amd64.deb
5d14a50a7cfa23060e9d364695900c4397a8ece6 13426720
glusterfs-common-dbgsym_3.12.2-1_amd64.deb
4d37ddc1a268fe72e9f82222bcc4e2b6e29fe2b1 7326384
glusterfs-common_3.12.2-1_amd64.deb
d5bce9b0e8188707fda86a58e0d304a85f04f086 618044
glusterfs-server-dbgsym_3.12.2-1_amd64.deb
45775a4f3a6bc506f0073488394c6732bde75b9e 4499768
glusterfs-server_3.12.2-1_amd64.deb
527792ad5af723dab53f1c0e302dd7522d49fee0 9907
glusterfs_3.12.2-1_amd64.buildinfo
Checksums-Sha256:
3d351945b45a6a7c404b4cde567fc7b1fd2efdf106cd6392edcace51b45b30fa 2215
glusterfs_3.12.2-1.dsc
6f9fbf8183df9e012a2c95f3ac3fad303443218beef4fd060f4af57c0bdbc069 9404275
glusterfs_3.12.2.orig.tar.gz
5e5326a8a66d68f0d69782e6eff582a79cceee61b08f84189bad5cdad91d9181 16124
glusterfs_3.12.2-1.debian.tar.xz
b1d207e5d877c11c2aaba0e55ce92ec010241bd19f230aeaeb537a55b2c65aa9 32700
glusterfs-client-dbgsym_3.12.2-1_amd64.deb
9206bfd1dc6086158cd88478613b799a10230164dec672c5d191576e30462968 4335112
glusterfs-client_3.12.2-1_amd64.deb
abbea23f7f55602c0dac7a3962a97ea7e555f17ec4d95097fb30055783d14d3a 13426720
glusterfs-common-dbgsym_3.12.2-1_amd64.deb
d8639370b28c642af494f3f8475478522bd58272247aae609d6213155fe5e7e4 7326384
glusterfs-common_3.12.2-1_amd64.deb
1f97a6550ed2ab898c055fa8171ff37f40aa9a89e98c93be0e6cddf870a9fc91 618044
glusterfs-server-dbgsym_3.12.2-1_amd64.deb
9201d96db180304008665c6401d50d3c99b2b50a763904eba20d2c3f1c8c9dfb 4499768
glusterfs-server_3.12.2-1_amd64.deb
82fcd4d4c18baf6f8fec362d3eb65f41d93c58fa40878d08faaebce4e8503c28 9907
glusterfs_3.12.2-1_amd64.buildinfo
Files:
a4cad74aeaa124cd0de2fdf1e10acb82 2215 admin optional glusterfs_3.12.2-1.dsc
5119d330c92f155af7f161a8fa40a942 9404275 admin optional
glusterfs_3.12.2.orig.tar.gz
231641c932d4098d4d1a84fea37f7fb0 16124 admin optional
glusterfs_3.12.2-1.debian.tar.xz
9ba1ae6dd10849730d13491a7aa48cde 32700 debug optional
glusterfs-client-dbgsym_3.12.2-1_amd64.deb
a04ecf17e8405b3bc70ff2f0e40db61a 4335112 admin optional
glusterfs-client_3.12.2-1_amd64.deb
585b89c1b8954130ceee806a6449e246 13426720 debug optional
glusterfs-common-dbgsym_3.12.2-1_amd64.deb
390fdab3a515b01b6105f4465404ee26 7326384 admin optional
glusterfs-common_3.12.2-1_amd64.deb
3e47339cf34418f3455500058a03aac1 618044 debug optional
glusterfs-server-dbgsym_3.12.2-1_amd64.deb
b6b182c42bb0c65d13f47da9ef943487 4499768 admin optional
glusterfs-server_3.12.2-1_amd64.deb
bf5d689d1906eb72e526ce2752903fc9 9907 admin optional
glusterfs_3.12.2-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEWKA9xYJCWk3IuQ4TEtmwSpDL2OQFAloAbkkACgkQEtmwSpDL
2OSCWg//QzqEJrH5NfkpcaUP33dedwmegEIAbGYJkNTIQdXkyZLiGYNu2d4LwLxU
BSCCaGAsd2zbxXEA7pzGH9WEbmEPeqSFDYmzayO5yzzRNg5xmfBypkcovwP66ekI
t/DLOa7N2varbmKU39KJcW1B54P/syiVm+MtT+ncd7RrTdp9FZMQDdb9yboMdOOu
y9z+shAqBCLD1rnSNLY4t7u0C2wys+aNcMyhOfVmPIOF/nkErI49HAOXXB91E52+
jqLjAiaXs3ot1ePem4INH+i84txUnHnvvOPx3lQlbAXfRNEHFaStrORMRCYE3GjH
QmUciEotcYn7IVWwYGOY3QSrOf7vC8RodxB4aVH+VLG0pd9sGkMvPUhrlpAy7B6Z
hPpUzNUQchTtKJ3qYAoB2pYY4onqRpLdeHCVi0rCB2YjTt57ocjjJUuRGI47zc5/
cFJPYlJky7VY7S02I2wypoBEzFL3SR38jGwKPieiFswVw4iUu6mpDFLowF8b1PhL
tmaVntRdcihTMgtVViRXkZaRr2IgvPx7CRlQJH6o40pkcNV/DlW7uaTsDjyOqISs
mTsNKmBlXj1PqV4IlhdIC03m0VoqJxee1Sw1Y4I+28MWxzqOaOFT0Ev62IOiw/Qg
WsM3+F9hdzokrJeR0b6HCD3Qir4oXPZt/2RdzCo7ZtQXYcWBYHc=
=pQCz
-----END PGP SIGNATURE-----
--- End Message ---
