Bug#1059062: marked as done (virtuoso-opensource: CVE-2023-48945 CVE-2023-48946 CVE-2023-48947 CVE-2023-48948 CVE-2023-48949 CVE-2023-48950 CVE-2023-48951 CVE-2023-48952)

Fri, 22 Mar 2024 03:07:21 -0700 

Your message dated Fri, 22 Mar 2024 10:03:30 +0000
with message-id <[email protected]>
and subject line Bug#1059062: fixed in virtuoso-opensource 7.2.12+dfsg-0.1
has caused the Debian Bug report #1059062,
regarding virtuoso-opensource: CVE-2023-48945 CVE-2023-48946 CVE-2023-48947 
CVE-2023-48948 CVE-2023-48949 CVE-2023-48950 CVE-2023-48951 CVE-2023-48952
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1059062: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059062
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: virtuoso-opensource
X-Debbugs-CC: [email protected]
Severity: important
Tags: security

Hi,

The following vulnerabilities were published for virtuoso-opensource.

CVE-2023-48945[0]:
| A stack overflow in openlink virtuoso-opensource v7.2.11 allows
| attackers to cause a Denial of Service (DoS) via crafted SQL
| statements.

https://github.com/openlink/virtuoso-opensource/issues/1172

CVE-2023-48946[1]:
| An issue in the box_mpy function of openlink virtuoso-opensource
| v7.2.11 allows attackers to cause a Denial of Service (DoS) after
| running a SELECT statement.

https://github.com/openlink/virtuoso-opensource/issues/1178

CVE-2023-48947[2]:
| An issue in the cha_cmp function of openlink virtuoso-opensource
| v7.2.11 allows attackers to cause a Denial of Service (DoS) after
| running a SELECT statement.

https://github.com/openlink/virtuoso-opensource/issues/1179

CVE-2023-48948[3]:
| An issue in the box_div function in openlink virtuoso-opensource
| v7.2.11 allows attackers to cause a Denial of Service (DoS) after
| running a SELECT statement.

https://github.com/openlink/virtuoso-opensource/issues/1176

CVE-2023-48949[4]:
| An issue in the box_add function in openlink virtuoso-opensource
| v7.2.11 allows attackers to cause a Denial of Service (DoS) after
| running a SELECT statement.

https://github.com/openlink/virtuoso-opensource/issues/1173

CVE-2023-48950[5]:
| An issue in the box_col_len function in openlink virtuoso-opensource
| v7.2.11 allows attackers to cause a Denial of Service (DoS) after
| running a SELECT statement.

https://github.com/openlink/virtuoso-opensource/issues/1174

CVE-2023-48951[6]:
| An issue in the box_equal function in openlink virtuoso-opensource
| v7.2.11 allows attackers to cause a Denial of Service (DoS) after
| running a SELECT statement.

https://github.com/openlink/virtuoso-opensource/issues/1177

CVE-2023-48952[7]:
| An issue in the box_deserialize_reusing function in openlink
| virtuoso-opensource v7.2.11 allows attackers to cause a Denial of
| Service (DoS) after running a SELECT statement.

https://github.com/openlink/virtuoso-opensource/issues/1175

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-48945
    https://www.cve.org/CVERecord?id=CVE-2023-48945
[1] https://security-tracker.debian.org/tracker/CVE-2023-48946
    https://www.cve.org/CVERecord?id=CVE-2023-48946
[2] https://security-tracker.debian.org/tracker/CVE-2023-48947
    https://www.cve.org/CVERecord?id=CVE-2023-48947
[3] https://security-tracker.debian.org/tracker/CVE-2023-48948
    https://www.cve.org/CVERecord?id=CVE-2023-48948
[4] https://security-tracker.debian.org/tracker/CVE-2023-48949
    https://www.cve.org/CVERecord?id=CVE-2023-48949
[5] https://security-tracker.debian.org/tracker/CVE-2023-48950
    https://www.cve.org/CVERecord?id=CVE-2023-48950
[6] https://security-tracker.debian.org/tracker/CVE-2023-48951
    https://www.cve.org/CVERecord?id=CVE-2023-48951
[7] https://security-tracker.debian.org/tracker/CVE-2023-48952
    https://www.cve.org/CVERecord?id=CVE-2023-48952

Please adjust the affected versions in the BTS as needed.

--- End Message ---
--- Begin Message --- 
Source: virtuoso-opensource
Source-Version: 7.2.12+dfsg-0.1
Done: Andreas Beckmann <[email protected]>

