Your message dated Wed, 16 Dec 2020 22:17:02 +0100
with message-id <[email protected]>
and subject line Bug fixed in former upload 6.10-1
has caused the Debian Bug report #898135,
regarding bibutils: CVE-2018-10773 CVE-2018-10774 CVE-2018-10775
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
898135: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898135
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: bibutils
Version: 6.2-1
Severity: normal
Tags: security upstream
Hi,
The following vulnerabilities were published for bibutils. This report
is to mainly make aware of the issues, I'm not sure if upstream were
made aware of those, as the CVE references by now just consist of
pointing to reproducers.
CVE-2018-10773[0]:
| NULL pointer deference in the addsn function in serialno.c in
| libbibcore.a in bibutils through 6.2 allows remote attackers to cause a
| denial of service (application crash), as demonstrated by copac2xml.
CVE-2018-10774[1]:
| Read access violation in the isiin_keyword function in isiin.c in
| libbibutils.a in bibutils through 6.2 allows remote attackers to cause
| a denial of service (application crash), as demonstrated by isi2xml.
CVE-2018-10775[2]:
| NULL pointer dereference in the _fields_add function in fields.c in
| libbibcore.a in bibutils through 6.2 allows remote attackers to cause a
| denial of service (application crash), as demonstrated by end2xml.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-10773
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10773
[1] https://security-tracker.debian.org/tracker/CVE-2018-10774
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10774
[2] https://security-tracker.debian.org/tracker/CVE-2018-10775
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10775
Please adjust the affected versions in the BTS as needed.
Salvatore
--- End Message ---
--- Begin Message ---
Version: 6.10-1
Hello,
Upstream fixed the three vulnerabilities in version 6.3. In Debian this
happened in the next packaged version, which is 6.10.
Thanks,
Pierre Gruet
--- End Message ---
--
debian-science-maintainers mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
