Your message dated Wed, 24 Dec 2025 01:19:21 +0000
with message-id <[email protected]>
and subject line Bug#1074235: fixed in cvc5 1.3.2-1
has caused the Debian Bug report #1074235,
regarding cvc5: CVE-2024-37794 CVE-2024-37795
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1074235: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074235
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: cvc5
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for cvc5.
CVE-2024-37794[0]:
| Improper input validation in CVC5 Solver v1.1.3 allows attackers to
| cause a Denial of Service (DoS) via a crafted SMT2 input file.
CVE-2024-37795[1]:
| A segmentation fault in CVC5 Solver v1.1.3 allows attackers to cause
| a Denial of Service (DoS) via a crafted SMT-LIB input file
| containing the `set-logic` command with specific formatting errors.
https://github.com/cvc5/cvc5/issues/10813
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-37794
https://www.cve.org/CVERecord?id=CVE-2024-37794
[1] https://security-tracker.debian.org/tracker/CVE-2024-37795
https://www.cve.org/CVERecord?id=CVE-2024-37795
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: cvc5
Source-Version: 1.3.2-1
Done: Scott Talbert <[email protected]>
We believe that the bug you reported is fixed in the latest version of
cvc5, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Scott Talbert <[email protected]> (supplier of updated cvc5 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 23 Dec 2025 19:41:53 -0500
Source: cvc5
Architecture: source
Version: 1.3.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Science Maintainers
<[email protected]>
Changed-By: Scott Talbert <[email protected]>
Closes: 1074235
Changes:
cvc5 (1.3.2-1) unstable; urgency=medium
.
[ Gábor Németh ]
* Update to new upstream release 1.3.2 (Closes: #1074235 #1122401)
* Bump CaDiCaL dependency to 2.1 as per upstream
* Adapt patches to changed upstream build of Python bindings,
remove applied
* Use newer API calls in autopkgtest
* Generate a man page
* Fix typos found by lintian
Checksums-Sha1:
68def395b82230f41ea8cc9f37b46bb6a74aed98 2468 cvc5_1.3.2-1.dsc
f1db0a050c9cbb6f69de0d900c9c14e7fecca0b9 9250970 cvc5_1.3.2.orig.tar.gz
de1ee3403b5ab06197bfe4690734c610bb529fde 8532 cvc5_1.3.2-1.debian.tar.xz
0b42bb76a314821bc60f2b4545ccf4afb7910ab4 11713 cvc5_1.3.2-1_amd64.buildinfo
Checksums-Sha256:
69afb320a25f1c4dee5c4459161bca999b6cbf38a24ad51df681a5b3737413c4 2468
cvc5_1.3.2-1.dsc
85a9cc4e1f80efcdb235e89c9f361c74b1089023ceb43f38c2d5e73a4e2db47e 9250970
cvc5_1.3.2.orig.tar.gz
ee2b9fd74ca40fd3c16d4ab019b4c07a5ef125b62b3e40ff7a2ceb42d91d5195 8532
cvc5_1.3.2-1.debian.tar.xz
7d476c2544e708466172ae80767b1c2a12e6ed683ccbbd0e8616260451d43123 11713
cvc5_1.3.2-1_amd64.buildinfo
Files:
b8a9aab4c59ffb5cea04768960c58986 2468 math optional cvc5_1.3.2-1.dsc
8dd6d26279a3708de662279cd0efeeb7 9250970 math optional cvc5_1.3.2.orig.tar.gz
5623a158479115de06ad2d2a6494cd3c 8532 math optional cvc5_1.3.2-1.debian.tar.xz
bad120d090398efda25f89a0939cb776 11713 math optional
cvc5_1.3.2-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJDBAEBCgAtFiEEbnQ09Yl9Q7F/zVe3U9W8ZLUjeKIFAmlLO6wPHHN3dEB0ZWNo
aWUubmV0AAoJEFPVvGS1I3iikxsP/0h6KsZuw4cb8HzoLvhUf377e5yrVkJx2CpM
Vu40TvnOxAJTMr7Yd238JLtf8cmDrMHCpkDwFd/pjHNCOkVkcW9ILT1noVozDaDh
F6wSxYcn98Zs3kF1ZFIqqkSU5uxGaAG2RCVuD6DZhXXTqA70Psq93GfqAtl5mrV0
ZRJYXhi7J+B1zN0rtBOSyVr691ZFJ7k+TWjZUIsM5aHvc9VbdXz45sJRe6MIFWaL
xim+eYu2vv/36OJ5bFb5YrnAJm2zOcVItsJnjOyyy73kXP/dblsGK+kHY9cgPuXv
cY9f9AwFfLh/k87zsoMt5tIgBSVH+5c1R1ZIS8esfAxY5hs1MerCx6D4MJyWFVPF
XbhopWuP8xLy2/UgV6q6dZCenuc5Z++RPtLW/nC5yPg5cdyuiF1I2IkrSC6vBHTR
MW4qU1iqPx+ixtLCfemTvR2mz6ACaiUzGvDu4f2y+7SSN0KTAi/wb/i/G2+j8CCL
IMd3NoKKEC1DX/W6vMpI5WwC6UinfWEaSFEKKAhmJRqwW4TpESWqWNZv8NZpLWgZ
y51B54e0c6HIioK3Z4RdjCTDPfaiu8DYfMcbDZzcbcUR+6HPpnAPqDcLuYnPFqps
eChLhjRDkZ0mUR/i9/Pw03WNODY+nhNvkLBOaKxa3TadA8oQipUnVnXkAgRn/h6f
BV/7DRSN
=k1NH
-----END PGP SIGNATURE-----
pgp8jhdL5sYf5.pgp
Description: PGP signature
--- End Message ---
