Your message dated Sat, 19 Oct 2024 20:35:40 +0000
with message-id <[email protected]>
and subject line Bug#1080219: fixed in xfpt 0.11-1+deb12u1
has caused the Debian Bug report #1080219,
regarding xfpt: CVE-2024-43700
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1080219: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1080219
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: xfpt
Version: 1.00-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for xfpt.
CVE-2024-43700[0]:
| xfpt versions prior to 1.01 fails to handle appropriately some
| parameters inside the input data, resulting in a stack-based buffer
| overflow vulnerability. When a user of the affected product is
| tricked to process a specially crafted file, arbitrary code may be
| executed on the user's environment.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-43700
https://www.cve.org/CVERecord?id=CVE-2024-43700
[1]
https://github.com/PhilipHazel/xfpt/commit/a690304bbd3fd19e9dfdad50dcc87ad829f744e4
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: xfpt
Source-Version: 0.11-1+deb12u1
Done: Andreas Metzler <[email protected]>
We believe that the bug you reported is fixed in the latest version of
xfpt, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Metzler <[email protected]> (supplier of updated xfpt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 19 Oct 2024 13:32:57 +0200
Source: xfpt
Architecture: source
Version: 0.11-1+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Andreas Metzler <[email protected]>
Changed-By: Andreas Metzler <[email protected]>
Closes: 1080219
Changes:
xfpt (0.11-1+deb12u1) bookworm; urgency=medium
.
* Cherry-pick 30-Diagnose-error-if-macro-expansion-makes-a-line-too-l.patch
from upstream GIT master to fix buffer overflow CVE-2024-43700.
Closes: #1080219
Checksums-Sha1:
dde9b0ef2122d68a9f67cd2bdf032c54c27ece18 1664 xfpt_0.11-1+deb12u1.dsc
b291d81b6132a41edce2a61bfd1a5fb84e90ef2b 6000 xfpt_0.11-1+deb12u1.debian.tar.xz
Checksums-Sha256:
5853503efd9db55ce1cc8779ef632e3187034781d1d327098141e99ad94867a4 1664
xfpt_0.11-1+deb12u1.dsc
ec1cb83450fa19ce633da53387fda40d5e0f3422387d5ed0836d29c4d7ca68a8 6000
xfpt_0.11-1+deb12u1.debian.tar.xz
Files:
57e7690467148635434fa672cee2ebb2 1664 text optional xfpt_0.11-1+deb12u1.dsc
46e6dfed800e771625e769e7a03805e5 6000 text optional
xfpt_0.11-1+deb12u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAmcToHkACgkQpU8BhUOC
FIT1Ew/+IvdMZRb+Q5unVvWOZbL956ywrQnApS8IqAZbKDhMJJlmdUm8Uh2J5cIy
0Wfmso4ilpBwI3pwQVVh5qJ72peE04dPwbi5eUYKb3JaZy493/jgm1A9f3MDuOIt
8kvdbIFLjh6GAgT3eTVYdUucEpV4NNwjTkxQswNMMKHtSZzHrh7CZyEfRSxH3glJ
m41aJbWSsgfS5iygbNV9gupz6Ts5nummLBJarLBo+H+effnswOF/2751cMegSxJP
IWubOQFiU3a8rj2vPNFMmp+yTQsopmSvNtAg07wYpy/sxiKEBuxLVhJcs3OEEEbh
xJgJJHXtrSv7XFnL1D3ncjN09sdayomPQDGG7Ea/2XTvjtpQguFUbY6q7n3mpPq5
FQk7rV6RYP4frU3cFaFpLKunBIMKnZn0inaNa+osX7kmH2t4jb372lAWgxuz9bWE
tFj7sImav7aIk6ZJoUJDPMp7u4P5aQ0EQF0F81+brhnYUEP/go9JTcMz/+ehtQ0u
/NC8HWaFACR3G1J08NKc34A/WxvrSUY/EB3jg+bOxtrWow03fYZCfE1LTyXLblr1
xSV/trflNq9pMRrXDfY4NMrHOkrejqZ4PN+LpBojBIZAocoL5yxahkIGhyLppyzU
8F6UUJWjVGAImSuTZf8rRfzhCODC76A+wluht+0UibZKJU9Wzes=
=B1Fz
-----END PGP SIGNATURE-----
pgpsHcxhqtkED.pgp
Description: PGP signature
--- End Message ---
