Your message dated Sun, 05 Jan 2020 10:52:34 +0000
with message-id <[email protected]>
and subject line Bug#947947: fixed in ros-ros-comm 1.14.3+ds1-11
has caused the Debian Bug report #947947,
regarding ros-ros-comm: CVE-2019-13445
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
947947: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947947
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: ros-ros-comm
Version: 1.14.3+ds1-10
Severity: important
Tags: security upstream
Forwarded: https://github.com/ros/ros_comm/issues/1738
Control: found -1 1.14.3+ds1-5
Hi,
The following vulnerability was published for ros-ros-comm.
CVE-2019-13445[0]:
| An issue was discovered in the ROS communications-related packages
| (aka ros_comm or ros-melodic-ros-comm) through 1.14.3. parseOptions()
| in tools/rosbag/src/record.cpp has an integer overflow when a crafted
| split option can be entered on the command line.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-13445
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13445
[1] https://github.com/ros/ros_comm/issues/1738
[2] https://github.com/ros/ros_comm/pull/1741
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ros-ros-comm
Source-Version: 1.14.3+ds1-11
We believe that the bug you reported is fixed in the latest version of
ros-ros-comm, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jochen Sprickerhof <[email protected]> (supplier of updated ros-ros-comm
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 05 Jan 2020 10:55:33 +0100
Source: ros-ros-comm
Architecture: source
Version: 1.14.3+ds1-11
Distribution: unstable
Urgency: medium
Maintainer: Debian Science Maintainers
<[email protected]>
Changed-By: Jochen Sprickerhof <[email protected]>
Closes: 947947
Changes:
ros-ros-comm (1.14.3+ds1-11) unstable; urgency=medium
.
* Add https://github.com/ros/ros_comm/pull/1741 (Fix CVE-2019-13445)
(Closes: #947947)
* Update changelog to mention fixed CVE-2019-13465
Checksums-Sha1:
b52c8625ad2e952f32853200f2c9bd8413524a8d 5021 ros-ros-comm_1.14.3+ds1-11.dsc
e3df6b4d76cb68d1f65277971e3c9bc085ab7cd7 16480
ros-ros-comm_1.14.3+ds1-11.debian.tar.xz
02b69cc3a8774b66de55a86e59f351c01b01e5b2 10387
ros-ros-comm_1.14.3+ds1-11_source.buildinfo
Checksums-Sha256:
06f0fa6c625f8d6eb7b65c7ac695123550c45836aaf5589ec3a331b239c8136c 5021
ros-ros-comm_1.14.3+ds1-11.dsc
82c31d394b8d084d766c9c37c05d37c716dbf52439942aac2c6db7d349fd76b6 16480
ros-ros-comm_1.14.3+ds1-11.debian.tar.xz
b64a7d4e18184de9efcc31e579a03572ece58c2d56dd3b85d318d84af6a589fc 10387
ros-ros-comm_1.14.3+ds1-11_source.buildinfo
Files:
8fcb09d6d9f5541e8fedfec2f082b6e8 5021 libs optional
ros-ros-comm_1.14.3+ds1-11.dsc
f98f7c1d76d57d95f62ef767f6540d19 16480 libs optional
ros-ros-comm_1.14.3+ds1-11.debian.tar.xz
a072c743dfecd8fb124229d3a8f8acc9 10387 libs optional
ros-ros-comm_1.14.3+ds1-11_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEc7KZy9TurdzAF+h6W//cwljmlDMFAl4Ru/0ACgkQW//cwljm
lDNQaBAAjJe5tIQpsSvL61Uhu6v5SfmnVfPEyDwoNAWQCpQyO6CrGqnNCRNswqJe
laWffP3OQ53VKjRyTfweMjGieIMiAs9mGRUhAFpQbq+K3TTMcHMOfWk4kMQ1Jnhe
qbK/5bw0dlTYGHtEYBh4seu3I2J5vmi/RNE9+LD7TgFJAg154eifhe/8qEJALeDu
sGrUCky+s7Hst38uUbZA3bzYIvzAJnt3UkfFQdOTCp5Bew+qNVck/F7XgcFWtWnF
foB2O8wgywJEo9tu0qo6GOkEWC4aHPTt5g0NFi4Hch6lqHfGWUWtTcccywFIqH4J
/vvi6bPQ9tMXoXBmO5LpUU76moTfhPmb6tvIAFVCW1PglClVlhUAOGoXDBqkd6Fo
rIAqKaYdJmyt5EefxEFfK6TDGNh3com4WJFTRxkHcGMxJEbEzPMuWifUkLa053sV
01G6L19KfwitFCClseMPRq9R93bNmxJvkCn2OViRJF12TNP35PijBYiW8qbEEszX
nb3F3QCoRyl/0yKeYPpdPMYUK1BKUoRcMJpB6JQdk1JTstIpwvHjl+GDOL/BvkPV
Coq+B2MQJVDsAKIegpU4QusYhpwhVWFBFgWvznggPACiDfi3ixWsicR4dH62eHHi
YwwNxZnc894QoygpqcJHU2+Q/2nMM6lh2pj8wUgqrPY+v7Wa7Us=
=Ix6H
-----END PGP SIGNATURE-----
--- End Message ---
--
debian-science-maintainers mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
