Your message dated Tue, 12 Jun 2018 22:02:08 +0000
with message-id <[email protected]>
and subject line Bug#897695: fixed in blktrace 1.1.0-2+deb9u1
has caused the Debian Bug report #897695,
regarding blktrace: CVE-2018-10689: Buffer overflow in the dev_map_read function
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
897695: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897695
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: blktrace
Version: 1.0.5-1
Severity: normal
Tags: patch security upstream
Forwarded: https://www.spinics.net/lists/linux-btrace/msg00847.html
Hi,
The following vulnerability was published for blktrace.
CVE-2018-10689[0]:
| blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel
| and Android, has a buffer overflow in the dev_map_read function in
| btt/devmap.c because the device and devno arrays are too small, as
| demonstrated by an invalid free when using the btt program with a
| crafted file.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-10689
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10689
[1] https://www.spinics.net/lists/linux-btrace/msg00847.html
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: blktrace
Source-Version: 1.1.0-2+deb9u1
We believe that the bug you reported is fixed in the latest version of
blktrace, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bas Zoetekouw <[email protected]> (supplier of updated blktrace package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 16 May 2018 16:19:54 +0200
Source: blktrace
Binary: blktrace
Architecture: source
Version: 1.1.0-2+deb9u1
Distribution: stretch
Urgency: high
Maintainer: Bas Zoetekouw <[email protected]>
Changed-By: Bas Zoetekouw <[email protected]>
Description:
blktrace - utilities for block layer IO tracing
Closes: 897695
Changes:
blktrace (1.1.0-2+deb9u1) stretch; urgency=high
.
* Fix buffer overflow in btt (CVE-2018-10689) (Closes: #897695)
Checksums-Sha1:
41e662c38f898d015c4bf29b92022fa87acbabbb 2006 blktrace_1.1.0-2+deb9u1.dsc
4df8285a6591a8c4fb557ab1d1891dc879a1d4b2 13176
blktrace_1.1.0-2+deb9u1.debian.tar.xz
952625316c0b40a2ddda274df4dfe2aba200ed91 9233
blktrace_1.1.0-2+deb9u1_amd64.buildinfo
Checksums-Sha256:
31bd1930d8a77d4129686b52edc6e38b28dcd28cd695cce533a982ea0d9a3942 2006
blktrace_1.1.0-2+deb9u1.dsc
3e54fca984228650080870c545698c2d9933ca087f3266ae6d92147d4b898e31 13176
blktrace_1.1.0-2+deb9u1.debian.tar.xz
cf51b0fbbbf9cdd969ff60f64965f311854eafd1b07c4cb254dd8143856746a7 9233
blktrace_1.1.0-2+deb9u1_amd64.buildinfo
Files:
c0ba6eaf0f6790ba78fd8a72c0a07864 2006 utils extra blktrace_1.1.0-2+deb9u1.dsc
1b59bca64096cb25f0e30fd4c42b5b6b 13176 utils extra
blktrace_1.1.0-2+deb9u1.debian.tar.xz
e74bdf745bfbecbfdb985cbf4ab69a60 9233 utils extra
blktrace_1.1.0-2+deb9u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJDBAEBCgAtFiEEghC4pFfxxgR8lpr/0YOlF7+pjeYFAlseNj4PHGJhc0BkZWJp
YW4ub3JnAAoJENGDpRe/qY3m6WkP/jAHD5kb3+Zq1vWtLA9k4ti7L3BwaNYWZQWj
gA6oiBqbIYge+rSFgIOELvIpO2T6Djq9YCYNcNd6CNWXUy8nsnwU2ONvBoNbj4pb
GpbK8gpcnBQSvT+28fn/QJsSYD7ezNAQqrTzZvprRsh8eMMCcJbQdcmChltxILvw
NUoeuF16Wa6vd4/kMUisDwipgkUXhczisUGqocW8WqyFZHB9xuVvWh/BM1KKbnBP
ynRM1DxGv1J2Og0I6mOwRvgIPfpSgds42NhgBHlJrO+ly2CQFb5epmVQPXUXT+Ct
zykLuTkDNaj9HgEquWrsA2d1Sa0KQ3PtTPuHB9ctP/yiBfQTnC+BN2DHZdcAJ0hn
4nbS2hfxYMoJWiLCJZec7VY8wVkg43SN6hHQu8LDyO22cuT+Y9+4LViobcTIoonR
U7OVpQxhhLUfeN76gQ0/H1uuLfaM7TNTIsYyFYrUxWqH3vMxUNXe3KM8NWQYcO7N
trCvQsl84FmlqeMUEfdqFWqOJ8bltWRavBOExz9JTGY0kYh7Hsa+dkVWm2D9+xO5
Yon/FKb2yKGPPrAxknjUmX9wMpwVEdT4j7b3Dx66ggRb8z3HSPSGyQan9quYIA7h
XDRt/cW/GWXUCTl6jcbq6jJajXAwmW+kb3FuUvATp670yS9ysfPhaY8Jywfeb6IG
DYF9h+Tf
=JZkX
-----END PGP SIGNATURE-----
--- End Message ---
