Bug#936024: marked as done (CVE-2019-15758 CVE-2019-15759)

[Debian Bug Tracking System]

Your message dated Thu, 29 Aug 2019 15:04:02 +0000
with message-id <e1i3lxy-00021a...@fasolo.debian.org>
and subject line Bug#936024: fixed in binaryen 89-1
has caused the Debian Bug report #936024,
regarding CVE-2019-15758 CVE-2019-15759
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
936024: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=936024
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: binaryen
Severity: important

This was assigned CVE-2019-15758 and CVE-2019-15759:
https://github.com/WebAssembly/binaryen/issues/2288
https://github.com/WebAssembly/binaryen/pull/2290

Cheers,
        Moritz
                                                                                
        

--- End Message ---

--- Begin Message ---

Source: binaryen
Source-Version: 89-1

We believe that the bug you reported is fixed in the latest version of
binaryen, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 936...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Markus Koschany <a...@debian.org> (supplier of updated binaryen package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 29 Aug 2019 16:04:13 +0200
Source: binaryen
Architecture: source
Version: 89-1
Distribution: unstable
Urgency: medium
Maintainer: Markus Koschany <a...@debian.org>
Changed-By: Markus Koschany <a...@debian.org>
Closes: 936024
Changes:
 binaryen (89-1) unstable; urgency=medium
 .
   * New upstream version 89.
     - Fix CVE-2019-15758:
       Missing validation rules in asmjs/asmangle.cpp can lead to an Assertion
       Failure at wasm/wasm.cpp in wasm::asmangle. A crafted input can cause
       denial-of-service, as demonstrated by wasm2js.
     - Fix CVE-2019-15759:
       Two visitors in ir/ExpressionManipulator.cpp can lead to a NULL pointer
       dereference in wasm::LocalSet::finalize in wasm/wasm.cpp. A crafted input
       can cause segmentation faults, leading to denial-of-service, as
       demonstrated by wasm2js.
       Thanks to Moritz Muehlenhoff for the report. (Closes: #936024)
   * d/control: Build with python3. Add python3.patch to avoid a FTBFS.
Checksums-Sha1:
 abef65943bd11dfda6722960e931859d7747ed0c 1975 binaryen_89-1.dsc
 67149cba137268c75f2e9baafa1ccce83c9c597f 2942509 binaryen_89.orig.tar.gz
 768cec59fd714077b7732e8535f5642e991cf75f 3240 binaryen_89-1.debian.tar.xz
 3bd3a5f44cb0b20dd70e5b28e76c25a95db66303 7154 binaryen_89-1_amd64.buildinfo
Checksums-Sha256:
 8c7ca9c35331faae5396aa2e4e89e489c58a9b7abb26c64e031bb6d823cb6ff2 1975 
binaryen_89-1.dsc
 e8b35e751cc9b90ce4c4a9d309595ee9c3afac2964fd0c4cc06c12ec43f6d55e 2942509 
binaryen_89.orig.tar.gz
 2dc90efef1a6cbae8d0a28ac00a982e28b1f7488362287353434cc4ef1dc63c2 3240 
binaryen_89-1.debian.tar.xz
 531f9f89cc1bdffff071c8edcf8798cc66f38b7fa85ad265ad729c76244b23f2 7154 
binaryen_89-1_amd64.buildinfo
Files:
 29523f1df50f22aea4560f7babf655fe 1975 devel optional binaryen_89-1.dsc
 370a6c81ce109398cca47a65e37b74ce 2942509 devel optional binaryen_89.orig.tar.gz
 5955f8e7631a3a8a519261e132c8f83e 3240 devel optional 
binaryen_89-1.debian.tar.xz
 6ae66953bf682986b52b7f3743a4aeb4 7154 devel optional 
binaryen_89-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl1n4AZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkPncP/3EOR3ohOpI4Ul+tXr6vP97gfFVZAbNOk3HV
y9XpW2XFRO/xnfvvC78Mi4+q1ZEUpEpNqrtWgeIs9xXynKee717facvl7CogN008
62dzAWqxlWm5ipjJLZkGHHJQ5/Ye46i0x+/6b8K6XdwCCj2FxO5Iw0gYSmMxSYGn
SlLPtv5VlgiRzS8NIpu8c9P81HbhM4MMNj/sAV6gfxWMNe9kqiusJA16MWqvkNMB
MJ98s3gAqcXwDFj5KtgVC3rWc1Vp56kQtqB8JOAnGzN5/i677E01lT3OZBWHPEyh
iqmsOwUu+bn029VbVloOsNtaNC2zScCWK9QUdS/eEbhUXvcnHG1LhJOW9u5TaWYw
eY7hkqPiTyuU9azxQ9nOXoUL2240vOtXgqSwWvOBaPgI08nZ9eniXVTahSs6EWkX
hxlh2vJhgeJjIIcaEVvlraN5ntmh7dQ/gbsTSnl+tcLxIaqngEpIR6GUId0isuGr
to6uuB0Z8LaL3hPs6tKQgzuqTkWQsLo6vf+hz+BGHBsnXjEatF3PF5fkh3lU9NIA
6JawEuoAidIIRgOZBqf1viheQvhTNROHP7Tr82KsfH1VAeHFYHFOZKLXHvFP10um
XQsaR+ZtongME2CftWJ0UdbYRZBes0/Fzq0C3n1TM5XSjLpT0bpPUTNts21UOKWo
8zCKMEKc
=0psC
-----END PGP SIGNATURE-----

--- End Message ---