Your message dated Wed, 04 Mar 2026 20:35:54 +0000
with message-id <[email protected]>
and subject line Bug#1101714: fixed in augeas 1.14.1-1.1
has caused the Debian Bug report #1101714,
regarding augeas: CVE-2025-2588
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1101714: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101714
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: augeas
Version: 1.14.1-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/hercules-team/augeas/issues/852
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for augeas.
CVE-2025-2588[0]:
| A vulnerability has been found in Hercules Augeas 1.14.1 and
| classified as problematic. This vulnerability affects the function
| re_case_expand of the file src/fa.c. The manipulation of the
| argument re leads to null pointer dereference. Attacking locally is
| a requirement. The exploit has been disclosed to the public and may
| be used.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-2588
https://www.cve.org/CVERecord?id=CVE-2025-2588
[1] https://github.com/hercules-team/augeas/issues/852
[2]
https://github.com/hercules-team/augeas/commit/af2aa88ab37fc48167d8c5e43b1770a4ba2ff403
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: augeas
Source-Version: 1.14.1-1.1
Done: Adrian Bunk <[email protected]>
We believe that the bug you reported is fixed in the latest version of
augeas, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Adrian Bunk <[email protected]> (supplier of updated augeas package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 04 Mar 2026 19:08:37 +0200
Source: augeas
Architecture: source
Version: 1.14.1-1.1
Distribution: unstable
Urgency: medium
Maintainer: Hilko Bengen <[email protected]>
Changed-By: Adrian Bunk <[email protected]>
Closes: 1101714
Changes:
augeas (1.14.1-1.1) unstable; urgency=medium
.
* Non-maintainer upload.
* CVE-2025-2588: NULL Pointer Dereference in re_case_expand()
(Closes: #1101714)
Checksums-Sha1:
990932e7a07377e23dce3fbc038c7d6fcd626c30 2147 augeas_1.14.1-1.1.dsc
0f7b857daceee17df79a5eaa699b99d6abbc32ec 11316 augeas_1.14.1-1.1.debian.tar.xz
Checksums-Sha256:
bff92f2060c067fb5d105fccbf4d70cb7a6da0a882d3a5404711e13a0f19afc4 2147
augeas_1.14.1-1.1.dsc
65e505406bafbfc0eaf9aba2a1429407d2ed6604b6d9bbaeb24306aedea62fb7 11316
augeas_1.14.1-1.1.debian.tar.xz
Files:
1a0e6148762dc7647e7be5d846ae0542 2147 libs optional augeas_1.14.1-1.1.dsc
35e94347ca1d0b64476bb1228c44bc79 11316 libs optional
augeas_1.14.1-1.1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmmoaPwACgkQiNJCh6LY
mLGLrxAAlFrEjWS5we6r1MZUIeihIyqpdEsbsz1Aqh3SnEncg33ZossEi+SGIJHk
PLKMPaYu2nDSbiQpDmuENPucdRwuJLKXrgxuXsi0+u/XJd/ohXCZK4A0jIsY5emL
5Ybrv6IERk1STrv8tTsIt4y2V+y2TdxLQWGbD1r63bnK7ByKSoavcESX9XxyQVUS
S3R0YdXmg7Jc81+jQFiAw7c4qZ39cSNR8yal2gYBiHYoZBEUSZUz4LpmXoDhtu0E
Q7OHlNbdl1Fl5UIydT6pJm5a09RfhaW3A4UTa7ddqCU6F+b5xx4zDMVWXOqCNjl9
3KafoTMWonIlH0P4LDN3HIP7DCHD5WE2fibX3Yo9tODHxPGy2KcG9oXElDqyWw5p
3NfBdV5241n8RQqRuCl8l2YXR26ng6wrhwtfpL4jRoy8HqX5/SROghFLq6fQFNAM
5xXqOiQS3RuZBgAQFA1LmyveScxfM4rz6JG7TFmM5vXMrhHMKVmuFVF2N+PF5NZT
RnLbltZQv9atJScHYcqVAzE27EsDMEzFlUAoALXW5gGsld3k5RMkucett8vl2cQv
WiXPUqR40OJzCVKsoLvb8H1nI3PKDDr5GnUNq/A2YwFNA3zUjAU2q5qWilSMR9p2
c2fjOEpFo+txSb+x/ly0K1BSurXqr/U2ORxcIeE2ueNkdWAOm2w=
=kble
-----END PGP SIGNATURE-----
pgpMaWy7Yl3v_.pgp
Description: PGP signature
--- End Message ---
