Bug#868956: marked as done (libmspack: CVE-2017-11423)

2017-08-22 Thread Debian Bug Tracking System 
Your message dated Tue, 22 Aug 2017 21:47:18 +
with message-id 
and subject line Bug#868956: fixed in libmspack 0.5-1+deb9u1
has caused the Debian Bug report #868956,
regarding libmspack: CVE-2017-11423
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
868956: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868956
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libmspack
Version: 0.5-1
Severity: important
Tags: security upstream
Forwarded: https://bugzilla.clamav.net/show_bug.cgi?id=11873

Hi,

the following vulnerability was published for libmspack.

CVE-2017-11423[0]:
| The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha,
| as used in ClamAV 0.99.2 and other products, allows remote attackers to
| cause a denial of service (stack-based buffer over-read and application
| crash) via a crafted CAB file.

Unfortunately the upstream bug [1] is locked-down.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-11423
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11423
[1] https://bugzilla.clamav.net/show_bug.cgi?id=11873

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libmspack
Source-Version: 0.5-1+deb9u1

We believe that the bug you reported is fixed in the latest version of
libmspack, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 868...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastian Andrzej Siewior  (supplier of updated 
libmspack package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 16 Aug 2017 21:42:50 +0200
Source: libmspack
Binary: libmspack0 libmspack-dev libmspack-dbg libmspack-doc
Architecture: source all
Version: 0.5-1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Marc Dequènes (Duck) 
Changed-By: Sebastian Andrzej Siewior 
Description:
 libmspack-dbg - library for Microsoft compression formats (debugging symbols)
 libmspack-dev - library for Microsoft compression formats (development files)
 libmspack-doc - library for Microsoft compression formats (documentation)
 libmspack0 - library for Microsoft compression formats (shared library)
Closes: 868956 871263
Changes:
 libmspack (0.5-1+deb9u1) stretch-security; urgency=high
 .
   * Non-maintainer upload.
   * Correct rejection of empty strings.
   * Fix mis-handling of sys->read() errors in cabd_read_string()
 (CVE-2017-11423) (Closes: #868956).
   * Reject negative output length in SpanInfo (CVE-2017-6419)
 (Closes: #871263).
Checksums-Sha1:
 8118405773ef8356fe520737058fbf95d17117ed 2106 libmspack_0.5-1+deb9u1.dsc
 226f19b1fc58e820671a1749983b06896e108cc4 654193 libmspack_0.5.orig.tar.gz
 4babb832b2773e12567b274de585ba2a9e7d8c67 5144 
libmspack_0.5-1+deb9u1.debian.tar.xz
 dc60b25fbf123af558558eca9d42d07eeb5d401e 100468 
libmspack-doc_0.5-1+deb9u1_all.deb
 223aaec089b4b2981c25d8bf97018e527504774b 5514 
libmspack_0.5-1+deb9u1_all.buildinfo
Checksums-Sha256:
 310bd4b82727a872fe4501178858384843047b6068eca999d95d079f57d76499 2106 
libmspack_0.5-1+deb9u1.dsc
 8967f275525f5067b364cee43b73e44d0433668c39f9376dfff19f653d1c8110 654193 
libmspack_0.5.orig.tar.gz
 5684fef2fb4dcef3440a04bfb2fcb2add4eb1cafab157b7e0f6fe623d7a2c484 5144 
libmspack_0.5-1+deb9u1.debian.tar.xz
 b5a7aff16ae33e3b8ab74e2a7f249567908d1b32af63a31c7ea0309f7b142033 100468 
libmspack-doc_0.5-1+deb9u1_all.deb
 b175d977c70110889a4f5f70fb6723a42d52fb9d308434a25946fc2ef32fdc56 5514 
libmspack_0.5-1+deb9u1_all.buildinfo
Files:
 396bdf2547bb0b30d16b472e83d6a3b0 2106 libs optional libmspack_0.5-1+deb9u1.dsc
 3aa3f6b9ef101463270c085478fda1da 654193 libs optional libmspack_0.5.orig.tar.gz
 9ff4024c162377ea097e4bb2ae44d85f 5144 libs optional 
libmspack_0.5-1+deb9u1.debian.tar.xz
 a517717857cb8d9b933fa156f4e24445 100468 doc optional 
libmspack-doc_0.5-1+deb9u1_all.deb
 dbf7fd58a7820d7024a987819700eb86 5514 libs optional

Bug#868956: marked as done (libmspack: CVE-2017-11423)

2017-08-22 Thread Debian Bug Tracking System 
Your message dated Tue, 22 Aug 2017 21:48:34 +
with message-id 
and subject line Bug#868956: fixed in libmspack 0.5-1+deb8u1
has caused the Debian Bug report #868956,
regarding libmspack: CVE-2017-11423
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
868956: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868956
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libmspack
Version: 0.5-1
Severity: important
Tags: security upstream
Forwarded: https://bugzilla.clamav.net/show_bug.cgi?id=11873

Hi,

the following vulnerability was published for libmspack.

