Your message dated Mon, 26 Dec 2022 18:14:36 +0000
with message-id <[email protected]>
and subject line Bug#1026995: fixed in exuberant-ctags 1:5.9~svn20110310-18
has caused the Debian Bug report #1026995,
regarding exuberant-ctags: CVE-2022-4515
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1026995: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026995
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: exuberant-ctags
Version: 1:5.9~svn20110310-17
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for exuberant-ctags.
It seems to affect as well the old version (while src:unviersal-ctags
was fixed before the initial upload to Debian).
I guess it's to late for bookworm to try to get rid of exuberant-ctags
in the archive.
CVE-2022-4515[0]:
| A flaw was found in Exuberant Ctags in the way it handles the "-o"
| option. This option specifies the tag filename. A crafted tag filename
| specified in the command line or in the configuration file results in
| arbitrary command execution because the externalSortTags() in sort.c
| calls the system(3) function in an unsafe way.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-4515
https://www.cve.org/CVERecord?id=CVE-2022-4515
[1]
https://github.com/universal-ctags/ctags/commit/e00c55d7a0204dc1d0ae316141323959e1e16162
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: exuberant-ctags
Source-Version: 1:5.9~svn20110310-18
Done: Colin Watson <[email protected]>
We believe that the bug you reported is fixed in the latest version of
exuberant-ctags, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Colin Watson <[email protected]> (supplier of updated exuberant-ctags package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 26 Dec 2022 17:44:41 +0000
Source: exuberant-ctags
Architecture: source
Version: 1:5.9~svn20110310-18
Distribution: unstable
Urgency: medium
Maintainer: Colin Watson <[email protected]>
Changed-By: Colin Watson <[email protected]>
Closes: 1026995
Changes:
exuberant-ctags (1:5.9~svn20110310-18) unstable; urgency=medium
.
* Backport from universal-ctags:
- CVE-2022-4515: main: quote output file name before passing it to
system(3) function (closes: #1026995).
Checksums-Sha1:
9e9551e708cefc346eb0348f5be5f4858660efa1 1998
exuberant-ctags_5.9~svn20110310-18.dsc
0fa95ecf9db48b7d2dc40ba4e3281ac93dc6b1d8 17452
exuberant-ctags_5.9~svn20110310-18.debian.tar.xz
067f8800f70085f4fe38b732d7793022ab2abda4 7369
exuberant-ctags_5.9~svn20110310-18_source.buildinfo
Checksums-Sha256:
a31e0a55414bc468e5ad7bc90bbe5d785616e06dc4f75c09403b230360a38e75 1998
exuberant-ctags_5.9~svn20110310-18.dsc
989324e0cdf615170774f987f0eb75db23dec1bbdf3a714febd0f543da2900eb 17452
exuberant-ctags_5.9~svn20110310-18.debian.tar.xz
8f337810b01b724fd7ed37180ef331c4dca07126dc11ba6dc5a6fb54b2955243 7369
exuberant-ctags_5.9~svn20110310-18_source.buildinfo
Files:
3ed89b1d200a8d5f8bba8299e7f859fa 1998 editors optional
exuberant-ctags_5.9~svn20110310-18.dsc
1ed3d8441c526aab259085ac8d94de86 17452 editors optional
exuberant-ctags_5.9~svn20110310-18.debian.tar.xz
99021c147341ca3cd44672474fc9c826 7369 editors optional
exuberant-ctags_5.9~svn20110310-18_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmOp3aAACgkQOTWH2X2G
UAsF2A/7BDB/rYwGtLaA097I0ct4P9JuTLEbI/p+rOYUnFu5dI+XkXa4ZGtuwIl0
x/t5cSLFGN+MDz++BGa8Z/amhYUVddRh22bKmYdfZNvGyHHfecuv1whtjgLr2Nzd
jsttivyXQsXfLSY/y8TzUChHshCsh/PmtkEwkPap4bY1oB/cJwAzMT/kcdH3ERLg
qZuYrRX6T43kZrXSVuZTAR7rUwnzmilaIq1urfooFJyC+Eu35gGPX4CtrS5C8NDl
N//xS6iABOdsuhDoDCBmTyXaDqxCbmd2LTOh+c/q42o38ss+H3BEbd9xY6rJFDSs
Y2j6Jcc21lKUoDd3K+1/zb72eM19TbXejfXyt8gxRXoh+HpTaSHws/JjJMc7XBvx
+uD98MaNofZkDFN1HaJztNDkwl3V6GkPBfmsOAWoTn3hhI/H4/2XsC5uN1aUbcc9
o4ryKNPd903siDsAgFqXiPZbUGUaKwtwdnPEV1akOeCSM/InKYDZLh8Bq9c/1Lmf
weiCW3Zv/XXn+l/4/WFVPfGkCAjw42IS24CNF/KbJjjqcXIVgXITlxvyV0n8+fXB
FoniX3f432pH6g94VJKHc/fuKAUi9uabJUNzEfumFLjZ49KIGl02aCCSBZM0AQzd
4RUXgvN3vdg0M4e1MeAtUYZgkOBXLz5e1uzvTceZL13zEx2A/Tg=
=qf2P
-----END PGP SIGNATURE-----
--- End Message ---