Your message dated Mon, 14 Apr 2025 19:05:59 +0000
with message-id <[email protected]>
and subject line Bug#1092774: fixed in libfcgi 2.4.5-0.1
has caused the Debian Bug report #1092774,
regarding libfcgi: CVE-2025-23016
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1092774: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1092774
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libfcgi
Version: 2.4.2-2.1
Severity: grave
Tags: security upstream
Forwarded: https://github.com/FastCGI-Archives/fcgi2/issues/67
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 2.4.2-2
Hi,
The following vulnerability was published for libfcgi.
CVE-2025-23016[0]:
| FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow
| (and resultant heap-based buffer overflow) via crafted nameLen or
| valueLen values in data to the IPC socket. This occurs in ReadParams
| in fcgiapp.c.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-23016
https://www.cve.org/CVERecord?id=CVE-2025-23016
[1] https://github.com/FastCGI-Archives/fcgi2/issues/67
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libfcgi
Source-Version: 2.4.5-0.1
Done: Bastian Germann <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libfcgi, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastian Germann <[email protected]> (supplier of updated libfcgi package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 14 Apr 2025 20:11:58 +0200
Source: libfcgi
Architecture: source
Version: 2.4.5-0.1
Distribution: unstable
Urgency: high
Maintainer: Boris Pek <[email protected]>
Changed-By: Bastian Germann <[email protected]>
Closes: 1092774
Changes:
libfcgi (2.4.5-0.1) unstable; urgency=high
.
* Non-maintainer upload.
* New upstream release. (Closes: #1092774, CVE-2025-23016)
* d/watch: Find new release on new GitHub tags path.
* d/copyright: Add missing licenses.
* Install upstream manpages.
* Drop unused lintial overrides.
Checksums-Sha1:
6c20e297e7e568e18b201982031595a967729ccd 1811 libfcgi_2.4.5-0.1.dsc
85533305786c4c74f51089465be27070d2de58db 263973 libfcgi_2.4.5.orig.tar.gz
f316d9ea371443124107e58dcce852e9a81d50e8 5788 libfcgi_2.4.5-0.1.debian.tar.xz
ebea246abad281bd1c1767298b532df0a7dc36b7 5210
libfcgi_2.4.5-0.1_source.buildinfo
Checksums-Sha256:
c93568ebe02b40d52b98c723993b12c9ed8e4c870a7c8e9d4d6a7e9ffac93772 1811
libfcgi_2.4.5-0.1.dsc
92b0111a98d8636e06c128444a3d4d7a720bdd54e6ee4dd0c7b67775b1b0abff 263973
libfcgi_2.4.5.orig.tar.gz
b5f297ce4a44b6644cbd836e6adb8983b98f7de4bec29a7f1b0116aeb17e70f9 5788
libfcgi_2.4.5-0.1.debian.tar.xz
944906dd8ca6252adba26f87191e210a9e163798fd3367c911cb4bb89b2f2a1f 5210
libfcgi_2.4.5-0.1_source.buildinfo
Files:
c818cc8ba8f77aa2f8a59fcd14fd423e 1811 libs optional libfcgi_2.4.5-0.1.dsc
2d87ab3f5b1321cd39e1b6a9bd9e3088 263973 libs optional libfcgi_2.4.5.orig.tar.gz
1156f6e0884ed4b4dffe414c0f32b9d7 5788 libs optional
libfcgi_2.4.5-0.1.debian.tar.xz
43d69c63b66958335f1c921721866a92 5210 libs optional
libfcgi_2.4.5-0.1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQHEBAEBCgAuFiEEQGIgyLhVKAI3jM5BH1x6i0VWQxQFAmf9V0YQHGJhZ2VAZGVi
aWFuLm9yZwAKCRAfXHqLRVZDFMPQC/wPZc8H7p8DOuETCW1mm1BU6Ran2iVX3uiR
sPDJ8HHhWlFnkx58t11F9HOaOYyMvC/c2aXnv0bDv6+gpljwH3/cW0n1M9e781+t
bxk+7FYNNmL4GMc3ypxKsCmzNObwVh0A6HouszUU/eTLH282Y99fs0tPpIo/1NQx
JN4OrN+hIn567zUv/ni6hz/uUEFUlq/bSDMa9Y5+86hu1Xk1qDg8mrV5ERG5P/w6
QSFb/9PC1mlkZVecaXcEhejQ7s4HotNPPf9d7XDfYpQKB1rwwcORSvRXKCg6gHwd
eY2cUEupELISernMIozRNGRvKUDrlykNsY4NlWJEhwM5a3v1H+zkrwuXm2cLPRY3
jJyV6ZqDMja3AIFptI3uFk+YdYTN0Pe+t8aYKEuxX3DEa5V09LRy0hxgwNQLeoSz
On45629y122S4pxKIm0KS7T3iKqek82QNu8fItiyOgHgkO1ULkC32L75y02qjpCk
zJUABrUfex8b8mZgNbqzQNgGRb05k+A=
=rcYC
-----END PGP SIGNATURE-----
pgpDs_NqfLH93.pgp
Description: PGP signature
--- End Message ---
