Your message dated Fri, 29 Dec 2023 12:17:47 +0000
with message-id <[email protected]>
and subject line Bug#1056719: fixed in minizip 1.1-8+deb11u1
has caused the Debian Bug report #1056719,
regarding minizip: CVE-2023-45853
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1056719: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056719
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: minizip
X-Debbugs-CC: [email protected], [email protected]
Severity: important
Tags: security
Version: 1.1-8
Hi,
The following vulnerability was published for minizip.
CVE-2023-45853[0]:
| MiniZip in zlib through 1.3 has an integer overflow and resultant
| heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long
| filename, comment, or extra field. NOTE: MiniZip is not a supported
| part of the zlib product.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-45853
https://www.cve.org/CVERecord?id=CVE-2023-45853
Please adjust the affected versions in the BTS as needed.
Cheers,
--
Samuel Henrique <samueloph>
--- End Message ---
--- Begin Message ---
Source: minizip
Source-Version: 1.1-8+deb11u1
Done: Thorsten Alteholz <[email protected]>
We believe that the bug you reported is fixed in the latest version of
minizip, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thorsten Alteholz <[email protected]> (supplier of updated minizip package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 25 Nov 2023 13:03:02 +0100
Source: minizip
Architecture: source
Version: 1.1-8+deb11u1
Distribution: bullseye
Urgency: high
Maintainer: Michael Gilbert <[email protected]>
Changed-By: Thorsten Alteholz <[email protected]>
Closes: 1056719
Changes:
minizip (1.1-8+deb11u1) bullseye; urgency=high
.
* Non-maintainer upload by the LTS Team.
* CVE-2023-45853 (Closes: #1056719)
Reject overflows of zip header fields in minizip.
Checksums-Sha1:
0ed5159395c8e5a51e826995b4cdd4db6e6c24e7 2029 minizip_1.1-8+deb11u1.dsc
22037612d49e9ddd70848eca9ad4ff5752c86897 36204 minizip_1.1.orig.tar.xz
2e85eef53e5126d750f34a743c1a30b15e7219a6 5856
minizip_1.1-8+deb11u1.debian.tar.xz
30355fb6b4709fc8c23bbfb309f44a172e4f5025 7395
minizip_1.1-8+deb11u1_amd64.buildinfo
Checksums-Sha256:
7c7e253589daba7da1da821fc2aaba82afb37d4a98a6f04d99d90d8b02d11962 2029
minizip_1.1-8+deb11u1.dsc
7d8da446d3b6799e7851f077a66551a46b80fc3de708549e79dbd3e49e842ba1 36204
minizip_1.1.orig.tar.xz
69346e4bde10363f63316da679e0f50a873a78a1de248c7005899509fd598ccc 5856
minizip_1.1-8+deb11u1.debian.tar.xz
3636faf669e09ede01293c40d8903d4bfbc74bf61a4f08a34a2002348ef103b3 7395
minizip_1.1-8+deb11u1_amd64.buildinfo
Files:
1023d291bc07075cb9fea52cf804c841 2029 libs optional minizip_1.1-8+deb11u1.dsc
e1f720f8ce48ba142becd3acf8d33a00 36204 libs optional minizip_1.1.orig.tar.xz
8e93970eea2040b28b575854d5216cb7 5856 libs optional
minizip_1.1-8+deb11u1.debian.tar.xz
a83d06ce344749749471c58b34eb0115 7395 libs optional
minizip_1.1-8+deb11u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmWMsUtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYRxuED/9b/ozx2c4HDcIW+lh4pMGIi1xrp8Yg
Ag8AxSb8Ig5PgSkygUKZdTaaXJtaH0/TZhHkelEVQW0M1Imga9hx4oHWnEsbA7SU
sePkkndvIt/T+4z+oVnfVSMcvIiTtgRrdY7QMXK7B8Q96drwW1i4hQSyeUOGYjsY
hirq3JmGACAolWamTGVeAAOtoM9lCWoFYcOu/NQZ062oodw4mfk8qLHwwm2CtF2U
0kyTHabgP0CgjxA15rhMBCHUSLh+oAOgj8L+T7jSbyOu8EVnsbb0H+k8ikVeFhhD
YF8/xeD1NlSoNhsZE9b4eXUOeYai6vew8ZMJHA+1krb5LHnCUaK5t9y89T6pcC24
BDKvqM4XQ8WHk1RwxLbbsEA0VRD57Hj97FcG44+tG97TQ6Pe17PkpU5wHpS8dAq+
rZGb4e7JkXF5djjkFupxov61Xq/BiyxSX5UnIs4uNoiehWuiq1hcN4GzX9BQPwDa
yn3ybFacyexpkU2akREBW+7iJn4ggKhhE5Q1UQwTbT14OboDkNPZyEWvtnaILVON
f6VuI6ABekSyGZIObutlPnpUO1b/GuC4sentC0uY/FHsDSOKcc5vE80woFofiCjr
beiumJN/tWu3LQfJd2wOS4Mzs5wCKrjb30pjtdAUA8iGH83FgRqRwxXBfDtRq1a5
cefFayK83mrsFw==
=MN07
-----END PGP SIGNATURE-----
--- End Message ---
