Your message dated Thu, 21 Mar 2024 14:40:35 +0000
with message-id <[email protected]>
and subject line Bug#1060692: fixed in libuev 2.4.1-1
has caused the Debian Bug report #1060692,
regarding libuev: CVE-2022-48620
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1060692: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060692
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libuev
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerability was published for libuev.
CVE-2022-48620[0]:
| uev (aka libuev) before 2.4.1 has a buffer overflow in epoll_wait if
| maxevents is a large number.
https://github.com/troglobit/libuev/issues/27
https://github.com/troglobit/libuev/commit/2d9f1c9ce655cc38511aeeb6e95ac30914f7aec9
(v2.4.1)
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-48620
https://www.cve.org/CVERecord?id=CVE-2022-48620
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: libuev
Source-Version: 2.4.1-1
Done: Yangfl <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libuev, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yangfl <[email protected]> (supplier of updated libuev package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 21 Mar 2024 13:23:56 +0800
Source: libuev
Architecture: source
Version: 2.4.1-1
Distribution: unstable
Urgency: medium
Maintainer: Yangfl <[email protected]>
Changed-By: Yangfl <[email protected]>
Closes: 1060692
Changes:
libuev (2.4.1-1) unstable; urgency=medium
.
* New upstream release
* Fix CVE-2022-48620 (Closes: #1060692)
* Bump Standards-Version to 4.6.2
Checksums-Sha1:
6544bd9ca93499a459917fd289f1bdfb51b5703c 1964 libuev_2.4.1-1.dsc
62c5e6370e1e88692ffa8033439f77c239f44b61 285528 libuev_2.4.1.orig.tar.xz
fca6378918be61911855ed52fdba90c3fb17ad65 3804 libuev_2.4.1-1.debian.tar.xz
159274ca91faa9a2616367a71f7e5e0e575b0ba4 6427 libuev_2.4.1-1_amd64.buildinfo
Checksums-Sha256:
f35ea77e7baa10c2b029dc6bc84e32d262c1836d2b307bb17962483ed8b5d008 1964
libuev_2.4.1-1.dsc
1d171c572ca48ddd6763f76c54e77d021d4ca7beb007610f7c1fec903511977b 285528
libuev_2.4.1.orig.tar.xz
4aa6992f5eff65961a7b159ad5f638073c25e1790c8d3f63d24498130167bed7 3804
libuev_2.4.1-1.debian.tar.xz
62c34aaf2906c0c8ea60045e5e7d6cf22b0506f437c20b665a3fa6f55bff0fe2 6427
libuev_2.4.1-1_amd64.buildinfo
Files:
e37dfce2915a349e6490e5547051ed62 1964 libs optional libuev_2.4.1-1.dsc
a5f6bdb0c244451d63ec180627cdfd19 285528 libs optional libuev_2.4.1.orig.tar.xz
7fc0cafef887583a4d53a443700dd90c 3804 libs optional
libuev_2.4.1-1.debian.tar.xz
d67439265b4799d0d33cbb04547f20dc 6427 libs optional
libuev_2.4.1-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfncpR22H1vEdkazLwpPntGGCWs4FAmX8QmIACgkQwpPntGGC
Ws6d8A//SKYLQqYWM2lzuYq5ppLjwgSa35cdCzzIxrMaK3b/vGoQ8rSAr0U6BY1e
ozFvhtEsaR2AF6ef2Vsb1iL10/JaCNHGsMbKRSUX3ZdFrIPJSdlFXx7O3jY+vr9z
T8ZKoKQ7sNMKHthGGvy4JAYG6+eC/hLLIFxm66H3wXQiZxA8nnl41Im9bC2nrvZ/
IBJHetsMNZFP0850UvRGO1bU/lNUzKvUZSEqUPN/a36icwsRFXeifZI+MtapgcSg
mHB5H5unvD8paNhpsdLpuFYzry0nGC9fn+kfKNbDVmC0A62VcwC6U0M7JUORIg8T
vhW2yYs9cFN9szLP+iXj22YpJNz8lKudTEcFRLcB2yOvbwV/n2ABKC2qt8nR4X6N
h2M04G0QdQhoG+8aOZHETqOugW0B3BcS0ZzJ73hKk4nlX2fDy4ZTfz3VMgUpV/50
w96XObSMo3cqeJX372d9nwVAJpHYA39riA84O1w6HvNHjIlFpAjGM2BSHcZFJyPm
D4I1aXazZRXDfuIZ3HC+b4m/NYgch1m1er1/Wb0VwRVkMhvmi8PzeU5P8kBahbnw
pRCQTvoOYPUVWUI19IN6L7YHxaNlCdKPV5S6bcDfTg0oSvVQ414L6ZvZt2EtifJ0
UHyAKpsDZyb3rKXA1TcxQhNNUyibcE72W/hayiXqqG+3e1AyAFg=
=hws4
-----END PGP SIGNATURE-----
pgpLwuRQlWr33.pgp
Description: PGP signature
--- End Message ---
