Bug#992437: marked as done (libgetdata8: Patch for CVE-2021-20204 breaks many regression tests)

[Debian Bug Tracking System]

Your message dated Wed, 17 Nov 2021 21:04:06 +0000
with message-id <e1mns6a-000ffe...@fasolo.debian.org>
and subject line Bug#992437: fixed in libgetdata 0.11.0-1
has caused the Debian Bug report #992437,
regarding libgetdata8: Patch for CVE-2021-20204 breaks many regression tests
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
992437: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992437
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: libgetdata8
Version: 0.10.0-10
Severity: important

Dear Maintainer,

The current patch [1] for CVE-2021-20204 [2] breaks many (602 of 1638)
regression tests (via "make check") and impacts basic library function.
Downstream software is impacted (hence, Debian bug #992372 on KST.)

For example: any dirfile with LINCOM fails to be recognized as a dirfile.

Upstream has been notified of the CVE and will hopefully respond with their own
patch.

thanks,
Graeme

[1]: https://salsa.debian.org/science-
team/libgetdata/-/commit/61275e4c051090ce11467207eb361a6d81c405d9
[2]: https://nvd.nist.gov/vuln/detail/CVE-2021-20204



-- System Information:
Debian Release: 11.0
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.9.0-2-amd64 (SMP w/4 CPU threads)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libgetdata8 depends on:
ii  libc6     2.31-11
ii  libltdl7  2.4.6-15

libgetdata8 recommends no packages.

libgetdata8 suggests no packages.

-- no debconf information

--- End Message ---

--- Begin Message ---

Source: libgetdata
Source-Version: 0.11.0-1
Done: Alastair McKinstry <mckins...@debian.org>

We believe that the bug you reported is fixed in the latest version of
libgetdata, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 992...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alastair McKinstry <mckins...@debian.org> (supplier of updated libgetdata 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 17 Nov 2021 09:22:48 +0000
Source: libgetdata
Architecture: source
Version: 0.11.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Science Maintainers 
<debian-science-maintain...@lists.alioth.debian.org>
Changed-By: Alastair McKinstry <mckins...@debian.org>
Closes: 992437
Changes:
 libgetdata (0.11.0-1) unstable; urgency=medium
 .
   * New upstream release. Closes: #992437
Checksums-Sha1:
 d9acf08f1bb4783e95ce2436351a12b7801b3a68 2749 libgetdata_0.11.0-1.dsc
 8cb590849352b24e497656bc80b3bb94c4f16763 751604 libgetdata_0.11.0.orig.tar.xz
 34d0b0ea1271a212035cf753eee28dff32d96a1b 6552 libgetdata_0.11.0-1.debian.tar.xz
Checksums-Sha256:
 964f51e8d4f3e6442833af3d94330c92f434faf0abd1079fd5404b3752d1832b 2749 
libgetdata_0.11.0-1.dsc
 d22a2213d47ce470dd90435303054b74da341f430a4d4d638287a1d3468e1eb4 751604 
libgetdata_0.11.0.orig.tar.xz
 8d703b0b1b9db895156f3f4a92f59277ea18b0dfb40dc19df2ae9c06271bef28 6552 
libgetdata_0.11.0-1.debian.tar.xz
Files:
 cf57ea211107f1aedbc493b467b22b33 2749 science optional libgetdata_0.11.0-1.dsc
 ed90befc63fa7d114874512b5408e208 751604 science optional 
libgetdata_0.11.0.orig.tar.xz
 3582f0b566beddbfdf5acab1bbfdf493 6552 science optional 
libgetdata_0.11.0-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEgjg86RZbNHx4cIGiy+a7Tl2a06UFAmGVXvwACgkQy+a7Tl2a
06UmaxAAi8dpZv5sPt1yVpdbEJx1ohZcZ4WpDCzH+DsBMCHHXyfAsvpCdCu/vfEk
M3QJ+wvGgEB7VgOwsJ75d+VEa1xyyc1QTrZQROrUHLnmLe9guMTY+K7hkvJadVG6
N/AVp+9oNnuNcbq8pF8CmbqgwoLXKa9ximUtUvKe9FSM8hyIRmRkZ0YYJcpZRisz
KqkkzKen9YZv/KZNJJdc2dY28wLa+L2eCxy5gx6+ZoM2Spw3XN05Tj/sMGQjh+7L
U4kI5Ok3Tu9xkaOkyrvAbE34VjxVz5bCHNz0mYIl9CXnFw2udxVFXnzxC92fsjEh
digJGsSFocSxtp2VtbLfpdNPJz3dcetZdLek88MvPvPmmK2urHdNCK2Sp8yU86SJ
2dQS5K0hoMGBuhjZc5FpFhTVGoOuq41p/Gr/BSVOfn+jBJMzK5rzYRd+7cxaQ5zj
a7ZC97QT8iDfmz/V1wJivZjTwb86II7pXuveOM/Pn9qj7Df+sUbSGlx23cR/Rh7A
iZGn3KHabXtUPPcRLifIHrwfX5HI/5okmJy7q/UDOFRc4Ngmze3gS/kMUNkZp+ct
2dMXgqo8rXFGLWDXdVOSiTd9OYKCp50lnusG4QeDwqAakHvJk4x7fm4YEXapG+/+
cBqpQJsasIPFandLMhkc7NBjpcpi7dxpRFPjUjOwiyQPJOnjyBU=
=tMG/
-----END PGP SIGNATURE-----

--- End Message ---

-- 
debian-science-maintainers mailing list
debian-science-maintainers@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers