Your message dated Fri, 22 Mar 2024 10:03:30 +0000
with message-id <[email protected]>
and subject line Bug#1036467: fixed in virtuoso-opensource 7.2.12+dfsg-0.1
has caused the Debian Bug report #1036467,
regarding virtuoso-opensource: CVE-2023-31607 CVE-2023-31608 CVE-2023-31609
CVE-2023-31610 CVE-2023-31611 CVE-2023-31612 CVE-2023-31613 CVE-2023-31614
CVE-2023-31615 CVE-2023-31616 CVE-2023-31617 CVE-2023-31618 CVE-2023-31619
CVE-2023-31620 CVE-2023-31621 CVE-2023-31622 CVE-2023-31623 CVE-2023-31624
CVE-2023-31625 CVE-2023-31626 CVE-2023-31627 CVE-2023-31628 CVE-2023-31629
CVE-2023-31630 CVE-2023-31631
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1036467: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036467
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: virtuoso-opensource
Version: 7.2.5.1+dfsg1-0.3
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerabilities were published for virtuoso-opensource.
CVE-2023-31607[0]:
| An issue in the __libc_malloc component of openlink virtuoso-
| opensource v7.2.9 allows attackers to cause a Denial of Service (DoS)
| via crafted SQL statements.
CVE-2023-31608[1]:
| An issue in the artm_div_int component of openlink virtuoso-opensource
| v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted
| SQL statements.
CVE-2023-31609[2]:
| An issue in the dfe_unit_col_loci component of openlink virtuoso-
| opensource v7.2.9 allows attackers to cause a Denial of Service (DoS)
| via crafted SQL statements.
CVE-2023-31610[3]:
| An issue in the _IO_default_xsputn component of openlink virtuoso-
| opensource v7.2.9 allows attackers to cause a Denial of Service (DoS)
| via crafted SQL statements.
CVE-2023-31611[4]:
| An issue in the __libc_longjmp component of openlink virtuoso-
| opensource v7.2.9 allows attackers to cause a Denial of Service (DoS)
| via crafted SQL statements.
CVE-2023-31612[5]:
| An issue in the dfe_qexp_list component of openlink virtuoso-
| opensource v7.2.9 allows attackers to cause a Denial of Service (DoS)
| via crafted SQL statements.
CVE-2023-31613[6]:
| An issue in the __nss_database_lookup component of openlink virtuoso-
| opensource v7.2.9 allows attackers to cause a Denial of Service (DoS)
| via crafted SQL statements.
CVE-2023-31614[7]:
| An issue in the mp_box_deserialize_string function in openlink
| virtuoso-opensource v7.2.9 allows attackers to cause a Denial of
| Service (DoS) after running a SELECT statement.
CVE-2023-31615[8]:
| An issue in the chash_array component of openlink virtuoso-opensource
| v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted
| SQL statements.
CVE-2023-31616[9]:
| An issue in the bif_mod component of openlink virtuoso-opensource
| v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted
| SQL statements.
CVE-2023-31617[10]:
| An issue in the dk_set_delete component of openlink virtuoso-
| opensource v7.2.9 allows attackers to cause a Denial of Service (DoS)
| via crafted SQL statements.
CVE-2023-31618[11]:
| An issue in the sqlc_union_dt_wrap component of openlink virtuoso-
| opensource v7.2.9 allows attackers to cause a Denial of Service (DoS)
| via crafted SQL statements.
CVE-2023-31619[12]:
| An issue in the sch_name_to_object component of openlink virtuoso-
| opensource v7.2.9 allows attackers to cause a Denial of Service (DoS)
| via crafted SQL statements.
CVE-2023-31620[13]:
| An issue in the dv_compare component of openlink virtuoso-opensource
| v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted
| SQL statements.
CVE-2023-31621[14]:
| An issue in the kc_var_col component of openlink virtuoso-opensource
| v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted
| SQL statements.