CVE-2017-11423[0]:
| The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha,
| as used in ClamAV 0.99.2 and other products, allows remote attackers to
| cause a denial of service (stack-based buffer over-read and application
| crash) via a crafted CAB file.

Unfortunately the upstream bug [1] is locked-down.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-11423
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11423
[1] https://bugzilla.clamav.net/show_bug.cgi?id=11873

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libmspack
Source-Version: 0.5-1+deb8u1

We believe that the bug you reported is fixed in the latest version of
libmspack, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 868...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastian Andrzej Siewior  (supplier of updated 
libmspack package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 16 Aug 2017 21:42:50 +0200
Source: libmspack
Binary: libmspack0 libmspack-dev libmspack-dbg libmspack-doc
Architecture: source amd64 all
Version: 0.5-1+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Marc Dequènes (Duck) 
Changed-By: Sebastian Andrzej Siewior 
Description:
 libmspack-dbg - library for Microsoft compression formats (debugging symbols)
 libmspack-dev - library for Microsoft compression formats (development files)
 libmspack-doc - library for Microsoft compression formats (documentation)
 libmspack0 - library for Microsoft compression formats (shared library)
Closes: 868956 871263
Changes:
 libmspack (0.5-1+deb8u1) jessie-security; urgency=high
 .
   * Non-maintainer upload.
   * Correct rejection of empty strings.
   * Fix mis-handling of sys->read() errors in cabd_read_string()
 (CVE-2017-11423) (Closes: #868956).
   * Reject negative output length in SpanInfo (CVE-2017-6419)
 (Closes: #871263).
Checksums-Sha1:
 0f0eeda3692a12a2ba912733b96c72c6e190295a 2106 libmspack_0.5-1+deb8u1.dsc
 42df94afb1e167e1334b92cded4e86c0b6568823 5148 
libmspack_0.5-1+deb8u1.debian.tar.xz
 5d53a8c460e28223ad680154451f21794e5811a5 47170 
libmspack0_0.5-1+deb8u1_amd64.deb
 ff8fe69a3e7ac2e1a67e3be3583b5002757158b7 65516 
libmspack-dev_0.5-1+deb8u1_amd64.deb
 66cd4083789e01458c19f928c5576995dfe07aab 84436 
libmspack-dbg_0.5-1+deb8u1_amd64.deb
 4aae4ac61a56bfc7d30e9195d13bd19f5b290712 100766 
libmspack-doc_0.5-1+deb8u1_all.deb
Checksums-Sha256:
 4c0d570bee1de45c801dd2fc745c4fa56131a206ab1edab49e7407942f7d8387 2106 
libmspack_0.5-1+deb8u1.dsc
 c7ad3df9c6401cbc075acba4519a5fb312183c83154834d52408ce8455e76db8 5148 
libmspack_0.5-1+deb8u1.debian.tar.xz
 c5efdde1b92633dc3c6b65bbe197bd9cdf5c1748b98f465a29c582602fd3cff4 47170 
libmspack0_0.5-1+deb8u1_amd64.deb
 0578c9ff8f5f6ff6732769a588595c82850ae83a8379ba3e92df3514d7bd8fd3 65516 
libmspack-dev_0.5-1+deb8u1_amd64.deb
 7597553486ec11b6fc583468bc85b822ab538a3eb3e14a6193aab36793f13542 84436 
libmspack-dbg_0.5-1+deb8u1_amd64.deb
 8e04f2a37878279060657d4af01ddb4b8a27b30e2656e408e57eecefd80bac29 100766 
libmspack-doc_0.5-1+deb8u1_all.deb
Files:
 b5bcf260629f0c2c6884d8b1b1877f55 2106 libs optional libmspack_0.5-1+deb8u1.dsc
 be04a3ce310a729c35f5fdb55373 5148 libs optional 
libmspack_0.5-1+deb8u1.debian.tar.xz

Bug#868956: marked as done (libmspack: CVE-2017-11423)

2017-08-14 Thread Debian Bug Tracking System 
Your message dated Mon, 14 Aug 2017 23:04:15 +
with message-id 
and subject line Bug#868956: fixed in libmspack 0.6-1
has caused the Debian Bug report #868956,
regarding libmspack: CVE-2017-11423
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
868956: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868956
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libmspack
Version: 0.5-1
Severity: important
Tags: security upstream
Forwarded: https://bugzilla.clamav.net/show_bug.cgi?id=11873

Hi,

the following vulnerability was published for libmspack.

