Your message dated Sun, 06 Aug 2017 15:19:49 +0000 with message-id <e1denlj-0007k3...@fasolo.debian.org> and subject line Bug#870299: fixed in links2 2.14-3 has caused the Debian Bug report #870299, regarding links: CVE-2017-11114 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 870299: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870299 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: links2 Version: 2.14-2 Severity: grave Tags: security upstream Hi, the following vulnerability was published for links. CVE-2017-11114[0]: The put_chars function in html_r.c in Links 2.14 can cause a denial of service (buffer over-read) via a crafted html file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-11114 [1] http://seclists.org/fulldisclosure/2017/Jul/76 Regards, Laszlo/GCS
--- End Message ---
--- Begin Message ---Source: links2 Source-Version: 2.14-3 We believe that the bug you reported is fixed in the latest version of links2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 870...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Axel Beckert <a...@debian.org> (supplier of updated links2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 06 Aug 2017 16:45:50 +0200 Source: links2 Binary: links2 links Architecture: source amd64 Version: 2.14-3 Distribution: unstable Urgency: medium Maintainer: Axel Beckert <a...@debian.org> Changed-By: Axel Beckert <a...@debian.org> Description: links - Web browser running in text mode links2 - Web browser running in both graphics and text mode Closes: 861335 870299 Changes: links2 (2.14-3) unstable; urgency=medium . [ Helmut Grohne ] * Fix FTCBFS: Tell ancient configure about the correct CC. (Closes: #861335) . [ Mikulas Patocka ] * Fix read out of memory in case of corrupted UTF-8 data. (Closes: #870299, CVE-2017-11114) . [ Axel Beckert ] * Add lintian override for not misspelled French word "rouge". * Declare compliance with Debian Policy 4.0.1. + Switch debian copyright format declaration to HTTPS URL. + Replace full text of MPL 2.0 with pointer to /usr/share/common-licenses/MPL-2.0. Checksums-Sha1: b815d8d42f07f68df50a43cda7c4b084c7430d15 2098 links2_2.14-3.dsc 88446cd5eec1a0fbd07fdb8639b2ab4eaf99ccac 14940 links2_2.14-3.debian.tar.xz 9e3922a746ad5994ad0c93e76d06d0db848ff2dd 808358 links-dbgsym_2.14-3_amd64.deb 522048154f6c57c2c0ab7aac2ddd5507406f13d8 1370730 links2-dbgsym_2.14-3_amd64.deb 4863fc4411a3f1aa5c06e087b26c522237c00f89 11843 links2_2.14-3_amd64.buildinfo 8efb80f1acc6d2a5c2901f2c103914b0f6927635 3009544 links2_2.14-3_amd64.deb f9cfb7d7447b720ddb0fcb5433d6d2e882cc657b 539652 links_2.14-3_amd64.deb Checksums-Sha256: 555120fc2ac74d3948ea1618d30cb36db8e4116fad1203e3d2623203c384d62f 2098 links2_2.14-3.dsc f60f29d2c46c8980e3ad458d4b52cf1684e3ede3e31abb78fec4577ab16620c2 14940 links2_2.14-3.debian.tar.xz fe2e2bb233e4fd0c321620f051bd8901bba756b4d567ce0c5472df82fa82f88d 808358 links-dbgsym_2.14-3_amd64.deb 015f008327123314004cd3b50124b81f48508d69924299c7b82d407a905ff974 1370730 links2-dbgsym_2.14-3_amd64.deb 6256ceb03d43fa63ff43101e9e5712160fb9ad879bc497e20ba363ca7abdf49f 11843 links2_2.14-3_amd64.buildinfo 176eb4e044a75ee02dabd87ef6b1fb8bf5577fb4781351808a196ef94be1f1dd 3009544 links2_2.14-3_amd64.deb be20266ba3c87e8dd1ea6d9cf60692dd364403649ac509b14e42f14ccb124407 539652 links_2.14-3_amd64.deb Files: 498ac132c0699b4a7b5ec89e68853ff5 2098 web optional links2_2.14-3.dsc 800fc3ffdd70edc99c487a2bb472c89f 14940 web optional links2_2.14-3.debian.tar.xz 2cb47937b6506a4ff80d0779aaf74e10 808358 debug extra links-dbgsym_2.14-3_amd64.deb 7c388133673f77292e41e5d7bcabffe2 1370730 debug extra links2-dbgsym_2.14-3_amd64.deb 07de91c792e8b5ef455a2c86fe6f4a6e 11843 web optional links2_2.14-3_amd64.buildinfo 2f3363c63ee7ab3ef43f206362b7bd4a 3009544 web optional links2_2.14-3_amd64.deb 3811d89279281143a4609ee46cda83ed 539652 web optional links_2.14-3_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEERoyJeTtCmBnp12Ema+Zjx1o1yXUFAlmHLLoACgkQa+Zjx1o1 yXWJ8BAAwPT3NoirCaLp8CQIITP1PQJ+t4QKE7O8y6CyAqo3JEIQ/9xGmF8hUj4V TjJCk9aaqXgrWUgwKqjOFnJ5kR2kg9EalgI5RGUENo36Yr9Qz/Ic6Yp8yjoolHgu LR8S1Uw5W/7hH97zXlAoVVc8OTuDY/g1Luq5oT744IwyLct0iLZGGOTrViFDkogl zNRXvyld8y8tFzHNj2oz2YGzzBiyCIq1RW3WuPKTxWpUbJNPvEZt9uIO70u8p6Kn CUmnV7hdSvv1J1EBXlDXUm3uiIcaMqEeQF89cerc7JtSS/4fLjUy23h0VvWORyHP iEuS/0YpcLKMMvRDpGCt0xHJBP9wvxnv7Y1+FTCE8dJwhAe1uWw9AhoTV/QMlhzh PgJGHVE1yyJ8m3vEsrqN99JXxfxRxSQuN4e/cYr/qoeBP/Mb9S/rud/AmlVEP7Gy XF8CsQiMhXc7n8H4vmxihXYnCnJYUI/zhZF3EBMrAPxd9kB8O9Ou2a9x8DrSEQGS 6XgReNmsLKCZdTc9CeEqXQ3xC3yUqWSriD6RFFeqo7O3fIWepbeuzVPb545idguC hwWprZA7m+1mZrgHMxCSjjT9BhWsuBtrBtjj/IlmCndpb7pOYaYyVcW8fqFe884I 1yD/LbTa0gd0VyMaytmHBJyDNCdpo0L9UeVNf+TuUi9KasR34Ig= =Qdho -----END PGP SIGNATURE-----
--- End Message ---
