Bug#993851: marked as done (ulfius: CVE-2021-40540)

[Debian Bug Tracking System]

Your message dated Tue, 07 Sep 2021 12:04:37 +0000
with message-id <e1mnzq9-000fsc...@fasolo.debian.org>
and subject line Bug#993851: fixed in ulfius 2.7.1-2
has caused the Debian Bug report #993851,
regarding ulfius: CVE-2021-40540
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
993851: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993851
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: ulfius
Version: 2.7.1-1
Severity: important
Tags: security upstream

A security vulnerability exists in ulfius prior to version 2.7.4

CVE-2021-40540 [0]

ulfius_uri_logger in Ulfius HTTP Framework before 2.7.4 omits con_info
initialization and a con_info->request NULL check for certain malformed
HTTP requests.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-40540
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40540

Thanks

--- End Message ---

--- Begin Message ---

Source: ulfius
Source-Version: 2.7.1-2
Done: Nicolas Mora <babelou...@debian.org>

We believe that the bug you reported is fixed in the latest version of
ulfius, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 993...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nicolas Mora <babelou...@debian.org> (supplier of updated ulfius package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 07 Sep 2021 07:13:42 -0400
Source: ulfius
Architecture: source
Version: 2.7.1-2
Distribution: unstable
Urgency: medium
Maintainer: Debian IoT Maintainers 
<debian-iot-maintain...@lists.alioth.debian.org>
Changed-By: Nicolas Mora <babelou...@debian.org>
Closes: 993851
Changes:
 ulfius (2.7.1-2) unstable; urgency=medium
 .
   * d/patches: Fix CVE-2021-40540 (Closes: #993851)
Checksums-Sha1:
 6f2b4a082540034d5d3b02b08ec3857ee3184bfa 2383 ulfius_2.7.1-2.dsc
 aa4c95c48f6e76c0c6744885e5680cf8687092cf 249751 ulfius_2.7.1.orig.tar.gz
 8fb4265bef63b89edc8790ab9e1d5796185a8506 7376 ulfius_2.7.1-2.debian.tar.xz
 b0c8374d03f2df27d43ac8df36c49b0a0aeef6f2 8863 ulfius_2.7.1-2_amd64.buildinfo
Checksums-Sha256:
 d529d61901461f74d40e735c8cd2c9d62dd54736d06b93b59cdab4a60e4b259d 2383 
ulfius_2.7.1-2.dsc
 d5dfb90ac16fe9d8ce70fe6b23e43102d5208d4f0174196d3ef183d950d3a57b 249751 
ulfius_2.7.1.orig.tar.gz
 b3c48881a3831fb19fbb520f3a5c3e4029a699efd065c93f9ce3b621395e399c 7376 
ulfius_2.7.1-2.debian.tar.xz
 05a9902d14f1f6057451bcced7b791545ee0ca29488921d499fb3ec17cbda01e 8863 
ulfius_2.7.1-2_amd64.buildinfo
Files:
 956c79458f1c0ec706dbb7edc2851268 2383 devel optional ulfius_2.7.1-2.dsc
 2236cc397f54769dbe55a888eecc791d 249751 devel optional ulfius_2.7.1.orig.tar.gz
 24bdae0d7d0b37d2d85e219508d0af3c 7376 devel optional 
ulfius_2.7.1-2.debian.tar.xz
 c2ca1ee85093d5be90162fafe5a0b291 8863 devel optional 
ulfius_2.7.1-2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEhAWwL8wo75dEyPJT/oITlEC9IrkFAmE3UYUACgkQ/oITlEC9
IrnanA/7BuUY87ra5llkZyjGKPEaSRxUFqIhbgT2uZoZwTqCpOruhoqFlEA/vzVh
alV4ndOdOnhmJLKHkz2Ez0Wc3qUHXML7J0WnZ2+T9QmjTLABc/m01JI74tltZJCu
Qh/D1/BLSeUEAY9xGW7QOFmuFCJoBQKC1XUvCzHlg5HjilViDvS6iHD9HlnKBeoH
CUtlUXxg0sGghP3INZcXWPPzNoOoNQz4u5wBidhJB8dIRlO7Ejr5G5BjInhCftN0
zVkaG6AJ99KlUsjVobRHRSfd96o07Fx2VLEsE659bIngag7YKlk7FanBVjXy+DZ2
YakPtkKD18+evDLY1d3DP2TmO57MsEWPSNoS5Uxdq4LyIJUjCQrx13nL1m378PaA
T0xVOrGf4cPcaAxTRIVNlrAaztBe5ryk96rFd4kvwccRbUqXlMMd6a78OZWFya3D
eMhLyQdlo/jH024NAJQT53SEfWX8cM3teVvlfuUL/mOqY7+hW5ppp6s1408lgYr9
Ar79huk6HJulq7l25Tl5z60KKYSQgdwjrVk6LMXD30xfIZEvXp01N1in8ixp5fDW
akemMFhn1UsSPBywuu3icPDmtlybowix5xUH+qm4ZNaZBAJg/7a6+bTYIjX/rVMG
gYuWtDGUVXuY/pgawRpMHGzdE6jneqzaQ9haFyqCXHZzOiD1+q8=
=G1Yd
-----END PGP SIGNATURE-----

--- End Message ---