Your message dated Mon, 24 Feb 2025 08:41:43 +0000
with message-id <[email protected]>
and subject line Bug#1088186: fixed in pcl 1.15.0+dfsg-2
has caused the Debian Bug report #1088186,
regarding pcl: CVE-2024-53432: Uncaught Exception in PCLPointCloud2::at When
Parsing Malformed PLY Files
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1088186: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088186
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: pcl
Version: 1.14.0+dfsg-4
Severity: important
Tags: security upstream
Forwarded: https://github.com/PointCloudLibrary/pcl/issues/6162
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for pcl.
CVE-2024-53432[0]:
| While parsing certain malformed PLY files, PCL version 1.14.1
| crashes due to an uncaught std::out_of_range exception in
| PCLPointCloud2::at. This issue could potentially be exploited to
| cause a denial-of-service (DoS) attack when processing untrusted PLY
| files.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-53432
https://www.cve.org/CVERecord?id=CVE-2024-53432
[1] https://github.com/PointCloudLibrary/pcl/issues/6162
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: pcl
Source-Version: 1.15.0+dfsg-2
Done: Jochen Sprickerhof <[email protected]>
We believe that the bug you reported is fixed in the latest version of
pcl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jochen Sprickerhof <[email protected]> (supplier of updated pcl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 24 Feb 2025 09:16:33 +0100
Source: pcl
Architecture: source
Version: 1.15.0+dfsg-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Science Maintainers
<[email protected]>
Changed-By: Jochen Sprickerhof <[email protected]>
Closes: 1088186 1091665
Changes:
pcl (1.15.0+dfsg-2) unstable; urgency=medium
.
* Work around test failing on i386
* Upload to unstable
.
pcl (1.15.0+dfsg-1) experimental; urgency=medium
.
[ Helge Deller ]
* Ignore tests on hppa and sparc64 (big-endian) (Closes: #1091665)
.
[ Jochen Sprickerhof ]
* d/copyright: Files-Excluded: cJSON
* New upstream version 1.15.0+dfsg
- Closes: #1088186 (Fix CVE-2024-53432)
* Build depend on libcjson-dev
* Update d/copyright
* Rediff patches
* Rename library packages due to Soname bump
* Bump policy version (no changes)
Checksums-Sha1:
3c219f4a2945136712765555ead018c982186f70 4466 pcl_1.15.0+dfsg-2.dsc
082c4952fb6874ed7e450e87056627024dbde791 31408 pcl_1.15.0+dfsg-2.debian.tar.xz
Checksums-Sha256:
348009458ca43251a070b1ef5883004d7f58f231405be88a08a57aaa9ea3ca45 4466
pcl_1.15.0+dfsg-2.dsc
3df7606dd9931f8ff355a99e059dbf6d461e165ada4ffe25ab99127d1d18d02f 31408
pcl_1.15.0+dfsg-2.debian.tar.xz
Files:
4d8195d4fb856ceeebbbe663098c1e5d 4466 libs optional pcl_1.15.0+dfsg-2.dsc
4e163e5df4d7a79d6035a64e105d34fa 31408 libs optional
pcl_1.15.0+dfsg-2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEc7KZy9TurdzAF+h6W//cwljmlDMFAme8K00ACgkQW//cwljm
lDPOTA/+JNMnuVmvH7sNgzaIXC71LNoVRn3V1w1VYlfdcjVI2xYpZidaoZqGP6xN
Z2L8eVjxvJCYfHnCAxeZLDtAvWxKIcLyJ/iCGPxUz+t0yejLM1L72RC52jOjyT0W
97A3B7gcLfSMWKTxHLE7kCGgZiG1HT2jJjhgA2b+qTRPG1kH4cDFYX2RbhvjOj6E
duLqkZ25QodA+sEdBo0+BpG2MYA+8AlUVx5nkFJNhbOA+1mDoFdd9uxmmjXsQknm
ibna4MSrnElwpKDLpTyc3NrIUHD0/sbAgRpHCAxPqYeqqW2ZQwcXg8yKOX5Glu/S
MIw6a7S69LzykLjfkLT2EGtqIQ4lMDi2hBYbCCA2kVTzlKIPfKlR3GLiqQTPknyC
b2Nk3fKHoLFHWGtgBeAOHwVOlPIad/kDvigzTUDTjiVLzeSWh4zL+CChDY7GXjQR
UwLXoXEtDC1c3EsqhtsEhdOkQsF5X2a4aAU99SdeHsAyzqVu6SGMgo0P/A9KNMeb
rt+8MhfObhr2AnSioxy1x282NZUrJOWeGbCy5UARduXqIIPDSxt1Rt00gNfB5uiQ
H3apwzF0/mTDevewabqK6iAl3vdWMFNZQ3YfcpjS5ht2BmjNbsWw+xt9IY+cixHc
c9L0lSSQOAohrHw5N4kVlMIzYZfOd0qF0iM8+djXbIWzkXgR0qk=
=ld/9
-----END PGP SIGNATURE-----
pgpFTHZ3ztRM6.pgp
Description: PGP signature
--- End Message ---
--
debian-science-maintainers mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
