Your message dated Sun, 03 Dec 2023 12:32:12 +0000
with message-id <[email protected]>
and subject line Bug#1056719: fixed in minizip 1.1-8+deb12u1
has caused the Debian Bug report #1056719,
regarding minizip: CVE-2023-45853
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1056719: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056719
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: minizip
X-Debbugs-CC: [email protected], [email protected]
Severity: important
Tags: security
Version: 1.1-8
Hi,
The following vulnerability was published for minizip.
CVE-2023-45853[0]:
| MiniZip in zlib through 1.3 has an integer overflow and resultant
| heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long
| filename, comment, or extra field. NOTE: MiniZip is not a supported
| part of the zlib product.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-45853
https://www.cve.org/CVERecord?id=CVE-2023-45853
Please adjust the affected versions in the BTS as needed.
Cheers,
--
Samuel Henrique <samueloph>
--- End Message ---
--- Begin Message ---
Source: minizip
Source-Version: 1.1-8+deb12u1
Done: Thorsten Alteholz <[email protected]>
We believe that the bug you reported is fixed in the latest version of
minizip, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thorsten Alteholz <[email protected]> (supplier of updated minizip package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 25 Nov 2023 13:03:02 +0100
Source: minizip
Architecture: source
Version: 1.1-8+deb12u1
Distribution: bookworm
Urgency: high
Maintainer: Michael Gilbert <[email protected]>
Changed-By: Thorsten Alteholz <[email protected]>
Closes: 1056719
Changes:
minizip (1.1-8+deb12u1) bookworm; urgency=high
.
* Non-maintainer upload by the LTS Team.
* CVE-2023-45853 (Closes: #1056719)
Reject overflows of zip header fields in minizip.
Checksums-Sha1:
9ea14ec81dfacf2f3b1e2d6fc1466e128a83bd1c 2029 minizip_1.1-8+deb12u1.dsc
22037612d49e9ddd70848eca9ad4ff5752c86897 36204 minizip_1.1.orig.tar.xz
a51618c9b34386599ee3e000a64df9e8b78b2df2 5868
minizip_1.1-8+deb12u1.debian.tar.xz
fe25be93d4f036f750158797b983e413286a2f5a 7395
minizip_1.1-8+deb12u1_amd64.buildinfo
Checksums-Sha256:
1a518d106083cac24385382a34e0452b5a659919206a147a6f66d85d60adf135 2029
minizip_1.1-8+deb12u1.dsc
7d8da446d3b6799e7851f077a66551a46b80fc3de708549e79dbd3e49e842ba1 36204
minizip_1.1.orig.tar.xz
1a6f0cec9d51b9485d7a2f6c6fcf8240ab716854fe4640790838451f9f4b90fa 5868
minizip_1.1-8+deb12u1.debian.tar.xz
eeabbe66845a490b56afa0249d1e06b73c95778a107b22289aca27f64601cb97 7395
minizip_1.1-8+deb12u1_amd64.buildinfo
Files:
2b87af7bc4bd71040918170b1f0e66b9 2029 libs optional minizip_1.1-8+deb12u1.dsc
e1f720f8ce48ba142becd3acf8d33a00 36204 libs optional minizip_1.1.orig.tar.xz
8be9f00b19e2e7be57678c46fd71ff85 5868 libs optional
minizip_1.1-8+deb12u1.debian.tar.xz
528080728a814d72554e1925ae002556 7395 libs optional
minizip_1.1-8+deb12u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmVrtlpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR6WwD/9ws2AH+wY3OhIjIZr58753vqCqupDV
NoMB/5npwyTg8CpS8ONOD/SYUpyqJuBfT9lfF4YRgXbyZDpck+tnnrPxutLnJue3
k/UWrhA056A2KbfEYS3hT/G06P+MQ2Jqu/zU7VPe31+8FLgiP85D8CPAqPi0uaq2
AwyfKRAvJlzKKRV5zAGoCJiWCqw0x3RqZWW7QL6gh2BF7MxRJ3eYG7MlCes+RmQ4
fkxIcYd0F+SOjztoIGb5tF7ymkotAgCqRG+CHFXszrJATKjpAzWmwMQoaiDfIpna
pX4qf3N7JynhAJ+juJwXRQma8ftD9ZUsFaj1CqcJFEg5LyyzF4l16Ep8+aiMAhIY
mBYhv4S59ohGEEGQj5qkufzxvkU7fIwksrVsuEZqzOd+d89V9+Zi2chI4iepNB5q
ALPWZidYaMA+yM+3kab39XkFZyRgC1STgT1ckj+KbI6MpwS4Z9PAFOcUITLX7AJZ
5BETyl6m9wDBHo+oCPvBMS7il8VpLdqQLdHGK0L+pEVJX8w9pUYHQ6t8o4bpCGZ+
tXKcaDxHHPHqc67aT0mll7q2F+nAmFmy1lBjvljNMifADuUhJLWZM4WuUF3eYIfb
VZWTw3tgIiPG89nmHYNN1CU7hOM1UOqViRKVQslH/n2SqF2BK7e2IKpy/Zgj3LVy
a4GqB3TQMFjtkA==
=Y2gD
-----END PGP SIGNATURE-----
--- End Message ---
