Your message dated Thu, 29 Jan 2026 23:02:32 +0000
with message-id <[email protected]>
and subject line Bug#1014391: fixed in scilab 2024.1.0+dfsg1-1
has caused the Debian Bug report #1014391,
regarding scilab: CVE-2022-30045 incorrect memory handling in ezml support
leading to a heap out-of-bounds read
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1014391: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014391
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: scilab
Version: 6.1.1+dfsg2-3
Severity: important
Tags: security
X-Debbugs-Cc: [email protected], Debian Security Team
<[email protected]>
Hi,
The following vulnerability was published for scilab.
CVE-2022-30045[0]:
| An issue was discovered in libezxml.a in ezXML 0.8.6. The function
| ezxml_decode() performs incorrect memory handling while parsing
| crafted XML files, leading to a heap out-of-bounds read.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-30045
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30045
Please adjust the affected versions in the BTS as needed.
-- System Information:
Debian Release: bookworm/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.17.0-2-amd64 (SMP w/6 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Source: scilab
Source-Version: 2024.1.0+dfsg1-1
Done: Pierre Gruet <[email protected]>
We believe that the bug you reported is fixed in the latest version of
scilab, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Pierre Gruet <[email protected]> (supplier of updated scilab package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 29 Jan 2026 21:02:56 +0100
Source: scilab
Architecture: source
Version: 2024.1.0+dfsg1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Science Maintainers
<[email protected]>
Changed-By: Pierre Gruet <[email protected]>
Closes: 989364 1014391 1106083
Changes:
scilab (2024.1.0+dfsg1-1) unstable; urgency=medium
.
* New upstream version 2024.1.0+dfsg1:
This is the same version than 2024.1.0+dfsg, without the embedded copies
of ezxml, removed for security reasons. This fixes the following CVE:
CVE-2022-30045 CVE-2021-31598 CVE-2021-31348 CVE-2021-31347 CVE-2021-31229
CVE-2021-30485 CVE-2021-26222 CVE-2021-26221 CVE-2021-26220 CVE-2019-20202
CVE-2019-20201 CVE-2019-20200 CVE-2019-20199 CVE-2019-20198 CVE-2019-20007
CVE-2019-20006 CVE-2019-20005
(Closes: #989364, #1014391)
* Removing code that invokes ezxml
* Using the UTF-8 suffix when calling scilab to build the documentation
(Closes: #1106083)
* Raising Standards version to 4.7.3:
- Removing Priority: optional, which is default
- Removing R-R-R: no, which is now default
* Rewriting d/watch with version 5
.
[ Alexandre Detiste ]
* Fix team name in d/control
Checksums-Sha1:
8b01dd6305f2961bf3dde92d625e5e000ac63af3 3599 scilab_2024.1.0+dfsg1-1.dsc
e6ac9b9a8a54c5ab9df37ddc6ac43997cd4e4509 63016732
scilab_2024.1.0+dfsg1.orig.tar.xz
e3e1deac0954d0d46080b5f5b6dc8e453f60b134 98672
scilab_2024.1.0+dfsg1-1.debian.tar.xz
8aabcccb226f9876bab27cb71e03e4a732921ff5 27220
scilab_2024.1.0+dfsg1-1_amd64.buildinfo
Checksums-Sha256:
44e5ccd9b300ff1217e894cd6817b1cc682d3c78a35f2d4a6898afbd70abada8 3599
scilab_2024.1.0+dfsg1-1.dsc
3cd4a2b554ca7f08012ff021b4d38a53742b3fb6f5ebda58e83b2375a9e16aea 63016732
scilab_2024.1.0+dfsg1.orig.tar.xz
b14b0e55ba068fa90ce93b9cd9e55e12572662dd65a6a3cfb1aa3e7f59789f32 98672
scilab_2024.1.0+dfsg1-1.debian.tar.xz
e0532562df1a422711b88df6a3386c3c80249645344f0552226a598783a432d2 27220
scilab_2024.1.0+dfsg1-1_amd64.buildinfo
Files:
f1643bd630a213e707a5fd5c05b45809 3599 math optional scilab_2024.1.0+dfsg1-1.dsc
8f3310e864dd7636bb437d7b8e1f27b8 63016732 math optional
scilab_2024.1.0+dfsg1.orig.tar.xz
c290fd986c3f8f52e8b5beb857bc5dfa 98672 math optional
scilab_2024.1.0+dfsg1-1.debian.tar.xz
8cd281876bb1fe39e807f8401f84c45b 27220 math optional
scilab_2024.1.0+dfsg1-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEM8soQxPpC9J9y0UjYAMWptwndHYFAml72yAACgkQYAMWptwn
dHbGyA/9E3QeAHOumG6voGa90d68Z4GvrlJzdubMTAm57rWJ26v4hMAY3FCfEA7Q
52459xwnbvDBLm6/iiUiPZwuX+GfQmKlQuOZ2To4SB1SuuvkG7xTu8Mb+MSZt6ir
fz/S8qo+KIwDqeuUzI0nplbODuPPN0LJ/cbE7Qzu0ZXLSZacUbVK3ZWUxpr2wM0Z
jroaiq29v0LOSCdJ8R2grWZ9sWRLfcyheQIaUlF8U+9vpRvsq2jGmbBm18KdxKql
pBXSzD3lE6btrs8eE+WqmJp8EW9uIBeiKLxTJbyIKaaImsWeUsSkezv3mJgN8Zw/
wVmZYLuKObjhg5Wmr6S5H9a2ISTZAsPrjT9RNSc4/VcB8WWT0978isWoG+Vnj2uE
ULFtpGIjJpQ4jRX6El+01vniVhGvEGoZNtuprHizfNgZigtUCyFC5XRuxy5GwI77
TI+Wa9GeDqtLFCrFWaq10luTm0ZSKu6s1j6mk9jZgALdPgM8lsbtz7MvVB8JIjkF
pXXdMp9jWzL6VDnK3Lp2fbxb+rkcOxokXPLmGjSfSWr0xBp/pd44e+NxilCE4mas
+HZ2owJvpd48fJeetu/jpTPy6WqWamJkvpef11BRgIE0HjTQUdarKuezkFfTS2GN
1iuhnTFURZxxVHuG3571YTo8vM0jeOJzL1TUA/F9n9T2vQqtmD4=
=gVqy
-----END PGP SIGNATURE-----
pgpHqiXL95_wS.pgp
Description: PGP signature
--- End Message ---
