Bug#1014490: marked as done (radare2: CVE-2021-44975 CVE-2021-44974 CVE-2021-4021)

Debian Bug Tracking System Thu, 25 Apr 2024 07:54:19 -0700

Your message dated Thu, 25 Apr 2024 14:52:15 +0000
with message-id <[email protected]>
and subject line Bug#1014490: fixed in radare2 5.9.0+dfsg-1
has caused the Debian Bug report #1014490,
regarding radare2: CVE-2021-44975 CVE-2021-44974 CVE-2021-4021
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1014490: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014490
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Source: radare2
X-Debbugs-CC: [email protected]
Severity: important
Tags: security

Hi,

The following vulnerabilities were published for radare2.

CVE-2021-44975[0]:
| radareorg radare2 5.5.2 is vulnerable to Buffer Overflow via
| /libr/core/anal_objc.c mach-o parser.

https://census-labs.com/news/2022/05/24/multiple-vulnerabilities-in-radare2/
Fixed in 5.6.0

CVE-2021-44974[1]:
| radareorg radare2 version 5.5.2 is vulnerable to NULL Pointer
| Dereference via libr/bin/p/bin_symbols.c binary symbol parser.

https://census-labs.com/news/2022/05/24/multiple-vulnerabilities-in-radare2/
Fixed in 5.5.4

CVE-2021-4021[2]:
| A vulnerability was found in Radare2 in versions prior to 5.6.2,
| 5.6.0, 5.5.4 and 5.5.2. Mapping a huge section filled with zeros of an
| ELF64 binary for MIPS architecture can lead to uncontrolled resource
| consumption and DoS.

https://github.com/radareorg/radare2/issues/19436
https://github.com/radareorg/radare2/commit/3fed0e322d9374891a3412811e5270dc535cea02

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-44975
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44975
[1] https://security-tracker.debian.org/tracker/CVE-2021-44974
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44974
[2] https://security-tracker.debian.org/tracker/CVE-2021-4021
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4021

Please adjust the affected versions in the BTS as needed.

--- End Message ---

--- Begin Message ---

Source: radare2
Source-Version: 5.9.0+dfsg-1
Done: Alex Myczko <[email protected]>

