Your message dated Sun, 13 Jan 2019 15:35:02 +0000
with message-id <[email protected]>
and subject line Bug#898130: fixed in abcm2ps 8.14.2-0.1
has caused the Debian Bug report #898130,
regarding abcm2ps: CVE-2018-10771
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
898130: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898130
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: abcm2ps
Version: 7.8.9-1
Severity: important
Tags: patch security upstream
Forwarded: https://github.com/leesavide/abcm2ps/issues/17
Hi,
The following vulnerability was published for abcm2ps.
CVE-2018-10771[0]:
| Stack-based buffer overflow in the get_key function in parse.c in
| abcm2ps through 8.13.20 allows remote attackers to cause a denial of
| service (application crash) or possibly have unspecified other impact.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-10771
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10771
[1] https://github.com/leesavide/abcm2ps/issues/17
[2]
https://github.com/leesavide/abcm2ps/commit/dc0372993674d0b50fedfbf7b9fad1239b8efc5f
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: abcm2ps
Source-Version: 8.14.2-0.1
We believe that the bug you reported is fixed in the latest version of
abcm2ps, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nicolas Boulenguez <[email protected]> (supplier of updated abcm2ps package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 29 Dec 2018 14:56:32 +0100
Source: abcm2ps
Binary: abcm2ps
Architecture: source
Version: 8.14.2-0.1
Distribution: unstable
Urgency: medium
Maintainer: Anselm Lingnau <[email protected]>
Changed-By: Nicolas Boulenguez <[email protected]>
Description:
abcm2ps - Translates ABC music description files to PostScript
Closes: 825386 833017 897966 898130
Changes:
abcm2ps (8.14.2-0.1) unstable; urgency=medium
.
* Non-maintainer upload.
* New upstream release. Closes: #825386, #833017, #897966, #898130.
Addresses security issues: CVE-2018-10753, CVE-2018-10771.
* Forward all changes not specific to Debian.
* Remove autoreconf generated files from source package.
* Remove white spaces from this changelog and source/format.
* Debhelper 11.
* Build-Depends: pango-dev to enable optional pango fonts support.
* Standards-Version: 4.3.0.
* Rules-Requires-Root: no.
* Add Homepage.
* HTTPS protocol in copyright format.
* Enable all Debian hardening build flags.
* Link with --as-needed to remove some library dependencies.
* Add minimal run time test.
* Update watch file.
* Cherry-pick fix-loss-of-sep.diff from upstream VCS.
Checksums-Sha1:
f132d4604dcb4cd2fb614a1228f0e60eb6774ede 1821 abcm2ps_8.14.2-0.1.dsc
4d6cf3aaeb9507423354cea7461ad2420715952b 258255 abcm2ps_8.14.2.orig.tar.gz
291f9b8266479fe07d1b715790ed1d721aa85307 4300 abcm2ps_8.14.2-0.1.debian.tar.xz
Checksums-Sha256:
2d9f9e0ef80e397aa7954636ddda306a66b602bcd0212cd8032e0c19d18eb1af 1821
abcm2ps_8.14.2-0.1.dsc
496bbd6eb36e6f5ab45c56373d288329853a9c905d49cf35606eb09bc40a356b 258255
abcm2ps_8.14.2.orig.tar.gz
b165707341489df3244d864663e5b8befce5adb0a244b48a3d1f9c3fb883e3c4 4300
abcm2ps_8.14.2-0.1.debian.tar.xz
Files:
116312ec4aed737e2b806fa5dbd23ca1 1821 text optional abcm2ps_8.14.2-0.1.dsc
5100f806e4da53434f6493e2503dc2fd 258255 text optional
abcm2ps_8.14.2.orig.tar.gz
ddd0e4027c54c51097adfcd0ab1dbe82 4300 text optional
abcm2ps_8.14.2-0.1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQJHBAEBCAAxFiEEYtlNMqmXIhEvWffytSqc9EkN/I0FAlwnhYkTHG5pY29sYXNA
ZGViaWFuLm9yZwAKCRC1Kpz0SQ38jQUjEAC7Vryq/AkjF2Zn3NLoMERy6Sei4xbM
rn7pj4B+aTWJjCuRXw4t6TxM/6iRx1oEo4msMybVDso42Qrgz4ykLuw6Pv1CgvAL
JdQeUzzJ/l7BWcn4wFQUjcA9FrFxkFUQ1oTjKihHSkPletObRLOmisQrDpxnH3Sz
VLgtAW28fnGcS01qQIFJW5kXxUjepgawMRUjoGJB1ab70Voe0xWF+wd4ncsmr8Tb
jbK9Wfm+ZuFt+HHCCcSWWdVJpeBIsrbzj1SubVIpycoL00EjDEoaHmEWSZ3XjM9w
Sh3r6IyOkGjncVbdP8iLgHmFhFsdx8IrPyj+PU9U2ozjMoBSmf5k5ESC+KoBXMA/
WrjSBShKYhhoxE8L//7RXdx1nzylskfa7DeB4IxAJ2pcfXAn/BB0hQAcXEikSllU
0N1M6roq+DumV06MDu7bfy2q89YePiVkhaZl6nTp89sT4V6RKEoX1oSoUR2VALpN
GvjkP0woxsDXlHRF50ccvkqoFICIiJwCNIEtkUkG+SmPBI3KsFJBvSFYTLIq5RJm
nzCe8kpNMLjbuW+SY9NAI8xptRbOk3gVrbq2HaPMO5r9XsWciYBoYO/BSNZ3/0kA
0Byq2SwdENW4dWgPUdjy4kUqp+WY+k7X73k71OaSHvCtbpumpfn3ZUR/fEJixzNa
qFaoab4fwXEDng==
=xHki
-----END PGP SIGNATURE-----
--- End Message ---
