Bug#1101014: marked as done (open62541: CVE-2024-53429)

Tue, 25 Mar 2025 08:03:18 -0700 

Your message dated Tue, 25 Mar 2025 15:59:06 +0100
with message-id <[email protected]>
and subject line Re: Bug#1101014: open62541: CVE-2024-53429
has caused the Debian Bug report #1101014,
regarding open62541: CVE-2024-53429
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1101014: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101014
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: open62541
Version: 1.4.6-1
Severity: grave
Tags: security upstream
Forwarded: https://github.com/open62541/open62541/issues/6825
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerability was published for open62541.

CVE-2024-53429[0]:
| Open62541 v1.4.6 is has an assertion failure in fuzz_binary_decode,
| which leads to a crash.

I'm filling this at RC level, it's technically not really RC, but
open62541 is fresh aiming for trixie, and it would be ideal to start
without a CVE.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-53429
    https://www.cve.org/CVERecord?id=CVE-2024-53429
[1] https://github.com/open62541/open62541/issues/6825
[2] 
https://github.com/open62541/open62541/commit/b9473527623125b5ca264dae4551f8cc414b3bc3

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: open62541
Source-Version: 1.4.11.1-1

Hi Julius,

On Tue, Mar 25, 2025 at 12:18:30PM +0100, Julius Pfrommer wrote:
> Salvatore,
> 
> This is now resolved.
> The package has been updated to the latest upstream.
> The changelog mentions this issue specifically as fixed.

Thank you! Let's close the bug as well with the metadata.

Regards,
Salvatore

--- End Message ---

Reply via email to