Your message dated Tue, 17 May 2022 21:18:45 +0000
with message-id <[email protected]>
and subject line Bug#1010770: fixed in admesh 0.98.4-2
has caused the Debian Bug report #1010770,
regarding admesh: CVE-2018-25033
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1010770: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010770
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: admesh
Version: 0.98.4-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/admesh/admesh/issues/28
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for admesh.
CVE-2018-25033[0]:
| ADMesh through 0.98.4 has a heap-based buffer over-read in
| stl_update_connects_remove_1 (called from stl_remove_degenerate) in
| connect.c in libadmesh.a.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-25033
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25033
[1] https://github.com/admesh/admesh/issues/28
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: admesh
Source-Version: 0.98.4-2
Done: Anton Gladky <[email protected]>
We believe that the bug you reported is fixed in the latest version of
admesh, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Anton Gladky <[email protected]> (supplier of updated admesh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 17 May 2022 23:07:39 +0200
Source: admesh
Architecture: source
Version: 0.98.4-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Science Maintainers
<[email protected]>
Changed-By: Anton Gladky <[email protected]>
Closes: 1010770
Changes:
admesh (0.98.4-2) unstable; urgency=medium
.
* [936e108] Add .gitlab-ci.yml
* [d63513a] Set Standards-Version 4.6.0.
Set Compat-level 13
* [251cd64] Do not install some files.
* [8c66e24] CVE-2018-25033: Fix heap buffer overflow in
stl_update_connects_remove_1. (Closes: #1010770)
Checksums-Sha1:
a4eca7c326b09e502b53d6aa4c75520342d16c04 2073 admesh_0.98.4-2.dsc
81af4d640846d0a7c638a6e79d4def99b90a04fc 7020 admesh_0.98.4-2.debian.tar.xz
502d253ad7dbebe8fb22d1ce2ee8fbb2a457ada9 6490 admesh_0.98.4-2_source.buildinfo
Checksums-Sha256:
7b6d90c0c8cc9b819886c97188cf32b0403a51caf61d9a8e40d644744d1b2cc5 2073
admesh_0.98.4-2.dsc
f4f0c94478c3e267509acda0f12083ddb06d3c45375080c85318193a1c32f33c 7020
admesh_0.98.4-2.debian.tar.xz
5a0a52cc2dc2f3f8983155df12674c0f61aea3ee1697a58599faf87b89ed3eb9 6490
admesh_0.98.4-2_source.buildinfo
Files:
530e40d21ef035f08d22769d8fe522fa 2073 math optional admesh_0.98.4-2.dsc
e2cc78eb769ef82b3ee18a8e576b1c35 7020 math optional
admesh_0.98.4-2.debian.tar.xz
3936d4426627267b28aab946656bffc4 6490 math optional
admesh_0.98.4-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmKEDxIACgkQ0+Fzg8+n
/wYKChAAg4m6LgZ2OG8ejTUtPyEg5sp/GyJWiabiDhYWJ2rvU85Skt4Kw12oEgmN
zh7ABuLPmhmK7Y6mMG4ZLIKhcRBNIHcZ/yFjFQyzbSHqsPbhyQqyveaxSTI1HSh6
6ToDomLVdAdX85D95JCwOz+YII6l2L6G3QtpYZH34E486PSPmA1yYoxlwEZ3wjR3
zLHb7gKqY/zeaE98NfSfcVJQvBqONYzGotuE8Tek2hbSTPgUZ9TaEA1QZEG28rrY
6auRtwYuiu0+DjsS85RYMWCDZ8dVDBgxM5jAhqC/xZTzgjWvdoK5sLSfJiHhtn4f
F3xDYJA7QH6UICQn5K5gVgel1HlsgynLH8UBeHlmJNYkdEV5k2/JoOIONGlBnr38
sGtLhH2RY47mBwzWnOGId4PZcDFhUNHhL4obZUa6UWB8MV3Qt24mXcShJVUHjGg2
yIvur+mWYFnTTnvHEl3hZoSDjQs/kGovRXBX5HC/D1VgyXbENhS/XlfuRH8N7MHX
IWDZQTRxkApe19GkUNh5IGoChwZ6EyEUHeGX7g0emX1tK/oG1axJ3h6uG0AqUIgR
MpeuTZZwtlaATJTAKyBovhb8TfO9QbiMz6rChy25hXEw9/AUoViL5XuDrNGMycsZ
UkBO45IqN6MESLvX9rLKOTNCJ4mCUe9lCqd9XmTOMj6eoS2zMz8=
=rl0u
-----END PGP SIGNATURE-----
--- End Message ---