CVE-2023-31622[15]:
| An issue in the sqlc_make_policy_trig component of openlink virtuoso-
| opensource v7.2.9 allows attackers to cause a Denial of Service (DoS)
| via crafted SQL statements.
CVE-2023-31623[16]:
| An issue in the mp_box_copy component of openlink virtuoso-opensource
| v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted
| SQL statements.
CVE-2023-31624[17]:
| An issue in the sinv_check_exp component of openlink virtuoso-
| opensource v7.2.9 allows attackers to cause a Denial of Service (DoS)
| via crafted SQL statements.
CVE-2023-31625[18]:
| An issue in the psiginfo component of openlink virtuoso-opensource
| v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted
| SQL statements.
CVE-2023-31626[19]:
| An issue in the gpf_notice component of openlink virtuoso-opensource
| v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted
| SQL statements.
CVE-2023-31627[20]:
| An issue in the strhash component of openlink virtuoso-opensource
| v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted
| SQL statements.
CVE-2023-31628[21]:
| An issue in the stricmp component of openlink virtuoso-opensource
| v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted
| SQL statements.
CVE-2023-31629[22]:
| An issue in the sqlo_union_scope component of openlink virtuoso-
| opensource v7.2.9 allows attackers to cause a Denial of Service (DoS)
| via crafted SQL statements.
CVE-2023-31630[23]:
| An issue in the sqlo_query_spec component of openlink virtuoso-
| opensource v7.2.9 allows attackers to cause a Denial of Service (DoS)
| via crafted SQL statements.
CVE-2023-31631[24]:
| An issue in the sqlo_preds_contradiction component of openlink
| virtuoso-opensource v7.2.9 allows attackers to cause a Denial of
| Service (DoS) via crafted SQL statements.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-31607
https://www.cve.org/CVERecord?id=CVE-2023-31607
[1] https://security-tracker.debian.org/tracker/CVE-2023-31608
https://www.cve.org/CVERecord?id=CVE-2023-31608
[2] https://security-tracker.debian.org/tracker/CVE-2023-31609
https://www.cve.org/CVERecord?id=CVE-2023-31609
[3] https://security-tracker.debian.org/tracker/CVE-2023-31610
https://www.cve.org/CVERecord?id=CVE-2023-31610
[4] https://security-tracker.debian.org/tracker/CVE-2023-31611
https://www.cve.org/CVERecord?id=CVE-2023-31611
[5] https://security-tracker.debian.org/tracker/CVE-2023-31612
https://www.cve.org/CVERecord?id=CVE-2023-31612
[6] https://security-tracker.debian.org/tracker/CVE-2023-31613
https://www.cve.org/CVERecord?id=CVE-2023-31613
[7] https://security-tracker.debian.org/tracker/CVE-2023-31614
https://www.cve.org/CVERecord?id=CVE-2023-31614
[8] https://security-tracker.debian.org/tracker/CVE-2023-31615
https://www.cve.org/CVERecord?id=CVE-2023-31615
[9] https://security-tracker.debian.org/tracker/CVE-2023-31616
https://www.cve.org/CVERecord?id=CVE-2023-31616
[10] https://security-tracker.debian.org/tracker/CVE-2023-31617
https://www.cve.org/CVERecord?id=CVE-2023-31617
[11] https://security-tracker.debian.org/tracker/CVE-2023-31618
https://www.cve.org/CVERecord?id=CVE-2023-31618
[12] https://security-tracker.debian.org/tracker/CVE-2023-31619
https://www.cve.org/CVERecord?id=CVE-2023-31619
