Your message dated Thu, 30 Jan 2020 20:36:37 +0000
with message-id <[email protected]>
and subject line Bug#944012: fixed in freetds 1.00.104-1+deb10u1
has caused the Debian Bug report #944012,
regarding freetds: CVE-2019-13508: Heap overflow in FreeTDS if UDT type is used
with protocol 5.0
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
944012: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=944012
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: freetds
Version: 1.1.6-1
Severity: important
Tags: security upstream fixed-upstream
Control: found -1 1.00.104-1
Hi,
The following vulnerability was published for freetds.
CVE-2019-13508[0]:
| FreeTDS through 1.1.11 has a Buffer Overflow.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-13508
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13508
[1]
https://github.com/FreeTDS/freetds/commit/0df4eb82a0e3ff844e373d7c9f9c6c813925e2ac
[2] https://bugs.launchpad.net/bugs/1835896
[3] https://bugzilla.redhat.com/show_bug.cgi?id=1736255
[4] https://bugzilla.novell.com/show_bug.cgi?id=1141132
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: freetds
Source-Version: 1.00.104-1+deb10u1
We believe that the bug you reported is fixed in the latest version of
freetds, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated freetds package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 27 Jan 2020 17:28:42 +0100
Source: freetds
Architecture: source
Version: 1.00.104-1+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Steve Langasek <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 944012
Changes:
freetds (1.00.104-1+deb10u1) buster; urgency=medium
.
* Non-maintainer upload.
* tds: Make sure UDT has varint set to 8 (CVE-2019-13508) (Closes: #944012)
Checksums-Sha1:
5b75f129debb946c1ffbc18ceb067ce3ded97ba0 2423 freetds_1.00.104-1+deb10u1.dsc
0be8c0e685d2c7e11294cca81200f6fc54b0e53b 31446
freetds_1.00.104-1+deb10u1.diff.gz
Checksums-Sha256:
baf7cfe37bc8c19e02c5930d1a1f2a3be9da6dce0df86915f8dfcf11fe38e1be 2423
freetds_1.00.104-1+deb10u1.dsc
247ba4fcc1377766a2c26e64f30dae6bc9430c7297dfccd07eb6f8b62e95fcd7 31446
freetds_1.00.104-1+deb10u1.diff.gz
Files:
70b9802937d360cdcc4c2bd4f3f282be 2423 libs optional
freetds_1.00.104-1+deb10u1.dsc
7965ae64e0dfb4891269ed29079915fe 31446 libs optional
freetds_1.00.104-1+deb10u1.diff.gz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl4vEVxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EDQMP/RQdxEY82+T9LQgmql7189goAgAAcbQP
aruzbLhFTBfVR0XWegAz70EiuaFc7eGsUYiru9I0WlOS5oOxFwzJCkszObILaViC
nwDEd7dFwdW25zUAihqFf+s8Ihgp53KKi9u/6/OZ9SFwE4UFZvIPev3hJP8b0S7N
ht1uLlqwiwyaBbNPgSiQX+NNl/uATX6FKBr7SQ9GyVBi1m5/g/o6DqtnVtSlegSp
ePhIJAPBgCnFcvRoIRMPNp2eIkovnUjZAR+DX8SpFiHHA0tQ+Qef7UiTBJq6qeF2
69MzurlHYs5667baZVjWcS733jIBnGjPcbniClJ0M7uhodRpKVXaU4pWcZb7igjj
19Ll/ZUuq2Xsv2/1s5gROsy2Srag86S7LInSBmYuXHysgbVbX69ruWaDK00ezRUo
RNfEiCzjhwgJ2NHPndymx72W7s+gPBieNuJNtxaRqMGXn4GJv5Jq80bd+IdoSOvf
vdzpWvJjLtLFtSmhpddj9dSxeXLFikk/6j98ydMyyawlPtQsi7e05A7v5j2hug/6
TNn5Lv/TvQ/9p21zz9XtbIPsFBDb76J7fEhZRro5XSonSF+3iosP96sjSmueGdrX
AcH/XFt62D8RG97tQ6+VD96nMzZKODCmc790qKCzJw+BkbD4AvsHJaRfmVoOrs+a
1AifeWYKDoAJ
=Iy2Q
-----END PGP SIGNATURE-----
--- End Message ---
