Your message dated Sun, 03 Dec 2017 15:17:29 +0000
with message-id <[email protected]>
and subject line Bug#877442: fixed in libofx 1:0.9.10-1+deb8u1
has caused the Debian Bug report #877442,
regarding libofx: CVE-2017-14731
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
877442: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877442
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libofx
Version: 1:0.9.11-4
Severity: important
Tags: security upstream
Forwarded: https://github.com/libofx/libofx/issues/10
Hi,
the following vulnerability was published for libofx.
CVE-2017-14731[0]:
| ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote
| attackers to cause a denial of service (heap-based buffer over-read and
| application crash) via a crafted file, as demonstrated by an ofxdump
| call.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-14731
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14731
[1] https://github.com/libofx/libofx/issues/10
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libofx
Source-Version: 1:0.9.10-1+deb8u1
We believe that the bug you reported is fixed in the latest version of
libofx, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Dylan Aïssi <[email protected]> (supplier of updated libofx package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 19 Nov 2017 14:05:37 +0100
Source: libofx
Binary: libofx6 libofx-dev libofx6-dbg libofx-doc ofx
Architecture: source amd64 all
Version: 1:0.9.10-1+deb8u1
Distribution: jessie
Urgency: medium
Maintainer: Sébastien Villemot <[email protected]>
Changed-By: Dylan Aïssi <[email protected]>
Description:
libofx-dev - development package for libofx6
libofx-doc - documentation for libofx4
libofx6 - library to support the Open Financial Exchange format
libofx6-dbg - debugging symbols for libofx6
ofx - Open Financial Exchange programs
Closes: 875801 877442
Changes:
libofx (1:0.9.10-1+deb8u1) jessie; urgency=medium
.
* Add upstream patches to fix:
- CVE-2017-2816 (Closes: #875801).
- CVE-2017-14731 (Closes: #877442).
Checksums-Sha1:
f52de6067d394698a3b64063ddca83bd9fac13e9 2191 libofx_0.9.10-1+deb8u1.dsc
c7e47dd0e0c950aae9f95b4a5265fe21c4ea2e90 45292
libofx_0.9.10-1+deb8u1.debian.tar.xz
239468856900e66d891b3fd8df967674f2e318fc 146856
libofx6_0.9.10-1+deb8u1_amd64.deb
00ea82a978ac41cce5bacd2f4531d61e3474990d 113130
libofx-dev_0.9.10-1+deb8u1_amd64.deb
e36d0e4fd87089c5d21f0cb1ef44402cb08c2fdb 869090
libofx6-dbg_0.9.10-1+deb8u1_amd64.deb
2ae011a8d8045a1de6e18f2f833527a9ddcfec00 341196
libofx-doc_0.9.10-1+deb8u1_all.deb
49b85d8042d1d170f67512369b9d103703894b5a 57132 ofx_0.9.10-1+deb8u1_amd64.deb
Checksums-Sha256:
5e48b037c9cda2c0f606c5a421d528c168bcb0fc410af1f55f8571753caf4251 2191
libofx_0.9.10-1+deb8u1.dsc
e004823347d5f628c7dbeec05ebfab27c5406139df65e0d453ada0fd019aa511 45292
libofx_0.9.10-1+deb8u1.debian.tar.xz
62a52f51e823cdce7c7551deb862013627f7877b5a0dbef669aa863d441618d7 146856
libofx6_0.9.10-1+deb8u1_amd64.deb
bffc44a4af9187145f5af789eae873d9f0afdd2ffeab45d2277aada70b5c829f 113130
libofx-dev_0.9.10-1+deb8u1_amd64.deb
13a7c5dbbcfff20cb577e15e26e83f52c9505573b42d08296671ce23d7e95f08 869090
libofx6-dbg_0.9.10-1+deb8u1_amd64.deb
b3d38edb2cb759f415c825d93e9a9d03ea0357dd162a701869cf756ff0e431df 341196
libofx-doc_0.9.10-1+deb8u1_all.deb
29b51bedf85f07c59c6d9ec5d2c4538b4ad784df5459af53553e8d717d378e4c 57132
ofx_0.9.10-1+deb8u1_amd64.deb
Files:
2548def42409c560add3daead98a6160 2191 libs optional libofx_0.9.10-1+deb8u1.dsc
abc9bff108a3ded27710fb3960659875 45292 libs optional
libofx_0.9.10-1+deb8u1.debian.tar.xz
59a4b60827ee6da31280cdaeda5339e2 146856 libs optional
libofx6_0.9.10-1+deb8u1_amd64.deb
f462c44eb1cfc724e951c8a6f0295b5d 113130 libdevel optional
libofx-dev_0.9.10-1+deb8u1_amd64.deb
a406f953ec9143478d542a2881a8b96e 869090 debug extra
libofx6-dbg_0.9.10-1+deb8u1_amd64.deb
596b7b160b2cfdddcdb61fedad33af13 341196 doc optional
libofx-doc_0.9.10-1+deb8u1_all.deb
886a16acbe64c78cda37a8ee86c53123 57132 libs optional
ofx_0.9.10-1+deb8u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQJJBAEBCgAzFiEEmjwHvQbeL0FugTpdYS7xYT4FD1QFAlojKdUVHGJvYi5keWJp
YW5AZ21haWwuY29tAAoJEGEu8WE+BQ9U2BUP/ijzus7ZypVhNf1kI0SG+8r73CT8
GpWN3hdsO4PmMgM9BWexBF+U6JEIJ9wypLe83k1nEw/dSWl/1lbcdAIBm+CpzhWY
iwlUeg237pIKt8W+CqKqcARjVfLk3j+ERf8EfxzcNfzldyhr3yyNGwGu464JiVPR
y5Lr0m/3xLcJVTn3b38eE/QaNMhYPEF5A1qFkub+mH4laQ4BW8AHmPhqdoB1qYlL
iQ7mQ+DXhGNIJRCaotMs028jnj8hHOY7VtBICyTKus2k5OHTJ10JW9drPsoYB5hp
RgZuylMIx3DOVXnFYWcaDBfueoPs0DOSFFwrRQfnq7jMvgMc28IemZ6sNUfj0lZ/
3Hh0Xt86zEfxaxTnxiVgY/M3s2N7WHiGjdoumarSfVRjfRKnuH4c4Sz5vD1qmaOg
c4fIkLZt1rTuUuwn775CUsqz50NXkxwaKeg2gSRWNUVeg69868crY2juTEb+lc8M
B5BD+WEWGoP4Fv6xobfE88f6tG/Z1jTvpYtblBLm0VpOAuMNOgwaesoyaEaAiww4
xtWGXif/LcRVerPbjAXC3kJFu4ZEkn6ZaW+d/Vq031HqSnZGTgWEOvUCTBvvqCoS
FtLewoLAMd1c3qtnGt0FOm1ZrC/d7D1/azV7CiTQhsYgMNGJdRsmK8gZdGMTQOJ+
WXY7Kwbn8sGayQVC
=lJ+F
-----END PGP SIGNATURE-----
--- End Message ---