[13] https://security-tracker.debian.org/tracker/CVE-2023-31620
https://www.cve.org/CVERecord?id=CVE-2023-31620
[14] https://security-tracker.debian.org/tracker/CVE-2023-31621
https://www.cve.org/CVERecord?id=CVE-2023-31621
[15] https://security-tracker.debian.org/tracker/CVE-2023-31622
https://www.cve.org/CVERecord?id=CVE-2023-31622
[16] https://security-tracker.debian.org/tracker/CVE-2023-31623
https://www.cve.org/CVERecord?id=CVE-2023-31623
[17] https://security-tracker.debian.org/tracker/CVE-2023-31624
https://www.cve.org/CVERecord?id=CVE-2023-31624
[18] https://security-tracker.debian.org/tracker/CVE-2023-31625
https://www.cve.org/CVERecord?id=CVE-2023-31625
[19] https://security-tracker.debian.org/tracker/CVE-2023-31626
https://www.cve.org/CVERecord?id=CVE-2023-31626
[20] https://security-tracker.debian.org/tracker/CVE-2023-31627
https://www.cve.org/CVERecord?id=CVE-2023-31627
[21] https://security-tracker.debian.org/tracker/CVE-2023-31628
https://www.cve.org/CVERecord?id=CVE-2023-31628
[22] https://security-tracker.debian.org/tracker/CVE-2023-31629
https://www.cve.org/CVERecord?id=CVE-2023-31629
[23] https://security-tracker.debian.org/tracker/CVE-2023-31630
https://www.cve.org/CVERecord?id=CVE-2023-31630
[24] https://security-tracker.debian.org/tracker/CVE-2023-31631
https://www.cve.org/CVERecord?id=CVE-2023-31631
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: virtuoso-opensource
Source-Version: 7.2.12+dfsg-0.1
Done: Andreas Beckmann <[email protected]>
We believe that the bug you reported is fixed in the latest version of
virtuoso-opensource, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Beckmann <[email protected]> (supplier of updated virtuoso-opensource
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 22 Mar 2024 10:19:47 +0100
Source: virtuoso-opensource
Architecture: source
Version: 7.2.12+dfsg-0.1
Distribution: experimental
Urgency: medium
Maintainer: Debian Science Maintainers
<[email protected]>
Changed-By: Andreas Beckmann <[email protected]>
Closes: 1000189 1036467 1059062
Changes:
virtuoso-opensource (7.2.12+dfsg-0.1) experimental; urgency=medium
.
[ Andreas Beckmann ]
* Non-maintainer upload.
* New upstream release 7.2.12.
- Fixes CVE-2023-48945, CVE-2023-48946, CVE-2023-48947, CVE-2023-48948,
CVE-2023-48949, CVE-2023-48950, CVE-2023-48951, CVE-2023-48952.
(Closes: #1059062)
* New upstream release 7.2.11.
* New upstream release 7.2.10.
- Fixes CVE-2023-31607, CVE-2023-31608, CVE-2023-31609, CVE-2023-31610,
CVE-2023-31611, CVE-2023-31612, CVE-2023-31613, CVE-2023-31614,
CVE-2023-31615, CVE-2023-31616, CVE-2023-31617, CVE-2023-31618,
CVE-2023-31619, CVE-2023-31620, CVE-2023-31621, CVE-2023-31622,
CVE-2023-31623, CVE-2023-31624, CVE-2023-31625, CVE-2023-31626,
CVE-2023-31627, CVE-2023-31628, CVE-2023-31629, CVE-2023-31630,
CVE-2023-31631. (Closes: #1036467)
* New upstream release 7.2.9.
* New upstream release 7.2.8.
* New upstream release 7.2.7.
* New upstream release 7.2.6.1. (Closes: #1000189)
* New upstream release 7.2.6.
* Exclude more windows-specific files.
* Handle new/moved/renamed files.
* Refresh patches.
* Upload to experimental.
.
[ Yavor Doganov ]
* debian/patches/pcre2.patch: Update for the new upstream release.