CVE-2017-11423[0]:
| The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha,
| as used in ClamAV 0.99.2 and other products, allows remote attackers to
| cause a denial of service (stack-based buffer over-read and application
| crash) via a crafted CAB file.

Unfortunately the upstream bug [1] is locked-down.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-11423
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11423
[1] https://bugzilla.clamav.net/show_bug.cgi?id=11873

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libmspack
Source-Version: 0.6-1

We believe that the bug you reported is fixed in the latest version of
libmspack, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 868...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Marc Dequènes (Duck)  (supplier of updated libmspack package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 15 Aug 2017 06:08:38 +0900
Source: libmspack
Binary: libmspack0 libmspack-dev libmspack-doc
Architecture: source amd64 all
Version: 0.6-1
Distribution: unstable
Urgency: medium
Maintainer: Marc Dequènes (Duck) 
Changed-By: Marc Dequènes (Duck) 
Description:
 libmspack-dev - library for Microsoft compression formats (development files)
 libmspack-doc - library for Microsoft compression formats (documentation)
 libmspack0 - library for Microsoft compression formats (shared library)
Closes: 868956 871263
Changes:
 libmspack (0.6-1) unstable; urgency=medium
 .
   * New upstream release:
 + Fix CVE-2017-6419 (Closes: #871263)
 + Fix CVE-2017-11423 (Closes: #868956)
   * Fix building documentation.
   * Use HTTPS in package metadata.
   * Transition to automatic debug packages.
   * Package now conforms to Standards-Version 4.0.0.
   * Switch to compat level 10.
Checksums-Sha1:
 abfa82db355a34ccd5ee4f223c619c31f605b3c9 2026 libmspack_0.6-1.dsc
 1e616315aeee95fc0140bdfd6e342a3706688d44 476992 libmspack_0.6.orig.tar.gz
 47ce28652edf6aa3422386a23e11c2afaef03901 2932 libmspack_0.6-1.debian.tar.xz
 6cda305044695ddfbfb4b8556791510c04261a85 64042 libmspack-dev_0.6-1_amd64.deb
 9a15aae2b181ce2c534199400d2279a4cfd52720 323278 libmspack-doc_0.6-1_all.deb
 ca56b2331a000fa008ab02567448df487e0a0c5b 78180 
libmspack0-dbgsym_0.6-1_amd64.deb
 1000c0c78db81e54086fcf76ff3639df9a402ed9 45922 libmspack0_0.6-1_amd64.deb
 3aaec626eb5d086d579d06edfafaf85c81dae160 6208 libmspack_0.6-1_amd64.buildinfo
Checksums-Sha256:
 d60b99aeaffe40371374eaf89a0eccc4cd388819b1ff698c896b5b430bfcc2a0 2026 
libmspack_0.6-1.dsc
 1edbee82accb28e679ab538f803aab7a5a569e4102ccf1715b462b1bd915f921 476992 
libmspack_0.6.orig.tar.gz
 d99333e354f66275033867690f8c60f36d19c7299ca60abd0c79f5a0dec4afaa 2932 
libmspack_0.6-1.debian.tar.xz
 44298281b906ba1e08090c8662ef14fd0ccd3a800d3ebc63bcffd490897b5d0c 64042 
libmspack-dev_0.6-1_amd64.deb
 0bab83264b3446927fb9b257ac03c427455d30f1f5048fb58611354375c4e8cd 323278 
libmspack-doc_0.6-1_all.deb
 babdc78285bdbf692023e2e764055b39491c22f412f79d85858fc252673a3efb 78180 
libmspack0-dbgsym_0.6-1_amd64.deb
 eee2940b06096b4abe70cc03ce096e94f2240e28ab4996b827bca1612a583397 45922 
libmspack0_0.6-1_amd64.deb
 c1c7e198d874418ddc9c5442c9bf9dee443f4ff900ce60e6a6a2de5d0c6b8c68 6208 
libmspack_0.6-1_amd64.buildinfo
Files: