Your message dated Sat, 18 Dec 2021 18:48:49 +0000
with message-id <[email protected]>
and subject line Bug#1001902: fixed in lapack 3.10.0-2
has caused the Debian Bug report #1001902,
regarding lapack: CVE-2021-4048
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1001902: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001902
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: lapack
Version: 3.10.0-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/Reference-LAPACK/lapack/pull/625
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for lapack.
CVE-2021-4048[0]:
| An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV,
| and ZLARRV functions in lapack through version 3.10.0, as also used in
| OpenBLAS before version 0.3.18. Specially crafted inputs passed to
| these functions could cause an application using lapack to crash or
| possibly disclose portions of its memory.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-4048
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4048
[1] https://github.com/Reference-LAPACK/lapack/pull/625
[2]
https://github.com/Reference-LAPACK/lapack/commit/38f3eeee3108b18158409ca2a100e6fe03754781
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: lapack
Source-Version: 3.10.0-2
Done: Anton Gladky <[email protected]>
We believe that the bug you reported is fixed in the latest version of
lapack, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Anton Gladky <[email protected]> (supplier of updated lapack package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 18 Dec 2021 19:02:36 +0100
Source: lapack
Architecture: source
Version: 3.10.0-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Science Team
<[email protected]>
Changed-By: Anton Gladky <[email protected]>
Closes: 1001902
Changes:
lapack (3.10.0-2) unstable; urgency=medium
.
* Team upload.
* [8d2c868] CVE-2021-4048. Fix out-of-bounds read flaw. (Closes: #1001902)
* [3977090] Trim trailing whitespace.
* [3a33ecf] Use secure URI in Homepage field.
* [4c1aef3] Update renamed lintian tag names in lintian overrides.
* [409fef7] Apply cme fix dpkg
Checksums-Sha1:
0b975814ec94d8c73d492c365c1f5888348a4b8d 3367 lapack_3.10.0-2.dsc
cf861b0eb80610f201db0b199f65ee3203b3cfdc 28892 lapack_3.10.0-2.debian.tar.xz
d9f268d9712acfbcb263a9672eb57234b1df9933 6339 lapack_3.10.0-2_source.buildinfo
Checksums-Sha256:
31f1c05d4d90534a77b9ce0476fad5edcfdac3bb23b23c4665603a1a1b85f877 3367
lapack_3.10.0-2.dsc
884a5f1322652ba954d81643d945c804edbad1f5b8d4ce4f85d49ba646ec19cf 28892
lapack_3.10.0-2.debian.tar.xz
2834163c53d062f0a622d0ed44b08ba97e98c2fa12af58d94d359ff0aa28763c 6339
lapack_3.10.0-2_source.buildinfo
Files:
d91fe7597d7ae9bd7706f48f02906c5c 3367 libs optional lapack_3.10.0-2.dsc
8fab3769329f0e9cca65d7e085c6c4ae 28892 libs optional
lapack_3.10.0-2.debian.tar.xz
b030dcb6ad852a435eb6fe564c28af12 6339 libs optional
lapack_3.10.0-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmG+K8UACgkQ0+Fzg8+n
/wZZuA//WcEop8M46Tj4x2qkeAQs/1KFCmJkWBICgETnBAxLGhHItCvwduC68sho
uVNGtVflR66ndv65oPcmuY2NIKkfgA+y5Nna8ktxqpsd9BdxpqaV4cwgSju9LpIn
h8JhLK4y6tasQh3KTPpGYyoGPPhoI9jDXWMHkF2MDMl52AS3q3XWO1ilJ5tiWm82
SKLooe6sMVUXG457k1AUG3jng2qnvuEE5kku/dmdkyLkjlRUDc6bP/p/5QipxHc7
jY20Z1yPokaIalUMqv9RjLIFuyVlXsU7KQWSL9+cVbyV9rvF/OA13vnIGlxtPrhf
uZfte7pnTj2bk08nkubzMOa+UMf7Bxy9HudOoWPGA3jSM43clcCdmxe4s9MY/cqi
da4uQw1uxWKWJbYdM2sM+FxE4rz/+KoyaDBoZuKBevLOsx2aC8fIZRXVZWdn/m6w
inMlWhixWAa412sVtO5IOw4B3iZQDeodFqv9p8B25kTr6YgCX7Ryd1yXlePwMowl
tbl0K1LjoZp/r3kCIJz+6svG2w9Exommx7tVcX2sRb9hGr9dV9Vq/ORWaaF3AoxB
rh2zx/ErCgw5ODMUH27+lGIAK0wtbEaclYkdzdPBsD96rx2IyYxSJ8fX+nUNARBJ
fp5amK57B1LooA+D+fqZ5AtSrReMtaaJqhnjjwLr0vV1al6zXTM=
=apkb
-----END PGP SIGNATURE-----
--- End Message ---
--
debian-science-maintainers mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
