Your message dated Tue, 29 Jan 2019 13:02:18 +0000 with message-id <e1got1u-000azs...@fasolo.debian.org> and subject line Bug#918841: fixed in systemd 232-25+deb9u7 has caused the Debian Bug report #918841, regarding systemd: CVE-2018-16864 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 918841: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918841 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: systemd Version: 204-1 Severity: grave Tags: security upstream Justification: user security hole Control: found -1 232-25+deb9u6 Control: found -1 240-2 Hi, The following vulnerability was published for systemd. CVE-2018-16864[0]: memory corruption If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-16864 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16864 [1] https://www.openwall.com/lists/oss-security/2019/01/09/3 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: systemd Source-Version: 232-25+deb9u7 We believe that the bug you reported is fixed in the latest version of systemd, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 918...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated systemd package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 12 Jan 2019 09:38:38 +0100 Source: systemd Binary: systemd systemd-sysv systemd-container systemd-journal-remote systemd-coredump libpam-systemd libnss-myhostname libnss-mymachines libnss-resolve libnss-systemd libsystemd0 libsystemd-dev udev libudev1 libudev-dev udev-udeb libudev1-udeb Architecture: source Version: 232-25+deb9u7 Distribution: stretch-security Urgency: high Maintainer: Debian systemd Maintainers <pkg-systemd-maintain...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 918841 918848 Description: libnss-myhostname - nss module providing fallback resolution for the current hostname libnss-mymachines - nss module to resolve hostnames for local container instances libnss-resolve - nss module to resolve names via systemd-resolved libnss-systemd - nss module providing dynamic user and group name resolution libpam-systemd - system and service manager - PAM module libsystemd-dev - systemd utility library - development files libsystemd0 - systemd utility library libudev-dev - libudev development files libudev1 - libudev shared library libudev1-udeb - libudev shared library (udeb) systemd - system and service manager systemd-container - systemd container/nspawn tools systemd-coredump - tools for storing and retrieving coredumps systemd-journal-remote - tools for sending and receiving remote journal logs systemd-sysv - system and service manager - SysV links udev - /dev/ and hotplug management daemon udev-udeb - /dev/ and hotplug management daemon (udeb) Changes: systemd (232-25+deb9u7) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * journald: do not store the iovec entry for process commandline on stack (CVE-2018-16864) (Closes: #918841) * journald: set a limit on the number of fields (1k) (CVE-2018-16865) (Closes: #918848) * journal-remote: set a limit on the number of fields in a message (CVE-2018-16865) (Closes: #918848) * journal: fix syslog_parse_identifier() (CVE-2018-16866) * journal: do not remove multiple spaces after identifier in syslog message (CVE-2018-16866) Package-Type: udeb Checksums-Sha1: b4ca041a73cb8775c90bbcc92c080cd7ac58dfe4 4952 systemd_232-25+deb9u7.dsc 74178b96d631058236cf79f5b0cc3953382f12b5 4529048 systemd_232.orig.tar.gz 4b7fbdd4005aa0340dca1cc37603cbd520343e31 214680 systemd_232-25+deb9u7.debian.tar.xz Checksums-Sha256: 1dea5088456636c50c3135ae5cd00f92ee8559360c907a22e1ed05a3e0016646 4952 systemd_232-25+deb9u7.dsc 1172c7c7d5d72fbded53186e7599d5272231f04cc8b72f9a0fb2c5c20dfc4880 4529048 systemd_232.orig.tar.gz 653cf8bb0b33b01c08484a3a3c8de4de1bb875b56f869ef389b17760442a8e7f 214680 systemd_232-25+deb9u7.debian.tar.xz Files: 45cf746f8e5721bffbdbd80e2c38c4e8 4952 admin optional systemd_232-25+deb9u7.dsc 3e3a0b14050eff62e68be72142181730 4529048 admin optional systemd_232.orig.tar.gz 6a58324e6574cf198db06db655f29f6e 214680 admin optional systemd_232-25+deb9u7.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlw6SrZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89ERJAP/jeXZ/yRfhlQ5wB1c0qS0pskC5Wxn5ge OR4i0rodEFi8HVoPzEqYgO9NbiReKWDfkWfaecgIZyrtnTFSj6jVlZs9zzb0ulSx GI0reZ8gbWaHkMWb2G3wRBMsa6VL9+zZ71GvHBciryx1ms0qGpQ2F7YwxcD/KdEW PGnn1ohFykxDXcjpo/Q2SqdXVszDbC5yTJw3pxW5ZJa6oHpFDpirTiruj5QatSNJ WwMcI2gQye+UJ/krXxs+12Bx/Cg83GwbIe4ABsxnqjfDsU1TMuiyUBAED+CdIRB0 +wPR4PqSkYiRjh4/tZRr5v6NGbyxaAnUx/JPJ3qFhZ2Gf2kuU3tdPy0lmHnCp2UB EcO/+D06uRozRKxFFUHr3OwJi3+ug3aVIupErtzv/UwB1Oc/EroEk/pHk8sPNTnG Xk7Pa6363epscGbWgtwEDr2YuI6mv7M64F9UM0Wxlu+kX66fbO17/noJD1tuylm9 nJzsj3I9q+vOUMND1ykZMJkCbWfRtv6zAk7VY9PmpIGULD7djMEOFfh3dswBPXg2 eJGM+HBhzuFvP2cNoEKKc2bKwjCaZgJIxkM/3M8ldYVsOBaVmIP7OHL1hfacGE0N nNrSL05x1/SF+O/VSaYUY7Am7T/m9VCCbQ3PjKXNMEuESL3nkuocvtKTCZYosC0U TLRx4R8nlEkb =g+xr -----END PGP SIGNATURE-----
--- End Message ---
