Your message dated Wed, 08 Nov 2023 08:49:25 +0000
with message-id <[email protected]>
and subject line Bug#1031796: fixed in glusterfs 11.1-1
has caused the Debian Bug report #1031796,
regarding glusterfs: CVE-2022-48340
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1031796: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031796
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: glusterfs
Version: 10.3-4
Severity: important
Tags: security upstream
Forwarded: https://github.com/gluster/glusterfs/issues/3732
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for glusterfs.
CVE-2022-48340[0]:
| In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-
| common.c dht_setxattr_mds_cbk use-after-free.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-48340
https://www.cve.org/CVERecord?id=CVE-2022-48340
[1] https://github.com/gluster/glusterfs/issues/3732
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: glusterfs
Source-Version: 11.1-1
Done: Patrick Matthäi <[email protected]>
We believe that the bug you reported is fixed in the latest version of
glusterfs, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Patrick Matthäi <[email protected]> (supplier of updated glusterfs package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 08 Nov 2023 09:20:59 +0100
Source: glusterfs
Architecture: source
Version: 11.1-1
Distribution: unstable
Urgency: high
Maintainer: Patrick Matthäi <[email protected]>
Changed-By: Patrick Matthäi <[email protected]>
Closes: 1031796
Changes:
glusterfs (11.1-1) unstable; urgency=high
.
* New upstream release.
- Remove merged patch 09-fix-startup-crash.
- Fixes use-after-free bug, also described in CVE-2022-48340.
Closes: #1031796
Checksums-Sha1:
477fa7e3466fd1455a0408b421ff12c189f38384 3424 glusterfs_11.1-1.dsc
1f70019c36a7a852b941888b548d21ec17f2a7d6 8365581 glusterfs_11.1.orig.tar.gz
cc340093c0d548c8f81d2a5d92fd849207e4f0ba 23880 glusterfs_11.1-1.debian.tar.xz
49780b5ccfc89eb840dcfec8a26b774b74462c6a 7187 glusterfs_11.1-1_source.buildinfo
Checksums-Sha256:
ef8eb904d510e07bafc4ae8747a54d4db545aa58782a79fd8ddd586bd818f797 3424
glusterfs_11.1-1.dsc
6a31b8450d02cd12f47f4571c031e9d6b8705279a0e8970ae9a05e1c87dffb76 8365581
glusterfs_11.1.orig.tar.gz
13e5f0a2e1ba36e549ee64b9b8c8658714c83199c6405a209d5a73e75436e461 23880
glusterfs_11.1-1.debian.tar.xz
8309bd5bfd53ec0a780280cf0bb5b3c2894f19d6ab927f8a287747967bda1bc8 7187
glusterfs_11.1-1_source.buildinfo
Files:
6ac63c55cbe454e1abf780fd5bf51dec 3424 admin optional glusterfs_11.1-1.dsc
7e290a50026752f435f694651687e0f2 8365581 admin optional
glusterfs_11.1.orig.tar.gz
8e01910c8b30bcdfd328b34916a33c38 23880 admin optional
glusterfs_11.1-1.debian.tar.xz
3f51c5433c7f41cd82ddec0de109377a 7187 admin optional
glusterfs_11.1-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEWKA9xYJCWk3IuQ4TEtmwSpDL2OQFAmVLSI0ACgkQEtmwSpDL
2ORzjBAAkj5BB2dFgv8ZzNVhci+Q2Yb6nTl+BgsK4VkaMSQe30Jns7LTHEyrFGBo
A803ZXixVK9JdsPv5JM4vgnHE8l6S3KYwAUp+9uw5SyP1acC/+65KDxVqYZIgZdF
s2LTCBqiEfZRqogMWDAV4J0Vi4reMPEPTaJwhq5WxXr0hQfzD9Lua3JRjRNE15rm
aHifeMLwyy/r3NnlJk1axFvhhVAYiWON8jpyLVAY795jWAkp66MDplYPjc7O2GND
MxSn3mPXPBvCbreKknaM6WQzsNN0vVp2fbgglRlLGnqslkpvJi2czh2mKGFZW0/g
GcGm0pX3IX/2JEWGDNn+BAItRI6tGaesahien7K+grj04iIv9oBW+1gzU522NDR6
8ltjE3cqxW4qQ/8TK7TN8d7LIEuut0xurTXSsFaz2xyXt4pATik2rjSVtIcveZl7
abjMAGyUBgraTV7Wbp2owK6REla/Ss+po7WX1thuJsuBkgB0saG3Z3FoLtTy9U1r
fG0Tt/lr1dhbySzfF6SV6/fq8WIX24uXwL9A5Vuf7EjyJ+gjgtav3QtpaDcstX1a
b1GvJZKMiAcO7KvtNXy7mUYzbQixn2kDEgCogC7A8cvkI2W22fAQJuqmwbLBgtl4
GC+53qVUXqf8/Uo0boY8csJ0qpywnR2NuPjRtoE3zXsHJZ+aVxw=
=8BQH
-----END PGP SIGNATURE-----
--- End Message ---
