Your message dated Thu, 03 Jan 2019 21:47:11 +0000
with message-id <[email protected]>
and subject line Bug#917213: fixed in libextractor 1:1.3-4+deb9u3
has caused the Debian Bug report #917213,
regarding libextractor: CVE-2018-20431
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
917213: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917213
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libextractor
Version: 1:1.8-1
Severity: important
Tags: patch security upstream
Forwarded: https://gnunet.org/bugs/view.php?id=5494
Hi,
The following vulnerability was published for libextractor.
CVE-2018-20431[0]:
| GNU Libextractor through 1.8 has a NULL Pointer Dereference
| vulnerability in the function process_metadata() in
| plugins/ole2_extractor.c.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-20431
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20431
[1] https://gnunet.org/bugs/view.php?id=5494
[2]
https://gnunet.org/git/libextractor.git/commit/?id=489c4a540bb2c4744471441425b8932b97a153e7
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libextractor
Source-Version: 1:1.3-4+deb9u3
We believe that the bug you reported is fixed in the latest version of
libextractor, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bertrand Marc <[email protected]> (supplier of updated libextractor package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 27 Dec 2018 21:52:52 +0100
Source: libextractor
Binary: libextractor3 libextractor-dbg libextractor-dev extract
Architecture: source amd64
Version: 1:1.3-4+deb9u3
Distribution: stretch-security
Urgency: high
Maintainer: Bertrand Marc <[email protected]>
Changed-By: Bertrand Marc <[email protected]>
Description:
extract - displays meta-data from files of arbitrary type
libextractor-dbg - extracts meta-data from files of arbitrary type (debug)
libextractor-dev - extracts meta-data from files of arbitrary type
(development)
libextractor3 - extracts meta-data from files of arbitrary type (library)
Closes: 917213 917214
Changes:
libextractor (1:1.3-4+deb9u3) stretch-security; urgency=high
.
* Fix out-of-bounds read vulnerability in common/convert.c (Closes: #917214,
CVE-2018-20430).
* Fix NULL pointer dereference in OLE2 extractor (Closes: #917213,
CVE-2018-20431).
Checksums-Sha1:
b3f79c3d19ab2ad5d7c971c5ff34194e3f76cfe8 2571 libextractor_1.3-4+deb9u3.dsc
3e266ef0023e59e8306af045fc126faaa3a63ba8 20016
libextractor_1.3-4+deb9u3.debian.tar.xz
ce4bbf963c79a9c8039ae2db2a1fb6865211edcd 91034 extract_1.3-4+deb9u3_amd64.deb
38f16b88cc9d68cb4ba8725da37ce18438fc07bc 553178
libextractor-dbg_1.3-4+deb9u3_amd64.deb
833c8d499b55301c22cc50c65c45c887334c6b11 26258
libextractor-dev_1.3-4+deb9u3_amd64.deb
c160ddb3f72648d3fd487e083f357b92eb8a616f 112212
libextractor3_1.3-4+deb9u3_amd64.deb
4563768acdae6e45abc78a1f0c8d0298765da3cf 17998
libextractor_1.3-4+deb9u3_amd64.buildinfo
Checksums-Sha256:
19735a7cf2e06047132804ba697a20ff5dafe7a913c4ab89020b341ef9d78920 2571
libextractor_1.3-4+deb9u3.dsc
b44ded6ffb5ef94eab2a8ac1f62f9dc5f90f6ccdf2c5e05b91d5c4f1fb632b41 20016
libextractor_1.3-4+deb9u3.debian.tar.xz
df36789b312578035fd9e1b32f7f65cdc075d7a4f8ed89e7cf96a66987908407 91034
extract_1.3-4+deb9u3_amd64.deb
c8b2e7a744641301b1bcb89a3cf9b5bf0191482306353e7928a90b009d981ad5 553178
libextractor-dbg_1.3-4+deb9u3_amd64.deb
4f4cd23e0629ff96c9b2ad65ad753054e3473c6aac7be1d55ae82bdefef5dd87 26258
libextractor-dev_1.3-4+deb9u3_amd64.deb
c2dac69153ae0b5158057cd12820660563953bcdf82e78f49f53770cd2214211 112212
libextractor3_1.3-4+deb9u3_amd64.deb
ceb495167b10fd3836e5cbb2fa1ac60822226c08b42f86dc09ed82783eb3f733 17998
libextractor_1.3-4+deb9u3_amd64.buildinfo
Files:
2a8183f7ad531d9d6f5d7916bc4f7f3c 2571 libs optional
libextractor_1.3-4+deb9u3.dsc
e3a90e5a9a4e9bd961e49745e0ae66a8 20016 libs optional
libextractor_1.3-4+deb9u3.debian.tar.xz
2850769895dbd210418649e53207907e 91034 utils optional
extract_1.3-4+deb9u3_amd64.deb
96d6e2d9fc41acd282e798373fb5c38c 553178 debug extra
libextractor-dbg_1.3-4+deb9u3_amd64.deb
054f63e8eb0ff90143dc5240c46556d2 26258 libdevel optional
libextractor-dev_1.3-4+deb9u3_amd64.deb
81a92e3db5b4c4d9e8ef7a152da61f93 112212 libs optional
libextractor3_1.3-4+deb9u3_amd64.deb
9aa8c7c9c88af82320e6b15a333891e0 17998 libs optional
libextractor_1.3-4+deb9u3_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCAAvFiEEKUUr1GPOZwMj0JuIoEqzutviY+4FAlwlPowRHGJtYXJjQGRl
Ymlhbi5vcmcACgkQoEqzutviY+77khAAmZr7gS8hKTjOKThDJ+w7FpVh3HD4uvOU
8fdYxfM+yUqyTGINrzvTIBkp9zghNY9udE4mfNYG2knG7bi7Oj/GKdwlDAe0Pb4I
+0/Xd58JFR+nPodizou4C7I9iKOeY4N8iR6V+qcZrmzaovfAz+dnv5M0E0b/B18J
HP/arMZxSBpPLIkuyKvuTLVzdfex4D1/EIRb6sbKV/bPWxomsGZ5e8H6X/k3kr/t
248rW3nutROMxUkPlofcKPzzuOTZTQI3PPY28ggUkyTcsApRwEtLAgQWtaEeOMyA
vwxasD8lLOD2cb8zLT1YZdERJF/8Ien5r//2gGcSpl7w9JYwmHx5pUw4h7uzXxUW
zeTY6p9KN7ODi0lW7nIBMDzLZjkbuAE4BUVtSU2afuIY4wl3XUuF/zMh4fuJgbtY
JHvLLSk1MEnNc6ylpzS9NZwxbdn+dgUoxULWT71wdm9KhxbjMZ7axAaJyaXsZz5w
NPuao9/w7aNnWxYbM+RNgNdTaD9/Ct2WpVI1JVEAwKR/MB+W99SAX2CQHDgH1nBw
FX6HQfLFLnIbRnJIfm+6XzgUT1Vi25TAYbGrh9OyDcLAcfb51ip/6lbn2iy+DPp2
vAhSJUlbMpwb3k3VgSRv/NtUZ+zmkwTzxbdLzOXKqTeIiSu0qtkxEoShL8VEphNm
E1CtEhAX8to=
=d3zl
-----END PGP SIGNATURE-----
--- End Message ---