Your message dated Sun, 13 Oct 2019 00:20:11 +0000
with message-id <[email protected]>
and subject line Bug#942215: fixed in libnbd 1.0.3-1
has caused the Debian Bug report #942215,
regarding libnbd: Remote code execution vulnerability
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
942215: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942215
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libnbd
Severity: grave
Tags: security upstream
Justification: user security hole

Hi

See
https://www.redhat.com/archives/libguestfs/2019-October/msg00060.html
for details (the CVE has propably not yet been processed).

https://github.com/libguestfs/libnbd/commit/2c1987fc23d6d0f537edc6d4701e95a2387f7917
is the fix for (stable-1.0) series.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: libnbd
Source-Version: 1.0.3-1

We believe that the bug you reported is fixed in the latest version of
libnbd, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Hilko Bengen <[email protected]> (supplier of updated libnbd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 13 Oct 2019 01:59:04 +0200
Source: libnbd
Architecture: source
Version: 1.0.3-1
Distribution: unstable
Urgency: medium
Maintainer: Hilko Bengen <[email protected]>
Changed-By: Hilko Bengen <[email protected]>
Closes: 942215
Changes:
 libnbd (1.0.3-1) unstable; urgency=medium
 .
   * New upstream version 1.0.3
   * Fixes remote code execution vulnerability described in
     https://www.redhat.com/archives/libguestfs/2019-October/msg00060.html
     (Closes: 942215)
Checksums-Sha1:
 313a25c33a1f1141c99a947a0aa3ab4be99ca37b 2525 libnbd_1.0.3-1.dsc
 894f362cfcc6d3b3193ad34b9c48cf14163bb762 752928 libnbd_1.0.3.orig.tar.gz
 1c4c22e6d1bb984490852ca476a08f016f561f9c 858 libnbd_1.0.3.orig.tar.gz.asc
 0a2f3f922b42902c3924c6f3225e121ac25b64e9 24568 libnbd_1.0.3-1.debian.tar.xz
 f8f6c685afb67785b4b0856c977318edf22f072d 8228 libnbd_1.0.3-1_source.buildinfo
Checksums-Sha256:
 d5bfc6e0c2a4278c7575622ebbbfaba9483d1f6f3e15e03a6cf75f87254780d3 2525 
libnbd_1.0.3-1.dsc
 6809d0e8c7bbe0abdacc070cf2f42efa7af1a4eff8a30f8e162d71cf6eb547d1 752928 
libnbd_1.0.3.orig.tar.gz
 30c14e01ca07951aba6e04a74b9afa2bcc93874174051aca202e350eebc62e7c 858 
libnbd_1.0.3.orig.tar.gz.asc
 48c4bdba562989cd7ce965d42dd8078679562608c7e5bcce700c68a4ecf68de3 24568 
libnbd_1.0.3-1.debian.tar.xz
 4e70944231c13cbc78f04b7b6ff31b8c109f04f25390265ca0c0d013d49a5bc4 8228 
libnbd_1.0.3-1_source.buildinfo
Files:
 6527dd44d8737abf62750599d5579a6c 2525 libs optional libnbd_1.0.3-1.dsc
 773e7a57429c270ae9db8a0e6a4d30ac 752928 libs optional libnbd_1.0.3.orig.tar.gz
 ef4ef265b757a23aa734bf3a08d3a3bd 858 libs optional libnbd_1.0.3.orig.tar.gz.asc
 8950e6b564e8f7238a3db8a1129e4653 24568 libs optional 
libnbd_1.0.3-1.debian.tar.xz
 36856d1d0b5cd3a0b0b84a79ec3a9d89 8228 libs optional 
libnbd_1.0.3-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEErnMQVUQqHZbPTUx4dbcQY1whOn4FAl2iaRYACgkQdbcQY1wh
On43Ng//Wssl69RMLbrlDbBGhhQZDH9qnkRdPw9kzt52jiRSlY08wSVNR4JywJRO
/uZd9EkyNeUTWGXwPmOBB662E0rpayrUkbzOwIPSelMtjLVcBrvgro6ARHuRUcuB
pD8/YftvAQUvl2M6myeHlgzOh5ihK8cTd/geGlfneunBxQfiOJBSTbemNM2zMCbB
ayeJ7YCUmKS8FCBjo1pAyf1KbNeXi37RYWgURLc3oYFT18gAd5XFxM0qdW8+Lm/L
AfVCXAL5yVZM7TqZtMFLPJJoOjCtZtJPRmataQ+gkvxALZfNZWn4IxipYBUa/X7a
jtD5DRvbzsEKEATwVanO+qufmRdgyQ7WL75mHY/T3E7mMHVH4zDW55YnH5hxficP
AseWlY+UZBU3CmBm72IkISqvanlopmVG9RFi4HtoDEf0FCT1w1D32K9mgEDRPOON
VqLTl22dxaKZaGONgfQFGX/B3DNxa8DDsNf3jZL3t2HS8dAaYfey7Q7utiSp/bgf
+0AGrtz2EvQ1egoCHtxquhzJcFmluu4DZiNOCj2Wxoafi5CMMXJlDyt1NuPEz/dj
VmRi1cIu8boNZ4OHOjkbiq1644TFWnUkoHHUdm646RUuW1bCzYwhEmSFjNQL83MQ
qw0M3yZhF1PApUDeAGlXuIsphgvaenoJRVeUk/Bg/fO4iVdoEVM=
=Tw+A
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to