Your message dated Sun, 19 Nov 2017 22:47:40 +0000
with message-id <[email protected]>
and subject line Bug#880621: fixed in liblouis 2.5.3-3+deb8u1
has caused the Debian Bug report #880621,
regarding liblouis: CVE-2014-8184: stack-based buffer overflow in findTable()
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
880621: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880621
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: liblouis
Version: 2.5.1-1
Severity: important
Tags: patch security upstream fixed-upstream
Control: fixed -1 2.6.2-1

Hi,

the following vulnerability was published for liblouis. The issue is
actually already fixed upstream quite a while ago, see the references.
The purpose of this bug is to try to be able to track an isolated fix
for jessie (Think this can go via a point release)

CVE-2014-8184[0]:
stack-based buffer overflow in findTable()

It as reported first at [1], see [2] which contains as well the
isolated patch which was applied by Red Hat.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2014-8184
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8184
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1492701
[2] https://github.com/liblouis/liblouis/issues/425

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: liblouis
Source-Version: 2.5.3-3+deb8u1

We believe that the bug you reported is fixed in the latest version of
liblouis, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Samuel Thibault <[email protected]> (supplier of updated liblouis package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 03 Nov 2017 01:14:02 +0100
Source: liblouis
Binary: liblouis-dev liblouis2 liblouis-data liblouis-bin python-louis 
python3-louis
Architecture: source all amd64
Version: 2.5.3-3+deb8u1
Distribution: jessie
Urgency: medium
Maintainer: Debian Accessibility Team <[email protected]>
Changed-By: Samuel Thibault <[email protected]>
Description:
 liblouis-bin - Braille translation library - utilities
 liblouis-data - Braille translation library - data
 liblouis-dev - Braille translation library - static libs and headers
 liblouis2  - Braille translation library - shared libs
 python-louis - Python bindings for liblouis
 python3-louis - Python bindings for liblouis
Closes: 880621
Changes:
 liblouis (2.5.3-3+deb8u1) jessie; urgency=medium
 .
   * Apply RedHat's patch to fix CVE-2014-8184 (Closes: Bug#880621).
   * Fix RedHat's patch.
Checksums-Sha1:
 241a91dd8270f6724a08dceea3cd70d090f2cdeb 2387 liblouis_2.5.3-3+deb8u1.dsc
 a11e60244e9c5d3235d26343e2debe4edbde679a 7956 
liblouis_2.5.3-3+deb8u1.debian.tar.xz
 76f112c0b66a5906704da23a483a503aa2c0b5c6 1025806 
liblouis-data_2.5.3-3+deb8u1_all.deb
 b5150c3b856c0a2b009fd5acf1664adaeffbcef8 22524 
python-louis_2.5.3-3+deb8u1_all.deb