Checksums-Sha1:
18e8feb4639da17104b515c833e7c41d5d29dbc8 3915
virtuoso-opensource_7.2.12+dfsg-0.1.dsc
072a16ba040491ae00d91f67d4ada91538962466 97428784
virtuoso-opensource_7.2.12+dfsg.orig.tar.xz
af6fd80fd65b6d703ef1191a58e60fd15897d3da 71216
virtuoso-opensource_7.2.12+dfsg-0.1.debian.tar.xz
d25df46d610057ede86a485f9cf18e65912e51ef 23376
virtuoso-opensource_7.2.12+dfsg-0.1_source.buildinfo
Checksums-Sha256:
aa8d1a8316e4c756719a9193f61101097aa791101667e63f486586b1c1ceb30f 3915
virtuoso-opensource_7.2.12+dfsg-0.1.dsc
30077589fdc92488c198b8fd4159e090538b8a5132a0a406011d55db1a83e1ac 97428784
virtuoso-opensource_7.2.12+dfsg.orig.tar.xz
080236ad64a6e67e66bfa409091f4fb3525bb1a35be61cb04bb50d0432a8dcc9 71216
virtuoso-opensource_7.2.12+dfsg-0.1.debian.tar.xz
3a868cc3720e07ca0c5113897fe3a9238e2907fed43c58eb3287ee41e7a5522d 23376
virtuoso-opensource_7.2.12+dfsg-0.1_source.buildinfo
Files:
e8c5517e8da477f33a9667405251e82b 3915 database optional
virtuoso-opensource_7.2.12+dfsg-0.1.dsc
56802bf0fd7c5df52296b995aa98c400 97428784 database optional
virtuoso-opensource_7.2.12+dfsg.orig.tar.xz
cf5397dfceb63bd9f46ff675b4f6aa84 71216 database optional
virtuoso-opensource_7.2.12+dfsg-0.1.debian.tar.xz
784a41d8268e44fcd755de91ea7d54d3 23376 database optional
virtuoso-opensource_7.2.12+dfsg-0.1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAmX9Tp8QHGFuYmVAZGVi
aWFuLm9yZwAKCRBfsz+TWentCPNND/9rTIVtMMAJM8BGgnyiKWQdecNQSCfqC3+0
FSCesu9CsE8SB/29fM/S4uY4FN7yQ2rOO849jQ2BZrDTnDc5yMEFeT90nW5GjWzq
ZG1O0bvzgYCgpr5m0mPXnaYsnxtp+3ziIPwNbDgEhe2dEmVHtHWICqmzGs+ZaYPv
Ubc+FbGVdgr5hoNaNRqEbd4QAJ0SmSIvqiG4L4F4xj2PTdA+loF0b+0Qm90uN1oF
5VROsKfzly/585QA9RHbaHFrEcxfVKGMZ4J+AmOybDPCgZoFP9ttj7FPUupYrpFz
nrlEqAxAM8TCLO+YQixa25X0uOuLrR2s0OGedytARhz1AX3HfjQwqfMrp7LsVjq4
e0AVSA1PYzeGN2TJD50dfBi7G3mwtLrT2qN60gd+lplDPD1g234sTtF1GQuz/A4u
tyZghOuD7DH2ALadnjF3fZNCAwQAp+0QyyL42azJZiBkf+Pxv4LVbpAHpzlkwlUG
RQGPy+iJRr0SGzbe05ztR8HHhCwQddTqMUozT3fu/GLHE6trzM60hpO6zFLVnTQc
UDAQPGt9MjLndV1YTbElnSooxZuVEdVXu6qMZc+H/ZmW6UJ4KiVbKo4mx75v2lVu
IT4R+4MQ32TKa/hCrsE0gCFn8m9QLzxWpv4Oq1tcnpoq9sPhpepo8o4/djbXw5zr
foC3RDm3Ew==
=6WDB
-----END PGP SIGNATURE-----
pgp9HZZK1Wtx8.pgp
Description: PGP signature
--- End Message ---
--
debian-science-maintainers mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
