Your message dated Mon, 04 Jan 2021 11:05:24 +0000
with message-id <[email protected]>
and subject line Bug#974664: fixed in raptor2 2.0.14-1.2
has caused the Debian Bug report #974664,
regarding raptor2: Out of bounds read leads to segfault in
raptor_xml_writer_start_element_common
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
974664: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=974664
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: raptor2
Version: 2.0.14-1.1
Severity: important
Tags: security upstream
Forwarded: https://bugs.librdf.org/mantis/view.php?id=650
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 2.0.14-1.1~deb10u1
Control: found -1 2.0.14-1
Hi
As reported upstream in [1] and on oss-security[2] there is an
out-of-bounds read issue in raptor_xml_writer_start_element_common.
No CVE is assigned (so far) for this one.
Regards,
Salvatore
[1] https://bugs.librdf.org/mantis/view.php?id=650
[2] https://www.openwall.com/lists/oss-security/2020/11/13/1
--- End Message ---
--- Begin Message ---
Source: raptor2
Source-Version: 2.0.14-1.2
Done: Salvatore Bonaccorso <[email protected]>
We believe that the bug you reported is fixed in the latest version of
raptor2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated raptor2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 02 Jan 2021 11:14:00 +0100
Source: raptor2
Architecture: source
Version: 2.0.14-1.2
Distribution: unstable
Urgency: medium
Maintainer: Dave Beckett <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 974664
Changes:
raptor2 (2.0.14-1.2) unstable; urgency=medium
.
* Non-maintainer upload.
* Malformed input file can lead to a segfault (CVE-2020-25713)
(Closes: #974664)
Checksums-Sha1:
69e8da62f987480a10bf4c9b44427ef0dd9fbe7f 2276 raptor2_2.0.14-1.2.dsc
2d3b54b2e57577873478cd1b286c508064d7c336 8792 raptor2_2.0.14-1.2.debian.tar.xz
Checksums-Sha256:
9f9c7152c72c4721685fd6e066278e6c7adbacf7de4d91a405d8fee2fa96bd30 2276
raptor2_2.0.14-1.2.dsc
887e57183d1938d5c5c301e31da97938698432c51731fbee01b3ffd55ad7ea89 8792
raptor2_2.0.14-1.2.debian.tar.xz
Files:
b28d8000a05abf0261d1c493c46fb760 2276 devel optional raptor2_2.0.14-1.2.dsc
62e84d0dde99219a3f6a928c231fdff9 8792 devel optional
raptor2_2.0.14-1.2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl/wSN9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89ETNAP/jQ6VRBwMYEDnMVw/WSE758DjDeg4G47
Gwt1KnioW7LB/JhvrJp1zWmfjt9Hgiiur/yXBSTcW1sw6kxdrOEI7tDsqQv4sFzH
hdWaVg7IHYsI72xfu0euaRTvvMdrYWkbsVWj/o7U1OFE2cSf0YGeAc1sJpIGQxZg
Y6zTmfU3DTu9tKHQF31LGR3zmajRyn+S9drsFlRajmQbOTdwgYzw65raM/MeU8U3
wrwIANwQ+R8yKspT2L1TGQC2A5W1z2usq/6oouPa1VTF7rPp6X/z8nEXbkac0Bsq
57lO4wPVfuoEdQKufRAhW+sppeyN3TfYXYPvhwjjg5iwJO29De3krhKboTQDVYOg
2i58eNROSNvpL+gpciOF3ti5urgJDzHtXVe47BQtaeUuHpM+2LmwHiQsUYdgtOPH
8daIumbdvRoh9+IYJ1lML+w982ZW0No/pKzVQ/rR5wPuLq62bkyWbmTQRUVmxNZp
E7WQ9IeIOEfyE5ZQ30XziF0gMJHBT5bAUqBP6pEgHFjQJ0peeHNAuRskkyneR0Ff
bU2ZGk2QbhQ6KkCLLkd6m5ieqEWKoOS6KMvbPkaTMkKtqc6PnbBnV15vIWSb8h3Z
C5J8h8owXBucSiAW/RBsXriynZ/jnInSnzIbpBwY9BBIJPxfh4YaMHHYxiP/oTXh
kRkj614vqeNk
=VaNe
-----END PGP SIGNATURE-----
--- End Message ---