 2fb4d1aea9563d3a6d02ac55b8b40591bd8f863a 22580 
python3-louis_2.5.3-3+deb8u1_all.deb
 c725f1d7df667021cbb869e4b174512c1480fc7c 183992 
liblouis-dev_2.5.3-3+deb8u1_amd64.deb
 d9214230c16e1a16202d1d68da74fa1d8eedcd56 70358 
liblouis2_2.5.3-3+deb8u1_amd64.deb
 d83accd607397c33d5257b83d033348dd6b92e62 40452 
liblouis-bin_2.5.3-3+deb8u1_amd64.deb
Checksums-Sha256:
 595e8a8833f00b4d5145956deb231331d59fca65d4aea4d49dcf497c7fa60fd9 2387 
liblouis_2.5.3-3+deb8u1.dsc
 2dac733047c6fafe01800c23ac9fda9ff3f83c31c2e2351a7396767b60bd5e89 7956 
liblouis_2.5.3-3+deb8u1.debian.tar.xz
 b573f432b7764106d9801a252bd032f6162108edceb2f86e24edd0cc4b97a33d 1025806 
liblouis-data_2.5.3-3+deb8u1_all.deb
 52dc1450b86afc8865bb7dd44445a1160b4de993e8d85ed669c8dde39de93161 22524 
python-louis_2.5.3-3+deb8u1_all.deb
 0c48c4ba4480577451e6919bc4ace3a77d2a896c7ea293c8faf7ee831d2b6381 22580 
python3-louis_2.5.3-3+deb8u1_all.deb
 99944a5de3e22b066e39c0380595f3d97c0a85c575df2ec57f5a94e9a45e7ccb 183992 
liblouis-dev_2.5.3-3+deb8u1_amd64.deb
 534b9835d714125fb43cae49d093c406fcbea31138270211e1d8edbc511d40b3 70358 
liblouis2_2.5.3-3+deb8u1_amd64.deb
 5816a9f2a9928da1a786acb7b04da9ccec3d5f5f30edf677b2e63d08f45c26d0 40452 
liblouis-bin_2.5.3-3+deb8u1_amd64.deb
Files:
 1deae7f246062072d0402886388d02f9 2387 libs extra liblouis_2.5.3-3+deb8u1.dsc
 22ff0e164e43769ea60d5e499aa4ba56 7956 libs extra 
liblouis_2.5.3-3+deb8u1.debian.tar.xz
 9bf6ce44f9ef24185514338a17f93cad 1025806 text extra 
liblouis-data_2.5.3-3+deb8u1_all.deb
 b899c0f923ae9155859facafc86e30e1 22524 python extra 
python-louis_2.5.3-3+deb8u1_all.deb
 3f046a5937c834ede840e0de07ffd60f 22580 python extra 
python3-louis_2.5.3-3+deb8u1_all.deb
 c9054e6a550636ee285d4fdbc691455c 183992 libdevel extra 
liblouis-dev_2.5.3-3+deb8u1_amd64.deb
 04a4a8e11f0aae5bd1b1a1a5eed90086 70358 libs extra 
liblouis2_2.5.3-3+deb8u1_amd64.deb
 1d7c978d07724811a0fb5f4e4fc0a083 40452 text extra 
liblouis-bin_2.5.3-3+deb8u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEErr90SPq5RTpFUjkOsKUb9YyRecUFAloRgCkACgkQsKUb9YyR
ecU3Vg//bTBObAXU5Urod/04r2lMcBcU+shNQ2quWNljW5LzBEcchNrh8ytmVVFj
D4cflwY/0CNu89wlssBSe54tpTnjC502oFT20BIXFGQmRgiDDsDHKeihn64Ogmti
96mmO8GU54rSv37lGnEfC91eaF1kd+Gn6gGzWi3+QGeUXJp+URF1XQ422FsuyzRp
xp79qMRK450vRCkxHsq4DOrjxgmpPhkD3s5usbeaWzqNx3S1c4kgmt5E7U4rPMlW
/eHxGqpYMs33lHDDnlNuf0xjKfb0rKps9R5wnAdkZPPgISpECJfjf7Za+ppB8ApQ
aycEqN0FZibuFtw18gRhzYqLNSplp5wpGtbXwjTDWvRTDZjcPUVCUUCvaxOsSH/B
8yKWcAvg39wZBqCRbV7G6qe+Yqpxi/yGJed6SxcHvv74w3JK0IwLKRYJs2kKgW0P
+mK6ACHpOWSg12ylFg7gE14zkRQ9bznFDvurFiRQA3+GzfFj7Ucs8aTJipifSEL5
Ii8Ac+DIUpWHex6+uvEB63f/k0k4ZQrOYBgFHcWE4YSVF9x5q8Gd4YuCE/T1ixZ2
UvQLTG3ylUXdiygxUp0UJr7NgVRV8gqI8FTn0eE+MHk2V90WdTAt6rJNMXKBtEOS
gXof0ip6rS5EAn7TlnBvSigQ21lfRHSvnZbl41xaqAcJzPejxdw=
=a4yQ
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to