We believe that the bug you reported is fixed in the latest version of
radare2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alex Myczko <[email protected]> (supplier of updated radare2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 25 Apr 2024 15:46:50 +0200
Source: radare2
Architecture: source
Version: 5.9.0+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Security Tools <[email protected]>
Changed-By: Alex Myczko <[email protected]>
Closes: 950372 1014478 1014490 1016979 1027144 1029037 1032667 1034180 1034862 
1051898 1054908 1055854 1056930 1060127
Changes:
 radare2 (5.9.0+dfsg-1) unstable; urgency=medium
 .
   * New upstream version. (Closes: #1034862, #1060127, #950372)
     (Closes: #1056930) (CVE-2023-47016)
     (Closes: #1032667) (CVE-2023-27114)
     (Closes: #1055854) (CVE-2023-5686)
     (Closes: #1054908) (CVE-2023-46570) (CVE-2023-46569)
     (Closes: #1051898) (CVE-2023-4322)
     (Closes: #1034180) (CVE-2023-1605)
     (Closes: #1029037) (CVE-2023-0302)
     (Closes: #1027144) (CVE-2022-4398)
     (Closes: #1016979) (CVE-2022-34502) (CVE-2022-34520)
     (Closes: #1014490) (CVE-2021-44975) (CVE-2021-44974) (CVE-2021-4021)
     (Closes: #1014478) (CVE-2022-1714 CVE-2022-1809 CVE-2022-1899 CVE-2022-0849
                         CVE-2022-1052 CVE-2022-1061 CVE-2022-1207 CVE-2022-1237
                         CVE-2022-1238 CVE-2022-1240 CVE-2022-1244 CVE-2022-0476
                         CVE-2022-0518 CVE-2022-0519 CVE-2022-0521 CVE-2022-0523
                         CVE-2022-0559 CVE-2022-0676 CVE-2022-0695 CVE-2022-0712
                         CVE-2022-0713 CVE-2022-0139 CVE-2022-0173 CVE-2022-0419
                         CVE-2022-1031 CVE-2022-1283 CVE-2022-1284 CVE-2022-1296
                         CVE-2022-1297 CVE-2022-1382 CVE-2022-1444 CVE-2022-1437
                         CVE-2022-1451 CVE-2022-1452 CVE-2022-1649 
CVE-2022-1383)
Checksums-Sha1:
 6aaf46d1cd2d740cc4129753d4bee1f84b50c740 2424 radare2_5.9.0+dfsg-1.dsc
 fd7a9ff7105bd15f313182c8c02496f9f47ac78e 7248984 radare2_5.9.0+dfsg.orig.tar.xz
 6b9d0e7d6d3e892bc8f9924abc2f89c681cd75a3 17232 
radare2_5.9.0+dfsg-1.debian.tar.xz
 4f936e002d5b6662f8f3699bc5f9f87444f76bc5 8546 
radare2_5.9.0+dfsg-1_source.buildinfo
Checksums-Sha256:
 d54adc2144a010999089f5c309adb46c8a64a9a8a35571975f7fd840e9066c47 2424 
radare2_5.9.0+dfsg-1.dsc
 02932c7eabc63878b4ab6375e7e6603ef84dcb9c6352c351919021d3d2c89765 7248984 
radare2_5.9.0+dfsg.orig.tar.xz
 cb2ac3cc22c084bec7c2ba24e9474f71ccd1861e62d4c82224deb3ed98c06b6f 17232 
radare2_5.9.0+dfsg-1.debian.tar.xz
 327a2bec8c87c421c892a5967d85e2ccd3c7c428347d8d638b2197b73124ee24 8546 
radare2_5.9.0+dfsg-1_source.buildinfo
Files:
 ac7b3678ec07629d7005825fe0f2eab8 2424 devel optional radare2_5.9.0+dfsg-1.dsc
 c67ae12ae0b3a6497aababa89862d8ae 7248984 devel optional 
radare2_5.9.0+dfsg.orig.tar.xz
 5f5218a3ce37466455be75e9b4b1d00a 17232 devel optional 
radare2_5.9.0+dfsg-1.debian.tar.xz
 1666f9e10e4e76ea65f27c812677bb57 8546 devel optional 
radare2_5.9.0+dfsg-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEtgob82PcExn/Co6JEWhSvN91FcAFAmYqYygACgkQEWhSvN91
FcD8KxAAjBu59z1TyLPQI4YhzT48O8bUPZ0Va9l+TrFaQZ0Cdwr1Es6QOxtM8BL+
B6c0DyRX/3oqpjdtgkGUm+/vrrgHXXQNWbb/ue56a3R1hrnadJdTqM7DmyaBrlTX
aNAWcIWEodHMysUU+d4JFnwCj/YmsCDFpakqVkT+YZB23I0agOB/Tr0yySI6vPSK
OUdGKKzS5aB6+tRd9MnbSS0dFeHpvovBY4jkxXG8BJO6Cqv4jjP1SapcXGTqfl9Y
QJDfpFT9xkCVN1DyOCmXN7jMATPRr0xbeiM5Pf/1VRnic/s6feE78MGs14HGISlT
RSCEbwTHuREI58SYSv4YtBuJRrEMcFylaZT5la3eX/dp4uc6KggcPhw0csVPxLwi
YxQZU7mxqb84G2+CFM2jBDCrq7yffivAVt+DZ8CVKFhJ7o3hRhVDKNT2lT9cwPDt
lqL4C0Ije1wq8ldYTe7YL3c8BWwh4pxzOgppTMWRN1KdF6gDwdz/JTjYeIUywhSe
lzCGuIGOvw4NFavC/2rDr3hYkuKMHTIRwFswI7vyJlg29n5eMlKZX+plEP+G5aNN
a1rDrZyD+aNV1eqjFinRPrqI1eSekBizzT3mBSow8I4jv6A36GxLk/flmcbuvozH
3E9aCxmjork1cAwr9vzfxQY9cnk3Y99gAo+3GsVIbtfE7Me8fMI=
=ZgBH
-----END PGP SIGNATURE-----

pgprbtB3KA0Cg.pgp
Description: PGP signature

--- End Message ---

Bug#1014490: marked as done (radare2: CVE-2021-44975 CVE-2021-44974 CVE-2021-4021)

Reply via email to