Bug#917214: marked as done (libextractor: CVE-2018-20430)

Thu, 27 Dec 2018 11:09:24 -0800 

Your message dated Thu, 27 Dec 2018 19:04:34 +0000
with message-id <[email protected]>
and subject line Bug#917214: fixed in libextractor 1:1.8-2
has caused the Debian Bug report #917214,
regarding libextractor: CVE-2018-20430
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
917214: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917214
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: libextractor
Version: 1:1.8-1
Severity: important
Tags: patch security upstream
Forwarded: https://gnunet.org/bugs/view.php?id=5493

Hi,

The following vulnerability was published for libextractor.

CVE-2018-20430[0]:
| GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in
| the function history_extract() in plugins/ole2_extractor.c, related to
| EXTRACTOR_common_convert_to_utf8 in common/convert.c.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-20430
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20430
[1] https://gnunet.org/bugs/view.php?id=5493
[2] 
https://gnunet.org/git/libextractor.git/commit/?id=b405d707b36e0654900cba78e89f49779efea110

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: libextractor
Source-Version: 1:1.8-2

We believe that the bug you reported is fixed in the latest version of
libextractor, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bertrand Marc <[email protected]> (supplier of updated libextractor package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 27 Dec 2018 19:45:49 +0100
Source: libextractor
Binary: libextractor3 libextractor-dev extract
Architecture: source amd64
Version: 1:1.8-2
Distribution: unstable
Urgency: high
Maintainer: Bertrand Marc <[email protected]>
Changed-By: Bertrand Marc <[email protected]>
Description:
 extract    - displays meta-data from files of arbitrary type
 libextractor-dev - extracts meta-data from files of arbitrary type 
(development)
 libextractor3 - extracts meta-data from files of arbitrary type (library)
Closes: 917213 917214
Changes:
 libextractor (1:1.8-2) unstable; urgency=high
 .
   * Fix out-of-bounds read vulnerability in common/convert.c (Closes: #917214,
     CVE-2018-20430).
   * Fix NULL pointer dereference in OLE2 extractor (Closes: #917213,
     CVE-2018-20431).
   * Standards-version: 4.3.0, no changes needed.
Checksums-Sha1:
 80179590f39213ed7fa612598cc422cb9c5d34cf 2435 libextractor_1.8-2.dsc
 35861ac78dfc8725c96a1e5780832ccea4b20d4f 16992 libextractor_1.8-2.debian.tar.xz
 bfbfb35100a980469e6558a2b4df4ef240ee3b21 26596 extract-dbgsym_1.8-2_amd64.deb
 04695fe72cd34b3b9f2db751ccf2c9e554ec3ae1 112220 extract_1.8-2_amd64.deb
 63835463d30cd536a88719a37738bd184c46d5af 27520 libextractor-dev_1.8-2_amd64.deb
 c0997f886c25250f8bf4753ce2b0bcf213fe2145 603900 
libextractor3-dbgsym_1.8-2_amd64.deb
 b800b130a578ea0781b2b33089caae8272413aae 113532 libextractor3_1.8-2_amd64.deb
 55a0dd5439828a9fe81372fe1effbaa5db049569 18553 
libextractor_1.8-2_amd64.buildinfo
Checksums-Sha256:
 4948f68a7edb85d475e98db3881b4025171de95692fe4505093ccec5f12ccef0 2435 
libextractor_1.8-2.dsc
 0c5034787e1f5e10828948d4ca170b287d50c031e87214e8bb25650fa1182e78 16992 
libextractor_1.8-2.debian.tar.xz
 15c90942d298fb5477364eb45f6a8f1db27c87bcdbf5f62fbeee493d3422c8ca 26596 
extract-dbgsym_1.8-2_amd64.deb
 d572a900deeefa08d01f0456d735d034e7968c32916a230ecfbc448865002d88 112220 
extract_1.8-2_amd64.deb
 b21f31b6c08ab39b8f491bfa9699b523f6d340337e56ca76d1fe4d8d11677915 27520 
libextractor-dev_1.8-2_amd64.deb
 a3f9c82e5e3bff689593a545cc792db214375afc187a2a5771783c281ed244c1 603900 
libextractor3-dbgsym_1.8-2_amd64.deb
 fc6014b9cf1f3c0ad27af9ae3692208c6543f05f7f553f4fbe8ee644da090349 113532 
libextractor3_1.8-2_amd64.deb
 748f0193c9e65f8cbab157742f06937258a960acc03f571fa763b92dfda0540e 18553 
libextractor_1.8-2_amd64.buildinfo
Files:
 b9d6a4ce5f00b5cce2b911b020d50108 2435 libs optional libextractor_1.8-2.dsc
 cb9d34337181b0aa433cd0086f6cc8a6 16992 libs optional 
libextractor_1.8-2.debian.tar.xz
 4203ddb7c445f79096a74aae37f089e6 26596 debug optional 
extract-dbgsym_1.8-2_amd64.deb
 d3413ad6501401d17aeabebed593dad0 112220 utils optional extract_1.8-2_amd64.deb
 661f84441f6d08798f8e2e3bb1973915 27520 libdevel optional 
libextractor-dev_1.8-2_amd64.deb
 debe1bcd8b630dd2f5540e5409ae88e9 603900 debug optional 
libextractor3-dbgsym_1.8-2_amd64.deb
 700e2da375198db6617714d23192be1d 113532 libs optional 
libextractor3_1.8-2_amd64.deb
 5f9d5a147d47743615c73d56a73f375a 18553 libs optional 
libextractor_1.8-2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCAAvFiEEKUUr1GPOZwMj0JuIoEqzutviY+4FAlwlH0ERHGJtYXJjQGRl
Ymlhbi5vcmcACgkQoEqzutviY+5bAg/8ClKRPu4v5aFtEotuIgy2Ca2DMHGhnD9i
x5OhRglBLqWPBJQrfxuxBjcbzsjWUXOokBW8XoHX0uED0DxRfg7TVoCbWd8Awx3K
0EKmxAyth7aFDiN4E1DzOtFKQb+LQowWu6IjIK5CItQpJxOX6QnTj3DQ0LjS7nTw
uCRfiZ5ojd7rt9lX8apulGYkSDXdPRTtdWbNqkMp52WB8ciLMyXmxNVp5J0TuLz4
pAkVz+WP8FkGEX0fWZoVWWkJl7gxau1ercSDTwTHAyT+bsZyW7t3a9x0Jr8soofN
M3W8bpJhHA/s2lEQNNjKsQiiW5+nLdOb+6H2YWYVmoch/8b+6r1DA/t+oU0o4K65
Z+gw7aWXtJ1twP1Y3CpvOIOMPTcS0IqmZv8beGWeBXMwh8b6amfzaWD8eTxiMN/r
g+6+YEta9oDtfNToH6EX6xgBipCx6uaZ0X/FuJeFOY5CgsDig3DEouqzuiYu5f8z
QiEpVwBgl4qQofvsJ4wq3d6sx8YLZQRRV6V+RHyFEDMG7noUtKuNAfsOx5cL9Wpr
T/G9eju87mQxz7IFbl0Q/h34LiqXv5P3iOa4C+jwFcvuqgc/4tLH4IQN38cvNyCA
loj5S3eKitXv1ao0luDioURXa5Bs1GtODfuFeDbMefXWDGZu/z86MAd39TGyCgdP
MmbmaSge5KA=
=HLxJ
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to