Your message dated Wed, 24 Oct 2018 01:34:15 +0000
with message-id <[email protected]>
and subject line Bug#911637: fixed in libmspack 0.8-1
has caused the Debian Bug report #911637,
regarding libmspack: CVE-2018-18585: Avoid returning CHM file entries that are
"blank" because they have embedded null bytes
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
911637: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911637
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libmspack
Version: 0.5-1
Severity: important
Tags: patch security upstream
Control: found -1 0.5-1+deb9u2
Control: found -1 0.7-1
>From https://www.openwall.com/lists/oss-security/2018/10/22/1
> libmspack now also rejects blank CHM filenames that are blank because
> they have embedded null bytes, not just because they are zero-length
https://github.com/kyz/libmspack/commit/8759da8db6ec9e866cb8eb143313f397f925bb4f
CVE not yet assigned for this issue.
Regards,
Salvatore
-- System Information:
Debian Release: buster/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 4.18.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Source: libmspack
Source-Version: 0.8-1
We believe that the bug you reported is fixed in the latest version of
libmspack, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Marc Dequènes (Duck) <[email protected]> (supplier of updated libmspack package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 24 Oct 2018 10:03:13 +0900
Source: libmspack
Binary: libmspack0 libmspack-dev libmspack-doc
Architecture: source amd64 all
Version: 0.8-1
Distribution: unstable
Urgency: medium
Maintainer: Marc Dequènes (Duck) <[email protected]>
Changed-By: Marc Dequènes (Duck) <[email protected]>
Description:
libmspack-dev - library for Microsoft compression formats (development files)
libmspack-doc - library for Microsoft compression formats (documentation)
libmspack0 - library for Microsoft compression formats (shared library)
Closes: 911637 911639 911640
Changes:
libmspack (0.8-1) unstable; urgency=medium
.
* New upstream release:
+ CVE-2018-18585 (Closes: #911637)
+ CVE-2018-18584 (Closes: #911640)
+ CVE-2018-18586 (Closes: #911639)
Checksums-Sha1:
451257a0dc726672b88ea37a881a77ab1c749d86 2012 libmspack_0.8-1.dsc
43b01cb13f70ad3a273ab4edbe7a7298b35dd59e 488869 libmspack_0.8.orig.tar.gz
93c82f4502677f2bdacf2026e6e86426bacce1b6 3328 libmspack_0.8-1.debian.tar.xz
611a9600c776da89158bb64acc62a8d7f905e334 66600 libmspack-dev_0.8-1_amd64.deb
dfa1ecfbd448809ba6a47b9d8aad360d93a4cab8 329376 libmspack-doc_0.8-1_all.deb
3fa5b5b0d0000d1d49e924dac0c2e2000375d371 98644
libmspack0-dbgsym_0.8-1_amd64.deb
395a3bdfbe93870500c53e69106698731b6f6950 48204 libmspack0_0.8-1_amd64.deb
7bdc9e6cb29a131ba9e6a60b3ee49f206d92993d 7805 libmspack_0.8-1_amd64.buildinfo
Checksums-Sha256:
6e97b6a49db065d76e9c27cc329af48230d7bd7e03903b087f7be5973db7b573 2012
libmspack_0.8-1.dsc
0533792e9561375a5fce1bc96bbc65ec778af486e0daa3803b226da9244addaf 488869
libmspack_0.8.orig.tar.gz
1779726c5bfd7c8b882d7e4abf755800b5bc4aea118a69a79bf7b958e55fddc4 3328
libmspack_0.8-1.debian.tar.xz
726561bda64248dee539ea7ced7e080e3d4eaa37430c310482a508bd7c339ada 66600
libmspack-dev_0.8-1_amd64.deb
897a7051fb914c41da4b965304b2be7794b6198181231a0fe68fdc68b97d9044 329376
libmspack-doc_0.8-1_all.deb
a1f155e392259cea8b96f63b99aee8b625cbeca1006eb3b3e6fb6d7e1b3a764a 98644
libmspack0-dbgsym_0.8-1_amd64.deb
f7a911bf784a615ca7f2dcd6e241c0991ac5ddfff2037da1cd0639c01833bffd 48204
libmspack0_0.8-1_amd64.deb
09049f9e7feb52f66360b4248de9e4ea5d4480a53ec679847f9c5965ff5e1a17 7805
libmspack_0.8-1_amd64.buildinfo
Files:
3051a7d4d60a415efed41ccad9a34d3b 2012 libs optional libmspack_0.8-1.dsc
be4ed61868c6c1ecc173b678ce3459be 488869 libs optional libmspack_0.8.orig.tar.gz
20f03bdf943dccb67c78c793d1f0f3be 3328 libs optional
libmspack_0.8-1.debian.tar.xz
9aeeee08c49881c346e1d0cafc19df28 66600 libdevel optional
libmspack-dev_0.8-1_amd64.deb
d339bc7d06d0e5603ca37c9e8955f1b0 329376 doc optional
libmspack-doc_0.8-1_all.deb
6cb61ede4edabf038d43cfeb35b9bb2a 98644 debug optional
libmspack0-dbgsym_0.8-1_amd64.deb
57cb3a2a5429df5d8bbfc0405fac356a 48204 libs optional libmspack0_0.8-1_amd64.deb
6bf5b76fae5b041b834a809fe97ecea2 7805 libs optional
libmspack_0.8-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEcpcqg+UmRT3yiF+BVen596wcRD8FAlvPx5EACgkQVen596wc
RD+NMA//c8riD79aK9TMMzLGuiaQMfQaALjxydo2cJEYMw8uT6jKdI7z7aGJxAV5
3/FI8RbOlDJZnfMa0ouR8J4ulh16Ug59Pwt32de8ewHY0R5z702nttShcbKcXc1t
8uJy9VxMb/zdBVBZbOTc1FKAEqc8fgT9J0aynSokVGVG9CSMVzxWqwbJ6C2G9Z8+
A8j4NmkuTmHtIWeRrE5JzRb1dz2lcxwTpN9Co2J9EEp1mb2I2RGIxzz+ORBYuo6y
9aZsItoHgEN4GBqDyNLUeTb4OFqDnToMxhhgRRycsoruAdFk2416N1LhWuuKLCSH
Gei7bg7cmMEhLi5yHPsnzCdSS6iebtli7PZCCKiqWf11InovXE7S+yEeAzOe5DGF
Tl7K3WSy1sK6nXx4Ano5Vc6gsW3aRvfkKZG/+8A0hnEM+oSuXRBqJooWcXoJo28Y
U1TU66TXMj7lGvCek4+fs/Pzj7Uh1zY8fZ6aFU7aKKh/IbO1m+oGIe/GiNM5YpPu
8zF63o+C2vx6i9bV24yYyD7FwezqQrY+kMPpTwaAJehyb28HveCh0+g5j45E34eL
GfoZaa0vbED+iL5PpSE70SYZGFZ2LBqSmfMUQxI683GUpJyNKr/9QNc7i0EbGW4q
jz63tXtG8+dMufbpf8uGicmDaOy9fhVW6jJNnEf4ep/O89YdrAA=
=kh/S
-----END PGP SIGNATURE-----
--- End Message ---
