Your message dated Fri, 12 Jul 2024 01:51:01 +0000
with message-id <[email protected]>
and subject line Bug#1070376: fixed in uriparser 0.9.8+dfsg-1
has caused the Debian Bug report #1070376,
regarding uriparser: CVE-2024-34402 CVE-2024-34403
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1070376: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070376
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: uriparser
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for uriparser.
CVE-2024-34402[0]:
| An issue was discovered in uriparser through 0.9.7.
| ComposeQueryEngine in UriQuery.c has an integer overflow via long
| keys or values, with a resultant buffer overflow.
https://github.com/uriparser/uriparser/pull/185
https://github.com/uriparser/uriparser/issues/183
CVE-2024-34403[1]:
| An issue was discovered in uriparser through 0.9.7.
| ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a
| long string.
https://github.com/uriparser/uriparser/issues/183
https://github.com/uriparser/uriparser/pull/186
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-34402
https://www.cve.org/CVERecord?id=CVE-2024-34402
[1] https://security-tracker.debian.org/tracker/CVE-2024-34403
https://www.cve.org/CVERecord?id=CVE-2024-34403
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: uriparser
Source-Version: 0.9.8+dfsg-1
Done: Jörg Frings-Fürst <[email protected]>
We believe that the bug you reported is fixed in the latest version of
uriparser, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jörg Frings-Fürst <[email protected]> (supplier of updated uriparser package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 11 Jul 2024 16:49:54 +0200
Source: uriparser
Architecture: source
Version: 0.9.8+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Jörg Frings-Fürst <[email protected]>
Changed-By: Jörg Frings-Fürst <[email protected]>
Closes: 1070376
Changes:
uriparser (0.9.8+dfsg-1) unstable; urgency=medium
.
* New upstream release:
- Fixes CVE-2024-34402, CVE-2024-34403 (Closes: #1070376).
* debian/changelog:
- Add year 2024 to myself.
* debian/control:
- Change to new repository URL.
* Declare compliance with Debian Policy 4.7.0 (No changes needed).
Checksums-Sha1:
d56a4881cc14844a30e6c3c0e732bfda3e775038 2114 uriparser_0.9.8+dfsg-1.dsc
9486b873cafdee9dd655ce9d6b50fcc9e1b98dcc 91600 uriparser_0.9.8+dfsg.orig.tar.xz
1c404d239520c3a80d8bbd6d72984b433bca4349 7584
uriparser_0.9.8+dfsg-1.debian.tar.xz
0c38c097d619c78a06fafd5f9314779046d779fd 12758
uriparser_0.9.8+dfsg-1_source.buildinfo
Checksums-Sha256:
c413c7e6512ec8f6d9c423215d25c2b46308bdb4460fb05d63b3330a8f49ce1f 2114
uriparser_0.9.8+dfsg-1.dsc
cccb1fc1184b0f79fe164131dc73634997ecaf225186691bda3af84dee7809be 91600
uriparser_0.9.8+dfsg.orig.tar.xz
943671f65da7fce3e8716e6c59ea5a8d85f7a1cee6203fc55e31dd1bf63e075d 7584
uriparser_0.9.8+dfsg-1.debian.tar.xz
212f2ba45133855c017e0b9169f5d8caf3c1e8d53b33e05a8dba94ac7aa71492 12758
uriparser_0.9.8+dfsg-1_source.buildinfo
Files:
f9b5f879215b33068af180e0039f2bd2 2114 libs optional uriparser_0.9.8+dfsg-1.dsc
99afa43ec21936a78fac3b6d0fad4914 91600 libs optional
uriparser_0.9.8+dfsg.orig.tar.xz
f5664b8a97b1c0bd3906873860ec2f8e 7584 libs optional
uriparser_0.9.8+dfsg-1.debian.tar.xz
e9693a081cc0284daa438ab50ab1377b 12758 libs optional
uriparser_0.9.8+dfsg-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJEBAEBCgAuFiEE/qLi99g13V/he2oYtIOKvyeCVXsFAmaQh+0QHHlvZ3VAZGVi
aWFuLm9yZwAKCRC0g4q/J4JVe7aSD/9rGdi+MDdPKAIaiC9Qv7T/SsJZ0gMMb4Zw
nJeTxZbBa69/02EpquXX7so49HyDCld3JtbW0DvMsAcr+Y69EQH4dyFuHY02i2a1
fY1lM/zVJIv3h7JPbxPDHOEflEeYWSDT2ZN5CHyIWe/L1aqRWKuMP7oSrkXaWwEU
tWGWGx18+SOChPWr2/li4E6KC9XYlAOJJi8P3TzSG54nMK9QgPLEBAdjlLn2DmkL
3bdL+etb3i/4yAkOE5pPa+7VP3adRb7vBPE8RBaKP75GJ/EpfKOVLoOXH3ExaxV9
yGM5bw5/lmQYFbsGUC821UyuEGmZev+zWOKiiUJ3mf0N+zQ7idGronwdih5B3QVA
qbS4p5v7RZEocmrUiCNt7pOWQGYd/h6kl/LxL3SfnYDUfD0aD+TaZaEe4Hla4vI0
MTcj75Agze9kwimZXJt+2sv456nPLT4Gegbeii8Of4+BAmMuQ4O6l3dH63h1xmPN
7S8Fk+GuJbHIZST/UrU6p7FDsbOFnIZQkOX6WHf5TZ7kaYtlhRohEXxTc/zyAP5O
BCcKq1aF0+0uYAieFYABntrkBUypMN4fIbvEdbwLEVe6FxG6L8rWS1hGiqR9kAWo
ZE1QHRFkKvXdydq43I68ViUwM9TPMQz42YYhNk4ggbJ4eDo+kxVAT0VloicxgHGB
xLnWBonWEg==
=Govp
-----END PGP SIGNATURE-----
pgp4rScHhuyku.pgp
Description: PGP signature
--- End Message ---
