Your message dated Fri, 21 Jun 2024 19:19:15 +0000
with message-id <[email protected]>
and subject line Bug#1071748: fixed in bpftrace 0.21.0-1
has caused the Debian Bug report #1071748,
regarding bpftrace: CVE-2024-2313
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1071748: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071748
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: bpftrace
X-Debbugs-CC: [email protected]
Severity: important
Tags: security

Hi,

The following vulnerability was published for bpftrace.

CVE-2024-2313[0]:
| If kernel headers need to be extracted, bpftrace will attempt to
| load them from a temporary directory. An unprivileged attacker could
| use this to force bcc to load compromised linux headers. Linux
| distributions which provide kernel headers by default are not
| affected by default.

https://github.com/bpftrace/bpftrace/commit/4be4b7191acb8218240e6b7178c30fa8c9b59998


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-2313
    https://www.cve.org/CVERecord?id=CVE-2024-2313

Please adjust the affected versions in the BTS as needed.

--- End Message ---
--- Begin Message ---
Source: bpftrace
Source-Version: 0.21.0-1
Done: Vincent Bernat <[email protected]>

We believe that the bug you reported is fixed in the latest version of
bpftrace, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Vincent Bernat <[email protected]> (supplier of updated bpftrace package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 21 Jun 2024 20:47:59 +0200
Source: bpftrace
Architecture: source
Version: 0.21.0-1
Distribution: unstable
Urgency: medium
Maintainer: Vincent Bernat <[email protected]>
Changed-By: Vincent Bernat <[email protected]>
Closes: 1071748
Changes:
 bpftrace (0.21.0-1) unstable; urgency=medium
 .
   * New upstream release.
     Fix CVE-2024-2313. Closes: #1071748.
Checksums-Sha1:
 0f376cae38ff7cc2c2b1ac9e2c58c745bf7f9910 2066 bpftrace_0.21.0-1.dsc
 a32d2787a60de073132c02acbaa5d9a0be64245e 1293723 bpftrace_0.21.0.orig.tar.gz
 f5a716ead845c69575164190b3a64a9a7f0761cd 4472 bpftrace_0.21.0-1.debian.tar.xz
 876360535d06f89c6c8b14b0d57d2a9f9fe32223 10363 
bpftrace_0.21.0-1_amd64.buildinfo
Checksums-Sha256:
 4a425ba640368edf8febba30616253c06c89dabf567e4f62ffea4889a0767365 2066 
bpftrace_0.21.0-1.dsc
 8bbca667633fd7b64077cd59b493b94bfab19af582a824091582299aaca76b04 1293723 
bpftrace_0.21.0.orig.tar.gz
 61c02fe9376457abc60d6d2a5b089d7cc77520a3416c3d89221096cab0ea1eb6 4472 
bpftrace_0.21.0-1.debian.tar.xz
 852007aaa0a80c27b6d6829904de4b1b6b19ac8c5b73d5df54b0469a37d906fd 10363 
bpftrace_0.21.0-1_amd64.buildinfo
Files:
 f74bb35d87c88aad334f2678a2a6fd32 2066 utils optional bpftrace_0.21.0-1.dsc
 262ca75c123dad281da11c1b257b6a6f 1293723 utils optional 
bpftrace_0.21.0.orig.tar.gz
 854ebad719f7ccad4a2af0684e12b087 4472 utils optional 
bpftrace_0.21.0-1.debian.tar.xz
 a7a86ac2dd910a8e96b2b35174bbae82 10363 utils optional 
bpftrace_0.21.0-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCAAwFiEErvI0h2bzccaJpzYAlaQv6DU1JfkFAmZ1zPYSHGJlcm5hdEBk
ZWJpYW4ub3JnAAoJEJWkL+g1NSX5MpsP/0ejgahslILSKsR8fMPIE7qoxQFCxG1q
yy6HUan74hX3y88mdxiNkemBsAuWLqQ3/wzaBGNjs+CgATABIiryYBMhbKim8mOa
V88HTSpdFdVqz3KfQI03COx/Zt3gzzmXcyuNMMpMzDaI2MMxv1W0h7zscG2fRupA
KnU9F15JBJIJ4xjb07gubswjejpapTLEtUeXUA+62V4oT5S4OGXvyvkmkBEmNCiP
I0lML4Vl+8rW/mWHuqCzbfnUP1rnU+pWr2iRFifRfoyDxbqAt88dNt8mM1s4t9su
aBBU1XP+SI83oQQjJv/qi8d2YuMg3j08dVgWZJAbJq1pZjXOFu1I9NMNXfrxuGVz
/guVnmwljlpwHkn4RNBwBF7XeCkBqd+wrRIKIhdpWtLkM7KIbubgL5Oa3FYAzY9g
qUf/WHFZOusGjpMbLB9IwOhK1DDx89VyDvdcR+dmDpnM6i6tfP0/2r5qyh4iQEfW
O9/AWs28UsfILbljAm8XYyubWc5x8syx5V4PTh/TNrWv2D3iiGnxpu7nNcks/csR
LVuV5wu0OrBvddXdQUNNgfddHGwjjkJY4xMmsO4BNxr0oRvQer6SMlArD0v0sTJ7
7M5SLuQ+3gx/wz49gqbEYIDJsLnjW9Or+LDM0Ay4+tu2CnM7sQIB2Dtgj/j5z4sX
Rm3QkRG1y8UQ
=RF+2
-----END PGP SIGNATURE-----

Attachment: pgpb_VJNIaUWJ.pgp
Description: PGP signature


--- End Message ---

Reply via email to