Your message dated Tue, 29 Mar 2022 09:34:03 +0000
with message-id <[email protected]>
and subject line Bug#991370: fixed in libmatio 1.5.22-1
has caused the Debian Bug report #991370,
regarding libmatio: CVE-2020-36428
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
991370: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991370
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libmatio
Version: 1.5.19-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for libmatio.
CVE-2020-36428[0]:
| matio (aka MAT File I/O Library) 1.5.18 through 1.5.21 has a heap-
| based buffer overflow in ReadInt32DataDouble (called from
| ReadInt32Data and Mat_VarRead4).
Not fixed yet (at time of writing) upstream I think.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-36428
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36428
[1] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21421
[2]
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/matio/OSV-2020-799.yaml
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libmatio
Source-Version: 1.5.22-1
Done: Sébastien Villemot <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libmatio, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sébastien Villemot <[email protected]> (supplier of updated libmatio package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 29 Mar 2022 11:06:11 +0200
Source: libmatio
Architecture: source
Version: 1.5.22-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Science Team
<[email protected]>
Changed-By: Sébastien Villemot <[email protected]>
Closes: 991370
Changes:
libmatio (1.5.22-1) unstable; urgency=medium
.
* New upstream version 1.5.22
+ fixes CVE-2020-36428 (Closes: #991370)
* d/copyright: reflect upstream changes
* Use secure URI in debian/watch.
* fix-strtol-call.patch: new patch, fixes testsuite
Checksums-Sha1:
8f97fed0dbfa1dd18af39f74882f1e830aaedc55 2182 libmatio_1.5.22-1.dsc
1d6faa4d9d24fd8a37196082b672b7fb665e5f60 10118651 libmatio_1.5.22.orig.tar.gz
a0fb2b1e43ff85dd78ae6131cd5a9d193c79d5ab 8412 libmatio_1.5.22-1.debian.tar.xz
78977544e3ce6bf940d53346fa49552d133bf7f7 9952 libmatio_1.5.22-1_amd64.buildinfo
Checksums-Sha256:
5af9b85a360440ff12febd3df96175e7703cfd07a6ec57e5f88fc4a6970413f1 2182
libmatio_1.5.22-1.dsc
80c3d1e222e115768b57b7de640a37d0ee7cb7a3bd039db3ea941e71fc5204c3 10118651
libmatio_1.5.22.orig.tar.gz
b2ca34163dd383c164cb11d972ce384c25d2eca4e0ee772263a8dbf8a5a7469a 8412
libmatio_1.5.22-1.debian.tar.xz
e82bcd99bdc9edc57bf1478b13402189037be8a6e8badfdbb74355f9c356af3f 9952
libmatio_1.5.22-1_amd64.buildinfo
Files:
d8c20aa0e46be62fef5216bd8791f301 2182 libs optional libmatio_1.5.22-1.dsc
03ea4fd6f0c29d501b847c6d82805a42 10118651 libs optional
libmatio_1.5.22.orig.tar.gz
95d9c207f934523e2c7d2f354a913384 8412 libs optional
libmatio_1.5.22-1.debian.tar.xz
9b39d97be76cce14edab2d6915f505a6 9952 libs optional
libmatio_1.5.22-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEU5UdlScuDFuCvoxKLOzpNQ7OvkoFAmJCzncACgkQLOzpNQ7O
vkoeew/+MEWg6Faag2PxCsSbALiLZ38KgGFcWpDGKo/yPABQR+oCaKThh2IDNOl5
FAXdBYsM+FgBIIQYVFzTA23SMh3y4bpS+jHNZwYHimCJnmfCNWywBRSwGIT9exUr
NmlqaNHXrDffPQ6vq4zshafRItS0C71kNrwMjV9ypSWYZjI6zTkBX/+QPJksGMCc
LOgrz5uHK3HVG4l7qUjVuDw7gz54LNvHtVDNDt84nGsNTwRcO1sMo0vh36dISmSp
6UZ1Flyeer1dENdL/2D+Xl/s504FIGr4zg6P9fEQbmlfUT1HzMKg4hU+CBX8b15P
Fo1FgAayPXqgPAIngVZpvb1icpRRHa/dP0WTyjNuAu8TnLZbZUM1BqGkAwLXaKHR
AHHtRqnumROcqj2NzM7RyeAm8f8I7UEan8lKa91+1S/YByr8TRyAXM3PH6w14inY
hCP5xmF3H++ihp2TDMlCMRJlZc+Z2mKyH+4CDRf6kzC1eXvUuOf1s1c80wUU6g/5
5iid1FNM2/9jpKHi3qs8ItpHs1BNaXRHePRAeJ+Hlwm5RLvejIRqBGgH18myw9Hi
DVYZauSMxWZXtRAwjYVf/pWkM2TFrP91wbPx/Ufagg0FtQWIsvABoJTtkrsKkxyN
CCnHt3k4fhiKBPIQbLgBsrSwzhMt6akSgCqLeOQUAA/jKWLeq+c=
=xpLj
-----END PGP SIGNATURE-----
--- End Message ---
--
debian-science-maintainers mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
