Your message dated Wed, 14 Dec 2016 21:04:13 +0000
with message-id <[email protected]>
and subject line Bug#842169: fixed in tre 0.8.0-4+deb8u1
has caused the Debian Bug report #842169,
regarding tre: CVE-2016-8859
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
842169: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842169
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: tre
Version: 0.8.0-3
Severity: grave
Tags: security upstream
Forwarded: https://github.com/laurikari/tre/issues/45
Hi,
the following vulnerability was published for tre.
CVE-2016-8859[0]:
Regex integer overflow in buffer size computations
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-8859
[1] https://github.com/laurikari/tre/issues/45
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: tre
Source-Version: 0.8.0-4+deb8u1
We believe that the bug you reported is fixed in the latest version of
tre, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Santiago Vila <[email protected]> (supplier of updated tre package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 28 Nov 2016 00:31:36 +0100
Source: tre
Binary: libtre5 libtre-dev tre-agrep
Architecture: source amd64
Version: 0.8.0-4+deb8u1
Distribution: jessie
Urgency: medium
Maintainer: Santiago Vila <[email protected]>
Changed-By: Santiago Vila <[email protected]>
Description:
libtre-dev - development package for the libtre5 regexp matching library
libtre5 - regexp matching library with approximate matching
tre-agrep - approximate grep utility based on the tre library
Closes: 842169
Changes:
tre (0.8.0-4+deb8u1) jessie; urgency=medium
.
* Add debian/patches/03-cve-2016-8859 to fix CVE-2016-8859.
Patch borrowed from wheezy LTS. Closes: #842169.
* Add locales-all to Build-Depends, required to run the test suite.
* Add debian/clean with files generated/modified during the build.
Checksums-Sha1:
2d4b957a50cae7756ef2cab746205b754930009f 1483 tre_0.8.0-4+deb8u1.dsc
3254c97814b4ada74d0997e25f97c9125b5c746d 311808
tre_0.8.0-4+deb8u1.debian.tar.xz
d6658f112f0e9b7d639133976ae0a18aaa53da9d 57820 libtre5_0.8.0-4+deb8u1_amd64.deb
f1d35c741231d703528efff8ff0e27db77f6a4cb 32770
libtre-dev_0.8.0-4+deb8u1_amd64.deb
eb62d3abdd2a6a027dce062810420ab992e547e8 9888
tre-agrep_0.8.0-4+deb8u1_amd64.deb
Checksums-Sha256:
e9818e43f497e12899de30dc3b947daad8bd6c17634df08d59f8c4e962d21d60 1483
tre_0.8.0-4+deb8u1.dsc
5299220769634fd72bf028bbd684b9a5b7b4a156b42e5ee672607cc2eda3a6ac 311808
tre_0.8.0-4+deb8u1.debian.tar.xz
f0d26ff796fc3bd420d32da449293cb8f0783987150215a7b368b6f1a0a120d7 57820
libtre5_0.8.0-4+deb8u1_amd64.deb
ca38a0975d60f17888b4fd38632bd36c9e34ca6452f14bc2f2f9ea6052a050a7 32770
libtre-dev_0.8.0-4+deb8u1_amd64.deb
ceb58c9a33b96e48ade6e4d18b7ee0c7a6845e2d401a0bfc14c77559d2fa2146 9888
tre-agrep_0.8.0-4+deb8u1_amd64.deb
Files:
f63e0de3b1c9073d8b3eb98350e9341c 1483 libs optional tre_0.8.0-4+deb8u1.dsc
ae99a1d06bda59d74c866a68206c95a3 311808 libs optional
tre_0.8.0-4+deb8u1.debian.tar.xz
e68323d35b8a67c897c089bbb80c995e 57820 libs optional
libtre5_0.8.0-4+deb8u1_amd64.deb
654d4d0f9587aaf8b207ec89164c4220 32770 libdevel optional
libtre-dev_0.8.0-4+deb8u1_amd64.deb
89bc4fe5ebabd6c0fc382f57fe5e3e72 9888 text optional
tre-agrep_0.8.0-4+deb8u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJYTHqSAAoJEEHOfwufG4sy5EYH/iY9n6o5BWL2MTK/qxwhU4wC
DlW6mw5T7NL8kfikIbhV4KCbQURWnSS89dbf8hV0zSWthCTEa4cgQdjVFlXWESjS
rM+i7Zit4qhSWxrLZ5cphTcHyYcXheRoga3Oj3oHBx+5FxV1gazUeNKnAyzwkgYM
1kFmVYK4shP73uD6gx9Mmkw65894HFUaqOxBUWntKuX9NrJtMQe4k9EjhlSxPiv4
XMxcM6taY/qlo7bq0WKUHCJ25xChhiRWr3nF79wSKyqkZhs1i3jU1gOXJqs7YXji
jsubfn1qpOdcMEiSSz0k85JnVay3Tf0isBcxa5cSfByzfMwuUnDHo80srRjTQLw=
=b7GN
-----END PGP SIGNATURE-----
--- End Message ---