Your message dated Sat, 08 Jul 2023 11:38:01 +0000
with message-id <[email protected]>
and subject line Bug#1040594: fixed in libcoap3 4.3.1-2
has caused the Debian Bug report #1040594,
regarding libcoap3: CVE-2023-30362
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1040594: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040594
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libcoap3
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerability was published for libcoap3.
CVE-2023-30362[0]:
| Buffer Overflow vulnerability in coap_send function in libcoap
| library 4.3.1-103-g52cfd56 fixed in 4.3.1-120-ge242200 allows
| attackers to obtain sensitive information via malformed pdu.
https://github.com/obgm/libcoap/issues/1063
https://github.com/obgm/libcoap/commit/e242200f0af2a418dc9f69eee543feacc13cd851
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-30362
https://www.cve.org/CVERecord?id=CVE-2023-30362
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: libcoap3
Source-Version: 4.3.1-2
Done: Carsten Schoenert <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libcoap3, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Carsten Schoenert <[email protected]> (supplier of updated libcoap3
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 08 Jul 2023 13:07:15 +0200
Source: libcoap3
Architecture: source
Version: 4.3.1-2
Distribution: unstable
Urgency: medium
Maintainer: Debian IoT Maintainers
<[email protected]>
Changed-By: Carsten Schoenert <[email protected]>
Closes: 1040594
Changes:
libcoap3 (4.3.1-2) unstable; urgency=medium
.
* [ff7e712] Rebuild patch queue from patch-queue branch
Added patch:
CVE-2023-30362-Fix-buffer-overflow-in-coap_send_internal.patch
(Closes: #1040594)
* [2d091bc] d/control: Update Standards-Version to 4.6.2
No further changes needed.
Checksums-Sha1:
6a10d43a439a119867c9cce66687bbb938bf81cb 2191 libcoap3_4.3.1-2.dsc
027cc1ba19a6586f766d31a0360e3a7ebf72f1f5 9280 libcoap3_4.3.1-2.debian.tar.xz
0874caf83c62418e23867c273bcc9edfd7c2a451 10521 libcoap3_4.3.1-2_amd64.buildinfo
Checksums-Sha256:
21ec3e8dec0701dcff3c7e2cb47d514bc2b9652af667e68d8b9cc4158aade0d4 2191
libcoap3_4.3.1-2.dsc
c470a8c886acae74bba18bf48620fec2f7e954b09a1c0f922ac01edf70bfbb74 9280
libcoap3_4.3.1-2.debian.tar.xz
f6f7b4973404ee5fa3fc1f3800f208c97eb8059297f9b0d3706db9be8fae103a 10521
libcoap3_4.3.1-2_amd64.buildinfo
Files:
6a174953b36866e411ec982c081da3b4 2191 libs optional libcoap3_4.3.1-2.dsc
1d2f37e93260f14b9c525570fa92e49d 9280 libs optional
libcoap3_4.3.1-2.debian.tar.xz
acf9266ecdd67e764740de1a96d01c0a 10521 libs optional
libcoap3_4.3.1-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtw38bxNP7PwBHmKqgwFgFCUdHbAFAmSpRioACgkQgwFgFCUd
HbAkYw//aJ981O+o3I9Uu4c2CO/4ziTSWdYFmIXLKymvbKQa36plkcDI5TrWw77C
JZ+JEfHEuY2Ysc7ygrMtkJhkk6wiclwbvCb1h+DSUWVrV23jcWvLaNKCHq7eMdcK
wR7s6a9wHGkpSAvbZ4cVv9rdKrL0UaInZWvRvs1jihUA6XwWYMI564WQMxZrtcVP
G+GypOJIuPBMGIcGJLPpxdPgi94KcB68aJamY4V8OKX3y/owgx6Ke1s8W7tW7ayY
AH91/9+OxzQchos/VYM3bchqj3tUcWNLHzl8oarFOpWnZrsM2PGrLR5VN+N1BeYI
t3Wb+lrdlTovPLGOq6Q85Ux87qai2vgLWvrjrbsctNFakXiY/MrcaIt+FeW3/aJq
2554wjV2wwyMMUJuLGPwixsyGYmwkthF+eLVhGkQFELZi3ySpliGc0GRuukMYXwZ
OyLYOy9XrkM5dEOweLEwJvYD0BwhKwHEwiFQanuNoo1nOX72lNg0SQNnzgVlOk2D
0C7KB791FKjC3De9JRuQqK1iYgW4MRAqU0AWDG2mHKFrkrNo+oKEa25iF2lBlRFc
zN98ato+OyNsBEgfGG/bagbY/5cCxn+vMOvWIbhLp9MrtW0PxvFH3NwJt/UPoaaU
fG4zvBxOmd9+29L4uPyxYLM2F0FcqfsWfLF771k1230z4GDXdmE=
=j2WS
-----END PGP SIGNATURE-----
--- End Message ---