We believe that the bug you reported is fixed in the latest version of
virtuoso-opensource, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Beckmann <[email protected]> (supplier of updated virtuoso-opensource 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 22 Mar 2024 10:19:47 +0100
Source: virtuoso-opensource
Architecture: source
Version: 7.2.12+dfsg-0.1
Distribution: experimental
Urgency: medium
Maintainer: Debian Science Maintainers 
<[email protected]>
Changed-By: Andreas Beckmann <[email protected]>
Closes: 1000189 1036467 1059062
Changes:
 virtuoso-opensource (7.2.12+dfsg-0.1) experimental; urgency=medium
 .
   [ Andreas Beckmann ]
   * Non-maintainer upload.
   * New upstream release 7.2.12.
     - Fixes CVE-2023-48945, CVE-2023-48946, CVE-2023-48947, CVE-2023-48948,
       CVE-2023-48949, CVE-2023-48950, CVE-2023-48951, CVE-2023-48952.
       (Closes: #1059062)
   * New upstream release 7.2.11.
   * New upstream release 7.2.10.
     - Fixes CVE-2023-31607, CVE-2023-31608, CVE-2023-31609, CVE-2023-31610,
       CVE-2023-31611, CVE-2023-31612, CVE-2023-31613, CVE-2023-31614,
       CVE-2023-31615, CVE-2023-31616, CVE-2023-31617, CVE-2023-31618,
       CVE-2023-31619, CVE-2023-31620, CVE-2023-31621, CVE-2023-31622,
       CVE-2023-31623, CVE-2023-31624, CVE-2023-31625, CVE-2023-31626,
       CVE-2023-31627, CVE-2023-31628, CVE-2023-31629, CVE-2023-31630,
       CVE-2023-31631.  (Closes: #1036467)
   * New upstream release 7.2.9.
   * New upstream release 7.2.8.
   * New upstream release 7.2.7.
   * New upstream release 7.2.6.1.  (Closes: #1000189)
   * New upstream release 7.2.6.
   * Exclude more windows-specific files.
   * Handle new/moved/renamed files.
   * Refresh patches.
   * Upload to experimental.
 .
   [ Yavor Doganov ]
   * debian/patches/pcre2.patch: Update for the new upstream release.
Checksums-Sha1:
 18e8feb4639da17104b515c833e7c41d5d29dbc8 3915 
virtuoso-opensource_7.2.12+dfsg-0.1.dsc
 072a16ba040491ae00d91f67d4ada91538962466 97428784 
virtuoso-opensource_7.2.12+dfsg.orig.tar.xz
 af6fd80fd65b6d703ef1191a58e60fd15897d3da 71216 
virtuoso-opensource_7.2.12+dfsg-0.1.debian.tar.xz
 d25df46d610057ede86a485f9cf18e65912e51ef 23376 
virtuoso-opensource_7.2.12+dfsg-0.1_source.buildinfo
Checksums-Sha256:
 aa8d1a8316e4c756719a9193f61101097aa791101667e63f486586b1c1ceb30f 3915 
virtuoso-opensource_7.2.12+dfsg-0.1.dsc
 30077589fdc92488c198b8fd4159e090538b8a5132a0a406011d55db1a83e1ac 97428784 
virtuoso-opensource_7.2.12+dfsg.orig.tar.xz
 080236ad64a6e67e66bfa409091f4fb3525bb1a35be61cb04bb50d0432a8dcc9 71216 
virtuoso-opensource_7.2.12+dfsg-0.1.debian.tar.xz
 3a868cc3720e07ca0c5113897fe3a9238e2907fed43c58eb3287ee41e7a5522d 23376 
virtuoso-opensource_7.2.12+dfsg-0.1_source.buildinfo
Files:
 e8c5517e8da477f33a9667405251e82b 3915 database optional 
virtuoso-opensource_7.2.12+dfsg-0.1.dsc
 56802bf0fd7c5df52296b995aa98c400 97428784 database optional 
virtuoso-opensource_7.2.12+dfsg.orig.tar.xz
 cf5397dfceb63bd9f46ff675b4f6aa84 71216 database optional 
virtuoso-opensource_7.2.12+dfsg-0.1.debian.tar.xz
 784a41d8268e44fcd755de91ea7d54d3 23376 database optional 
virtuoso-opensource_7.2.12+dfsg-0.1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAmX9Tp8QHGFuYmVAZGVi
aWFuLm9yZwAKCRBfsz+TWentCPNND/9rTIVtMMAJM8BGgnyiKWQdecNQSCfqC3+0
FSCesu9CsE8SB/29fM/S4uY4FN7yQ2rOO849jQ2BZrDTnDc5yMEFeT90nW5GjWzq
ZG1O0bvzgYCgpr5m0mPXnaYsnxtp+3ziIPwNbDgEhe2dEmVHtHWICqmzGs+ZaYPv
Ubc+FbGVdgr5hoNaNRqEbd4QAJ0SmSIvqiG4L4F4xj2PTdA+loF0b+0Qm90uN1oF
5VROsKfzly/585QA9RHbaHFrEcxfVKGMZ4J+AmOybDPCgZoFP9ttj7FPUupYrpFz
nrlEqAxAM8TCLO+YQixa25X0uOuLrR2s0OGedytARhz1AX3HfjQwqfMrp7LsVjq4
e0AVSA1PYzeGN2TJD50dfBi7G3mwtLrT2qN60gd+lplDPD1g234sTtF1GQuz/A4u
tyZghOuD7DH2ALadnjF3fZNCAwQAp+0QyyL42azJZiBkf+Pxv4LVbpAHpzlkwlUG
RQGPy+iJRr0SGzbe05ztR8HHhCwQddTqMUozT3fu/GLHE6trzM60hpO6zFLVnTQc
UDAQPGt9MjLndV1YTbElnSooxZuVEdVXu6qMZc+H/ZmW6UJ4KiVbKo4mx75v2lVu
IT4R+4MQ32TKa/hCrsE0gCFn8m9QLzxWpv4Oq1tcnpoq9sPhpepo8o4/djbXw5zr
foC3RDm3Ew==
=6WDB
-----END PGP SIGNATURE-----

Attachment: pgpz0bjSrXbBJ.pgp
Description: PGP signature


--- End Message ---
-- 
debian-science-maintainers mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers

Reply via email to