Your message dated Sat, 09 Nov 2019 20:35:05 +0000
with message-id <[email protected]>
and subject line Bug#924350: fixed in libofx 1:0.9.14-1+deb10u1
has caused the Debian Bug report #924350,
regarding libofx: CVE-2019-9656
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
924350: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924350
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libofx
Version: 1:0.9.14-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/libofx/libofx/issues/22
Hi,
The following vulnerability was published for libofx.
CVE-2019-9656[0]:
| An issue was discovered in LibOFX 0.9.14. There is a NULL pointer
| dereference in the function OFXApplication::startElement in the file
| lib/ofx_sgml.cpp, as demonstrated by ofxdump.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-9656
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9656
[1] https://github.com/libofx/libofx/issues/22
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libofx
Source-Version: 1:0.9.14-1+deb10u1
We believe that the bug you reported is fixed in the latest version of
libofx, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Dylan Aïssi <[email protected]> (supplier of updated libofx package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 23 Oct 2019 08:04:35 +0200
Source: libofx
Architecture: source
Version: 1:0.9.14-1+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Dylan Aïssi <[email protected]>
Changed-By: Dylan Aïssi <[email protected]>
Closes: 924350
Changes:
libofx (1:0.9.14-1+deb10u1) buster; urgency=medium
.
* Add upstream patch to fix CVE-2019-9656 (Closes: #924350).
Checksums-Sha1:
3b396ec4dd0ae0c09cd268d9e189092bc5d9a327 2123 libofx_0.9.14-1+deb10u1.dsc
194e8f8b7d702bfa47544f810e13b900b4b8bc5e 14092
libofx_0.9.14-1+deb10u1.debian.tar.xz
d476e58ab8376989a8fbbbba45bee9f15c61c8c6 9061
libofx_0.9.14-1+deb10u1_amd64.buildinfo
Checksums-Sha256:
d112c3b3234d19d2a33ef1b17566a76e8670f4be7fd54448325e7a26c64ba122 2123
libofx_0.9.14-1+deb10u1.dsc
9e0ceed05eb77c596379bfc762654d0e3326884e7252886015bd25bcde63d1db 14092
libofx_0.9.14-1+deb10u1.debian.tar.xz
edba9a56187a0a8ce3044ca6877e45fc05a7642a0931a15d886cfc079016650a 9061
libofx_0.9.14-1+deb10u1_amd64.buildinfo
Files:
eb53dd0b9b92dfbb262c7d431d8ecc0b 2123 libs optional libofx_0.9.14-1+deb10u1.dsc
b66d7cf0b8686c431114fd2bf14e8898 14092 libs optional
libofx_0.9.14-1+deb10u1.debian.tar.xz
1ab049c4f5e67624fc69389e574e1d2a 9061 libs optional
libofx_0.9.14-1+deb10u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCgAwFiEEmjwHvQbeL0FugTpdYS7xYT4FD1QFAl3F7EcSHGRhaXNzaUBk
ZWJpYW4ub3JnAAoJEGEu8WE+BQ9Uu20P/jEbVKAHd2MtoC8tdFNu9R2xYfjgduTX
SpomqTp2NFfYsse3vBvhnS6rEsy49UAvyyT3vaLxZg/1kzwLadmAAVarvaUvE1/n
Aqlyy3g/c2TF/tuQjIX6niEMkkVxtW8gS2c6lSv+I3pXqRppzeftVbTAMcz3vHMs
bM6Wn1dl3cydAVTQHOBnvZAAP164V3MrYeEgbtK6EQt0JbRi3wFtjwgUJzB5sZWr
xOXDKqjG6pwHEkBg5ppchKfc3IGiGJtwXIvD4i9JILvhtVp9xP8FortfeBdlXUjs
Fz6BpyAoJZHIyuYInOR2XCQl1R0dzoHXnMd1lwQvRRVlDUHrDyZvJO9tCy1/kmHr
eNgW4MGquPQGtNUAQqDQvAnPMD7n7cRU8wERsutocJNymkjF6OxIRrYK7PcaKiXM
K2aGqwQz94nf2psvkBqChaO4jglICjXcBbxBQGZkJjaTQ3MDTZgsIKX8cifQSID2
oixog6xihn2Pq8S0YpSZv8uXkTibA+50UI2M+yF618eTInt5UR535FHdct68UMt0
EqiV0KE3NhtqDY+KyPMyipsBwI1GRzD/cZomB5sujTuCfuPahdzZoIErABUb9dL4
8maKy4k5N8ypq/9mNd4495+d/y0Y67aE/FK9g7nJ1i0IKyDW7tEaYIoEj6Eeq36V
GSfD9hOY4GVe
=9X2h
-----END PGP SIGNATURE-----
--- End Message ---
