Bug#1014389: marked as done (mapcache: CVE-2022-30045 incorrect memory handling leading to a heap out-of-bounds read)

Tue, 11 Mar 2025 00:03:18 -0700 

Your message dated Tue, 11 Mar 2025 08:01:21 +0100
with message-id <[email protected]>
and subject line mapcache issues
has caused the Debian Bug report #1014389,
regarding mapcache: CVE-2022-30045 incorrect memory handling leading to a heap 
out-of-bounds read
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1014389: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014389
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: mapcache
Version: 1.12.1-1
Severity: important
Tags: security
X-Debbugs-Cc: [email protected], Debian Security Team 
<[email protected]>

Hi,

The following vulnerability was published for mapcache.

CVE-2022-30045[0]:
| An issue was discovered in libezxml.a in ezXML 0.8.6. The function
| ezxml_decode() performs incorrect memory handling while parsing
| crafted XML files, leading to a heap out-of-bounds read.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-30045
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30045

Please adjust the affected versions in the BTS as needed.


-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.17.0-2-amd64 (SMP w/6 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

--- End Message ---
--- Begin Message --- 
tags 989363 wontfix
tags 1014389 wontfix
thanks

These are not issues that will be fixed by the package maintainer.

Kind Regards,

Bas

--
 GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146  50D1 6750 F10A E88D 4AF1

--- End Message ---

Reply via email to