Your message dated Tue, 08 Jun 2021 20:17:29 +0000
with message-id <[email protected]>
and subject line Bug#986215: fixed in scrollz 2.2.3-1+deb10u1
has caused the Debian Bug report #986215,
regarding scrollz: CVE-2021-29376
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
986215: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986215
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: ircii
Version: 20190117-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: clone -1 -2
Control: reassign -2 src:scrollz 2.2.3-1
Control: retitle -2 scrollz: CVE-2021-29376
The following vulnerability was published for ircii.
CVE-2021-29376[0]:
| ircII before 20210314 allows remote attackers to cause a denial of
| service (segmentation fault and client crash, disconnecting the victim
| from an IRC server) via a crafted CTCP UTC message.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-29376
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29376
[1] https://www.openwall.com/lists/oss-security/2021/03/24/2
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: scrollz
Source-Version: 2.2.3-1+deb10u1
Done: Mike Markley <[email protected]>
We believe that the bug you reported is fixed in the latest version of
scrollz, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mike Markley <[email protected]> (supplier of updated scrollz package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 06 Jun 2021 10:16:54 -0600
Source: scrollz
Architecture: source
Version: 2.2.3-1+deb10u1
Distribution: buster
Urgency: high
Maintainer: Mike Markley <[email protected]>
Changed-By: Mike Markley <[email protected]>
Closes: 986215
Changes:
scrollz (2.2.3-1+deb10u1) buster; urgency=high
.
* Applied patch to ctcp.c to fix CVE-2021-29376 from
https://github.com/ScrollZ/ScrollZ/pull/26 (Closes: #986215)
* Applied minor patch from upstream to the above fix
* Rebuild for buster
Checksums-Sha1:
8f52019e57042519265bd1e66328013f09e5f8da 1762 scrollz_2.2.3-1+deb10u1.dsc
d5bd776df229c45e5e5f2a3c75e3eedaae88ace3 8672
scrollz_2.2.3-1+deb10u1.debian.tar.xz
8e63083d246ec7741d0151f2d3e4baace3620a5a 6291
scrollz_2.2.3-1+deb10u1_source.buildinfo
Checksums-Sha256:
b7f93b04643503b929f3edc93f9416ac4761a174b5352d304fcb1a2e92cf33d7 1762
scrollz_2.2.3-1+deb10u1.dsc
aa6083be113bcfb85befdf1d2fc0da683e31daf6dce7b737393022b33f88020c 8672
scrollz_2.2.3-1+deb10u1.debian.tar.xz
7c0a987df1f9e77bad319ad53d20da9edae589db936d1c2e2df323bee0aaf638 6291
scrollz_2.2.3-1+deb10u1_source.buildinfo
Files:
903c87d3f0fb5ce05fdeba452b62875c 1762 net optional scrollz_2.2.3-1+deb10u1.dsc
00a41170cb5061e3b0b82b437db4c20c 8672 net optional
scrollz_2.2.3-1+deb10u1.debian.tar.xz
825fe27335c646e954d717861dab1e6b 6291 net optional
scrollz_2.2.3-1+deb10u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAmC9rrUACgkQkWT6HRe9
XTbPpg//SzLTw9zZk0++j491PJtkOWW6FB3sytik5HhcHKHPAPJOv8gbJzDsBt81
s7auL5/Q5O5YgmPJn39p//yp6lUHPpY3fvEUjG4q670lGnlkoJ2pw/s/rUmM6KI3
qx0MJrrGCexwD8fXTwX8t2i7CGqxzbeU3yiRqvPHS1JufpxWRDkAPASEqwwx+VJF
PMhwKF51gVP8jL+mvWbhBCAyL722eAZbAJ/lJPBzgKadDKXoqcMnjbcF2Du4gYIY
SV0epkkgpSbU7FOLk4YP8wOIH3JVUz4CE733mp2TzcjB/T4mMFpQesQmKfXLFNms
C7BEBRm1HAL7xxWCsu6yVV3wN5qexQlbMab6WAZ4Afkc4RO6kzohC8PMpabK6SCk
pOVD7QMx9GGCJXaRbdWuJv61yIqV3vNeLXEhl5wok4AAdY3OxNpniwNO10b8+ak4
OXJ75S6jVA3tlspwXNQbUwOvfm5dZLPr59wCKiuRSFRAbDhAqE86Tfyb4zk0U5Uy
swR/4IloS3zRc4z8AxCKaXMSrDzfQ6UXvrVvUWC4BRMGnqHgjQtVYjARkKPshneN
mhcaO/0P6VpwuYooQmXTba/XUrfg6p9gmpPWN8V4sNPXtrwHQLOsgybv7zKVekKm
Q55OI0NKQNOvZmBAVmQj3nygbrtFroxpLazPn52M3qVKqheO1rY=
=vZBd
-----END PGP SIGNATURE-----
--- End Message ---