Your message dated Sun, 29 May 2022 18:02:08 +0000
with message-id <[email protected]>
and subject line Bug#1010619: fixed in rsyslog 8.2102.0-2+deb11u1
has caused the Debian Bug report #1010619,
regarding rsyslog: CVE-2022-24903: Potential heap buffer overflow in TCP syslog
server (receiver) components
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1010619: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010619
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: rsyslog
Version: 8.2204.0-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for rsyslog. Filling for now
as grave, but we might downgrade. Probably affected configurations are
not that common if I understood correctly, the advisory has some
comments about it as well[1].
CVE-2022-24903[0]:
| Potential heap buffer overflow in TCP syslog server (receiver)
| components
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-24903
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24903
[1]
https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8#advisory-comment-72243
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: rsyslog
Source-Version: 8.2102.0-2+deb11u1
Done: Michael Biebl <[email protected]>
We believe that the bug you reported is fixed in the latest version of
rsyslog, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Biebl <[email protected]> (supplier of updated rsyslog package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 20 May 2022 23:05:15 +0200
Source: rsyslog
Architecture: source
Version: 8.2102.0-2+deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Michael Biebl <[email protected]>
Changed-By: Michael Biebl <[email protected]>
Closes: 1010619
Changes:
rsyslog (8.2102.0-2+deb11u1) bullseye-security; urgency=medium
.
* Fix potential heap buffer overflow in TCP syslog server (receiver)
components when octet-counted framing is used
(CVE-2022-24903, Closes: #1010619)
Checksums-Sha1:
da1f3f8b5246cb6d755999b56e17d72d032256c2 3109 rsyslog_8.2102.0-2+deb11u1.dsc
fdda78ed808e7a0dca03ead9227a0a5d913a050f 3123684 rsyslog_8.2102.0.orig.tar.gz
8392d443c5fc4ea6e2064a93c9bc595ac45f6ab4 30620
rsyslog_8.2102.0-2+deb11u1.debian.tar.xz
6717f7e4ac63ea1942a1c91bcd50a3a8fd7dd7e1 8326
rsyslog_8.2102.0-2+deb11u1_source.buildinfo
Checksums-Sha256:
a1939d9d33c87007c259245a6f57a51fe4a7885a8964af3e4ec31acdc8d4e24f 3109
rsyslog_8.2102.0-2+deb11u1.dsc
94ee0d0312c2edea737665594cbe4a9475e4e3b593e12b5b8ae3a743ac9c72a7 3123684
rsyslog_8.2102.0.orig.tar.gz
a8af4719b549b006bfe8be7278c3fb743037db8b8c85715c1b0da5e492dee73a 30620
rsyslog_8.2102.0-2+deb11u1.debian.tar.xz
b38eacec08d7084812ec16f1650142d5f48d0daa620406dffbe68b8102a3322e 8326
rsyslog_8.2102.0-2+deb11u1_source.buildinfo
Files:
4f4f68f33db2f3d5e5ced58dd3ac7ee6 3109 admin important
rsyslog_8.2102.0-2+deb11u1.dsc
1f6150dfd2ef38db37c2165e98d2f2b1 3123684 admin important
rsyslog_8.2102.0.orig.tar.gz
1526ed39ebbeb52e3f3f89d1bd0ebee2 30620 admin important
rsyslog_8.2102.0-2+deb11u1.debian.tar.xz
e1d9ec20262888447553f571ccdc6803 8326 admin important
rsyslog_8.2102.0-2+deb11u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEECbOsLssWnJBDRcxUauHfDWCPItwFAmKIHJIACgkQauHfDWCP
Itxykw//WGZSrd482oLaf85bTR7D15/V5DxcmC5uKp+PgLW/WRCSiBfsVhr5fpOH
1UMjbqNeKIXDtL7tf5+EduAJp8nRDgKpokJsfEUljKv+mRTag7lbxyLE4mGT/+3d
DwDO3DWt56Hz+0SNKJb5mpNS0FB0++xhQH/0FarVIkK1Myb+JkLDlSu/Lv4sLouw
pWrOKNcXcSJUz7K5zUjs+K9NzamdhMvspaz+aaOggERMTA2Ames//MrzdPiTmCXH
0oe6K/jJPrHV+COx9eHv2ShrFHyanuDz4BI2gpBlw4MQia+9JakuMAhPjUlAXe4k
7I45c3XO2oldHwQodV1j/LHODJv+Zde6OETUFwdK5Vto7uz9RfRlvONSBJAF+VAG
8k7vI6idlUg0Dxufm6TMvJG5XTFP+2AYBjDefkf+Its8yqI/1a3HTTNh27HrTX0Q
Nt363BbVn0TFhlnbtOK0TnGp24XpLCE6n6mrSYiO+yu2FA8Ll3lbj4nIAQaM+bHk
JcBkQSd7rkAOuydzyxQGqblA2PGvtr6ZPDlMX/XxvIXZSMMTXK5zpy2Q46Dc3fP/
OJ0HvHUH3LslMhAuBPDnO1KsMzDy/VwXWA9luG1MEsigiF2h2raewVf109U+wYmj
kxq4ZPxHbxc7czlTEEqc8Ue1nfU8DDyp324VCfTguSpLQcVPBQA=
=MISM
-----END PGP SIGNATURE-----
--- End Message ---
