Your message dated Thu, 10 Aug 2017 16:50:28 +0000 with message-id <e1dfqfe-0001by...@fasolo.debian.org> and subject line Bug#871650: fixed in libsoup2.4 2.56.1-1 has caused the Debian Bug report #871650, regarding libsoup2.4: CVE-2017-2885: stack based buffer overflow with HTTP Chunked Encoding to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 871650: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871650 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libsoup2.4 Version: 2.48.0-1 Severity: grave Tags: security patch upstream Forwarded: https://bugzilla.gnome.org/show_bug.cgi?id=785774 Control: fixed -1 2.48.0-1+deb8u1 Control: fixed -1 2.56.0-2+deb9u1 Hi, the following vulnerability was published for libsoup2.4. CVE-2017-2885[0]: stack based buffer overflow with HTTP Chunked Encoding If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-2885 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2885 [1] https://bugzilla.gnome.org/show_bug.cgi?id=785774 [2] https://git.gnome.org/browse/libsoup/commit/?id=03c91c76daf70ee227f38304c5e45a155f45073d Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libsoup2.4 Source-Version: 2.56.1-1 We believe that the bug you reported is fixed in the latest version of libsoup2.4, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 871...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Emilio Pozuelo Monfort <po...@debian.org> (supplier of updated libsoup2.4 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 10 Aug 2017 18:29:43 +0200 Source: libsoup2.4 Binary: libsoup2.4-dev libsoup2.4-1 libsoup-gnome2.4-1 libsoup-gnome2.4-dev libsoup2.4-doc gir1.2-soup-2.4 Architecture: source Version: 2.56.1-1 Distribution: unstable Urgency: high Maintainer: Debian GNOME Maintainers <pkg-gnome-maintain...@lists.alioth.debian.org> Changed-By: Emilio Pozuelo Monfort <po...@debian.org> Description: gir1.2-soup-2.4 - GObject introspection data for the libsoup HTTP library libsoup-gnome2.4-1 - HTTP library implementation in C -- GNOME support library libsoup-gnome2.4-dev - HTTP library implementation in C -- GNOME support development fil libsoup2.4-1 - HTTP library implementation in C -- Shared library libsoup2.4-dev - HTTP library implementation in C -- Development files libsoup2.4-doc - HTTP library implementation in C -- API Reference Closes: 871650 Changes: libsoup2.4 (2.56.1-1) unstable; urgency=high . * New upstream release. + CVE-2017-2885: Fixed a chunked decoding buffer overrun that could be exploited against either clients or servers. Closes: #871650. Checksums-Sha1: 20a79357f4d646d383a127cd391d5fe2affb26f8 2706 libsoup2.4_2.56.1-1.dsc 097fb1ad0b30e88b8fc9b924917c9344be2f48a3 1806416 libsoup2.4_2.56.1.orig.tar.xz 5d2e8170c45b0761f179f6bb04789d78194310d1 19044 libsoup2.4_2.56.1-1.debian.tar.xz 778cf401e3eef7a480db6e8c0c5f5cc28be392be 9686 libsoup2.4_2.56.1-1_source.buildinfo Checksums-Sha256: 0d641a3940842381e7de5a6ed6dc3956a60ac2e3b78d05ab9d215f1e7a0e8df9 2706 libsoup2.4_2.56.1-1.dsc c32a46d77b4da433b51d8fd09a57a44b198e03bdc93e5219afcc687c7948eac3 1806416 libsoup2.4_2.56.1.orig.tar.xz 7b007ac21c78e0f1d47f2d95bb3fd253cd60c5b4d9301fb7a6a44d07e9b0d592 19044 libsoup2.4_2.56.1-1.debian.tar.xz ba125c252e878dcf7aacbeeff466d71c5bd7a7965473eff5ea3e495f4c0c7e7d 9686 libsoup2.4_2.56.1-1_source.buildinfo Files: aee185a0877d1ed9ec251a3a7067b83c 2706 devel optional libsoup2.4_2.56.1-1.dsc e8ac8967e9a57296688739021aa71b9b 1806416 devel optional libsoup2.4_2.56.1.orig.tar.xz 2a48dca2b0452ee4fa2d99aca9d69e95 19044 devel optional libsoup2.4_2.56.1-1.debian.tar.xz efd2648f8feb3068ecaaec38ffa76a8e 9686 devel optional libsoup2.4_2.56.1-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlmMiigACgkQnUbEiOQ2 gwJWqQ/9Gyg3mhIbJWyCNYIBosJ3HZ2+q4uU1VrAcSXZOIcdvluNh6MdS70HJ9IP b3QXILZxvwA2QCMYj3qSIT2BGJq1lREZp9HZ8b8U93u7qndYy535JAIUkDuOpm8C SAeFPKb9S6ivallfLsCpC2KomatrLWkOy6htA2TLSj5J4m0dq3iAOGKnTIUvqVzx 311ctgqd6hpQvShNxKRNu4t8zGie7ZYzCXUU+EZH6v/193rKPgc7PZtAaDMqlzHT ir04lsOiO2I2U03Tc7Wj9x4H5ujtGMxQPo42Xfkp9X+FkMSsQLtfO0JoO9tl9RBD a53fxS2c1AhsypDOk4JC1P4rlUSkXe1yxJ5mVJtX8ffDxedBNMp2BLCR3AfzBVwS qQnitzXBgw7M4yo2567KRysE1by+NE84MugTBoDWVFM6uA6rgHP4Pfy5+HFotDlu vZe1iNw/XX8tXKjAdr863x8SeCPsCqVpo//UPnJiQytNXWtzyQpPJRnjnYKoxatb +gg5mZsSfZqCMsRlrCGyg+3uUU+2gDxVtZftx/vRJqow0BVPUdIbVaIrfnfs1Ut/ TrEDnvv1zeXI0EnVPVxGSgtIAGWookvdSnER+owMWSosMXXMSX3A+MzglIYypUWB //WKrnynEFSsT2mosYu+s2R4ZHeHNHPbBLTzfG+ojRc1exDmodo= =Ikzm -----END PGP SIGNATURE-----
--- End Message ---
