Your message dated Mon, 20 May 2024 13:49:37 +0000
with message-id <e1s93ot-003tjn...@fasolo.debian.org>
and subject line Bug#1014539: fixed in squirrel3 3.1-8.2
has caused the Debian Bug report #1014539,
regarding squirrel3: CVE-2022-30292
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1014539: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014539
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: squirrel3
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for squirrel3.
CVE-2022-30292[0]:
| Heap-based buffer overflow in sqbaselib.cpp in SQUIRREL 3.2 due to
| lack of a certain sq_reservestack call.
https://github.com/albertodemichelis/squirrel/commit/a6413aa690e0bdfef648c68693349a7b878fe60d
https://github.com/sprushed/CVE-2022-30292
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-30292
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30292
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: squirrel3
Source-Version: 3.1-8.2
Done: Matthias Geiger <werdah...@riseup.net>
We believe that the bug you reported is fixed in the latest version of
squirrel3, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1014...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Matthias Geiger <werdah...@riseup.net> (supplier of updated squirrel3 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 13 May 2024 14:59:34 +0200
Source: squirrel3
Architecture: source
Version: 3.1-8.2
Distribution: unstable
Urgency: medium
Maintainer: Fabian Wolff <fabi.wo...@arcor.de>
Changed-By: Matthias Geiger <werdah...@riseup.net>
Closes: 1014539
Changes:
squirrel3 (3.1-8.2) unstable; urgency=medium
.
* Non-maintainer upload.
* Cherry-pick upstream commit as 03-fix-buffer-overflow.diff
Closes: #1014539, CVE-2022-30292
Checksums-Sha1:
e549b7bb3bee134a2cd73f07a27cdad3f8d7724e 2072 squirrel3_3.1-8.2.dsc
61ad8ea1de6abe992e91d368a8417bc6a0f74c58 7236 squirrel3_3.1-8.2.debian.tar.xz
7ded13b4277224edebdce4ea6e499278d66ba1c7 11318
squirrel3_3.1-8.2_amd64.buildinfo
Checksums-Sha256:
8131d56d5d1c300d297b71bce54c5231f296a9c23826074c08174b4bac46f02f 2072
squirrel3_3.1-8.2.dsc
c35a8a72ff0de510e73362c1767cec48c075ef9a861d140c9cc25736c06f182c 7236
squirrel3_3.1-8.2.debian.tar.xz
1717779437aa5aea4abd6e3862cca70184d85200cb4e5921df8c8ec7ad1e86ec 11318
squirrel3_3.1-8.2_amd64.buildinfo
Files:
bdee2b3a992e7ce5e8d8711446918fc9 2072 interpreters optional
squirrel3_3.1-8.2.dsc
ca1e958e9592005ded323d28d7e93864 7236 interpreters optional
squirrel3_3.1-8.2.debian.tar.xz
d422f2dcf8796b57a11178d80f3653e2 11318 interpreters optional
squirrel3_3.1-8.2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE5CQeth7uIW7ehIz87iFbn7jEWwsFAmZCEFkACgkQ7iFbn7jE
Wws5+BAAmxRgPoP+TwTJi9wLK9gvf9zfe+H1V23ZUp2tONeGaDzrqmZb/9XGK8zv
MNqo5KiiwWCDeVcxy8Y5ILJpqfVHb4hnxPcy0fwBwvVHNX9yBPY2wdaTIRhULplR
GXDM+K/ZcotE/DkZxEuaVNHyDY1fzuWesaKpt2XLp7o1v+RUoHkoooDLLhjZYakX
pVNqKfay1KTdHYJVThMU8fVSFDbP2VyIRpgGwSGBsX+fsriZtG/kbbJMFbqQ/bku
57Q7SG3pNyvG9PYW51cN/nymYyudhjtHbv2zdmcEBA4iY31DZGlfuCKOuaQus9MT
pm1M7uIbWySCxRHFwm1hXdX1zNTir5V8yP5IZBbbK4+e2+VDsj9Bn16G5/drI7/5
nbC1bXPL342VCGI1U+P9T6PJaLozbpcRx08AjFxaGB8XlbU8XZjzcNiZFGoSnyed
zVTbbzghUyatt1Vy+X47oG97uLKNWBKuS6wSeh3o6cpxOWwGMRl0SXPof55bcBix
NqCCv2z7EHLj9NhhIIi+ROpfflMyrScsuqyqTyR/8Yw8KwFm9Nx+kvC/RtLYuGOJ
1EPb1oVusXMGjjIthjvnoMmQ4lU2utiqtFH8t/eZUFfFVrNcf8cVMLx2c54PKgG3
xMlDHWBHu1Rx83kxqjEYldts+rhAj6blXjMIYgG78+mw5APCyJY=
=ZDrf
-----END PGP SIGNATURE-----
pgp9L3HugZJxi.pgp
Description: PGP signature
--- End Message ---
