Your message dated Wed, 06 May 2026 18:33:16 +0000
with message-id <[email protected]>
and subject line Bug#1101714: fixed in augeas 1.14.0-1+deb12u1
has caused the Debian Bug report #1101714,
regarding augeas: CVE-2025-2588
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1101714: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101714
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: augeas
Version: 1.14.1-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/hercules-team/augeas/issues/852
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for augeas.
CVE-2025-2588[0]:
| A vulnerability has been found in Hercules Augeas 1.14.1 and
| classified as problematic. This vulnerability affects the function
| re_case_expand of the file src/fa.c. The manipulation of the
| argument re leads to null pointer dereference. Attacking locally is
| a requirement. The exploit has been disclosed to the public and may
| be used.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-2588
https://www.cve.org/CVERecord?id=CVE-2025-2588
[1] https://github.com/hercules-team/augeas/issues/852
[2]
https://github.com/hercules-team/augeas/commit/af2aa88ab37fc48167d8c5e43b1770a4ba2ff403
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: augeas
Source-Version: 1.14.0-1+deb12u1
Done: Adrian Bunk <[email protected]>
We believe that the bug you reported is fixed in the latest version of
augeas, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Adrian Bunk <[email protected]> (supplier of updated augeas package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 06 May 2026 11:42:36 +0300
Source: augeas
Architecture: source
Version: 1.14.0-1+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Hilko Bengen <[email protected]>
Changed-By: Adrian Bunk <[email protected]>
Closes: 1101714
Changes:
augeas (1.14.0-1+deb12u1) bookworm; urgency=medium
.
* Non-maintainer upload.
* CVE-2025-2588: NULL Pointer Dereference in re_case_expand()
(Closes: #1101714)
Checksums-Sha1:
4f0468709d601cf5d8fbdd38611dfecdee08c38d 2171 augeas_1.14.0-1+deb12u1.dsc
ccaea8b3b7ccd37efd49bba86ea383d6c95f06e3 11312
augeas_1.14.0-1+deb12u1.debian.tar.xz
Checksums-Sha256:
c97c57381f6a6775f0460b5d0e6a5ac8f23ca77cd8ef63a0a68fd67b8d3b57b1 2171
augeas_1.14.0-1+deb12u1.dsc
33716f0286a6bfc5cd3bc131ecdd715ccf4fb11ff473db7502ce3020011a3643 11312
augeas_1.14.0-1+deb12u1.debian.tar.xz
Files:
042c43fb09ab6c66b777653a71b0cc1c 2171 libs optional augeas_1.14.0-1+deb12u1.dsc
c43b6239d79f78dda8ee7445003ffafb 11312 libs optional
augeas_1.14.0-1+deb12u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmn7A1YACgkQiNJCh6LY
mLGzmA//T8OXlgRUTBVEyuYUfY+HlbcKjjnI9oU5zqMVbZp8zwlVBZndJ83Swc2I
QaIjh/nCjzh2GLGc6QP5ZYwZMIKPO1HTFgi1cFdoe3Vmlt3nd7hNynlT90Pev/MF
89+6LM9cXXeCfMtP6BKXg9qIBwRX+FFmOSh+ZUVgnn9HVfGoqM5CpZ+jdCC+8za6
/hTlKQgAbftSnGinxwLWTU9RS6wN/EYwI7sOhonQYKdaTfRmQKE6V3W7nL+KTMw6
6+GBQOiU5nyPt09leaTip2Olop0AgwvzO/OLEctAcnnaGByXnpDF5NMTL//sXigv
GQcD7rvNBf0ISk1VBSBcEkEWEYUpIRRnUiUMo0HERHHsZqCsp2Lj18ivzmAS2AhB
HRdp9y3b+Eff1duypEzLteo0jqhMWdnjowPGa5DyvYcPocpSxQr53p97lm+ty+Ek
cr/738teQvlIvA4ext5Q9nGM7qDm3FgHFsBEGmRoXi5KUvtC+b6wBgyl+zvKe5je
P1lMSmailvPt880Exijuz5GLnWoQvC1UrFVFVGuJJfVLuFu/5J03f4iNM7LfIzw+
SA2BHTFxZO2eNYqJHxxnKPqqoYJmT6C3wE4ShnM5vPI5WXfQqvs2L6rW6jiD61iN
Lw4oBKoyjEdfqF4kozU8lIaR+HO1VmXAqfsklHLQKPt9bV2NenU=
=DeJH
-----END PGP SIGNATURE-----
pgp6XrjqP3sCE.pgp
Description: PGP signature
--- End Message ---
