Your message dated Fri, 12 Jul 2024 08:34:20 +0000
with message-id <[email protected]>
and subject line Bug#1070370: fixed in dmitry 1.3a-5
has caused the Debian Bug report #1070370,
regarding dmitry: CVE-2017-7938 CVE-2020-14931 CVE-2024-31837
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1070370: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070370
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: dmitry
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for dmitry.
CVE-2017-7938[0]:
| Stack-based buffer overflow in DMitry (Deepmagic Information
| Gathering Tool) version 1.3a (Unix) allows attackers to cause a
| denial of service (application crash) or possibly have unspecified
| other impact via a long argument. An example threat model is
| automated execution of DMitry with hostname strings found in local
| log files.
https://packetstormsecurity.com/files/142210/Dmitry-1.3a-Local-Stack-Buffer-Overflow.html
https://github.com/jaygreig86/dmitry/pull/12
CVE-2020-14931[1]:
| A stack-based buffer overflow in DMitry (Deepmagic Information
| Gathering Tool) 1.3a might allow remote WHOIS servers to execute
| arbitrary code via a long line in a response that is mishandled by
| nic_format_buff.
https://github.com/jaygreig86/dmitry/issues/4
https://github.com/jaygreig86/dmitry/pull/6
Fixed by:
https://github.com/jaygreig86/dmitry/commit/da1fda491145719ae15dd36dd37a69bdbba0b192
CVE-2024-31837[2]:
| DMitry (Deepmagic Information Gathering Tool) 1.3a has a format-
| string vulnerability, with a threat model similar to CVE-2017-7938.
https://github.com/jaygreig86/dmitry/pull/12
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-7938
https://www.cve.org/CVERecord?id=CVE-2017-7938
[1] https://security-tracker.debian.org/tracker/CVE-2020-14931
https://www.cve.org/CVERecord?id=CVE-2020-14931
[2] https://security-tracker.debian.org/tracker/CVE-2024-31837
https://www.cve.org/CVERecord?id=CVE-2024-31837
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: dmitry
Source-Version: 1.3a-5
Done: Petter Reinholdtsen <[email protected]>
We believe that the bug you reported is fixed in the latest version of
dmitry, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Petter Reinholdtsen <[email protected]> (supplier of updated dmitry package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 12 Jul 2024 09:40:24 +0200
Source: dmitry
Architecture: source
Version: 1.3a-5
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group <[email protected]>
Changed-By: Petter Reinholdtsen <[email protected]>
Closes: 746769 1070370
Changes:
dmitry (1.3a-5) unstable; urgency=medium
.
* QA upload.
.
[ g0t mi1k ]
* Fix ARM64 support.
.
[ Arnaud Rebillout ]
* Fix CVE-2020-14931: Buffer overflow in nic_format_buff.
* Fix format string.
* Fix CVE-2017-7938 and CVE-2024-31837.
* Closes: #1070370
.
[ Petter Reinholdtsen ]
* Added file-open-return-type.patch to ensure consistent prototypes for
file_open() (Closes: #746769).
Checksums-Sha1:
97581c3a619232e82b5f82cbce9d30a80238a2fd 1837 dmitry_1.3a-5.dsc
c9d56cffdf37b0089b729987b476ad3977603a4e 7312 dmitry_1.3a-5.debian.tar.xz
b01d72f4265f94bee40710b74816318978d8d421 6362 dmitry_1.3a-5_source.buildinfo
Checksums-Sha256:
13dff1f0c8763e87e0d620fc86bfaccbed3425ca782af162b817603d80f8dec5 1837
dmitry_1.3a-5.dsc
f6e7d14e17c375107054b0b099f085b01ebca6366b4461b897b1ce2f88873067 7312
dmitry_1.3a-5.debian.tar.xz
3a4e17a077f024eb4eafff1419e165abe8e283854d43f9a97792fe1f5f704da8 6362
dmitry_1.3a-5_source.buildinfo
Files:
3e90dfab098f8a2713165e6985199980 1837 net optional dmitry_1.3a-5.dsc
3666033ca1d766101cd4b62ab77424c2 7312 net optional dmitry_1.3a-5.debian.tar.xz
7f7cc358fe7692cdba8a326086ca08f8 6362 net optional
dmitry_1.3a-5_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEERqLf4owIeylOb9kkgSgKoIe6+w4FAmaQ4PoACgkQgSgKoIe6
+w5yjhAAgJ/BPPlq1CGSBGdJVbVFDtN1czywk278QxvRDnDA6aUQcbRLhAKrIz1G
vt847+N3CJADz8ucriVbGh6uiVKD1+vBNMcEVrffxZnLAAOnt/BEw2+LcXgw96O4
C2nxwpTmTJALZXEo6mParXou6WKQUM5vgAsW5Brhd51WNkXZB8A1WIlY5+ajLJpt
gBEQfggKlXkkEjGa6K82yE7RFPRt8+fuae1UDcPjyjNr4XEIG0ZSYWW5oDJUSpoJ
MbXdXoYXAFMNatNqfnbWOzAW2c+8/vw+wx4e0Yv3Zhe3YuC76xc0UMUSJQfsBHz3
cH2RqsQJm4A0kUkng4RvWN/CMtPeQOvW+fMSracC37Y5uQGWujknwl2h3jHzJH7d
g5c7PWewJ70o0tPVBubOPk988etKqV+VrwBK8DZUMI8O+VJTagUTPgf4um60nUum
Kazl811piKP9h5KR+A1TnOKyQMepWf4vnYRBzSCPUNSaKDZX9q1pqTzmdGYt8HjZ
Qgh66d3s1dvXx8fu5zcAhzSkIuFLtcdtsO5Ze9uRTPKrmW8RpKaV+4u8vuyTRolq
BstI2hbWsWssr54djNFGR+2cY4GFD+OtBnOr+gYV9M4mLNZeVhms6JYRroOkJTM/
ToKzSbs4HUrgGwdgADtZv+VT6ZIfJrWPkqpnJbs2MDC4t1CLXYg=
=OpsD
-----END PGP SIGNATURE-----
pgprJdOdEVfWJ.pgp
Description: PGP signature
--- End Message ---
