Your message dated Sat, 07 Apr 2018 03:06:10 +0000 with message-id <e1f4eb8-0002gb...@fasolo.debian.org> and subject line Bug#894043: fixed in zsh 5.4.2-4 has caused the Debian Bug report #894043, regarding zsh: CVE-2018-1083 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 894043: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894043 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: zsh Version: 5.4.2-3 Severity: normal Tags: patch security upstream Hi, the following vulnerability was published for zsh, filling a bug in the BTS to keep track of the Debian fix. No DSA is IMHO warranted for the zsh CVEs currently known. CVE-2018-1083[0]: |check bounds on PATH_MAX-sized buffer used for file completion |candidates If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-1083 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1083 [1] https://sourceforge.net/p/zsh/code/ci/259ac472eac291c8c103c7a0d8a4eaf3c2942ed7 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: zsh Source-Version: 5.4.2-4 We believe that the bug you reported is fixed in the latest version of zsh, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 894...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Axel Beckert <a...@debian.org> (supplier of updated zsh package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 07 Apr 2018 03:50:13 +0200 Source: zsh Binary: zsh-common zsh zsh-doc zsh-static zsh-dev Architecture: source all amd64 Version: 5.4.2-4 Distribution: unstable Urgency: medium Maintainer: Debian Zsh Maintainers <pkg-zsh-de...@lists.alioth.debian.org> Changed-By: Axel Beckert <a...@debian.org> Description: zsh - shell with lots of features zsh-common - architecture independent files for Zsh zsh-dev - shell with lots of features (development files) zsh-doc - zsh documentation - info/HTML format zsh-static - shell with lots of features (static link) Closes: 894043 894044 Changes: zsh (5.4.2-4) unstable; urgency=medium . * [d49689fe] Cherry-pick upstream patches to fix: + CVE-2018-1071 (Check bounds when copying path in "hashcmd()". Closes: #894044) + CVE-2018-1083 (Check bounds on PATH_MAX-sized buffer used for file completion candidates. Closes: #894043) * [01004557] Drop zsh-static lintian override for no more emitted tag. * [5c603baa] Update Vcs-* headers for move to Salsa. * [35768486] Declare compliance with Debian Policy 4.1.4. (No other changes were required.) Checksums-Sha1: 48e20986918e66ed05d42b935435397e32b5873e 2475 zsh_5.4.2-4.dsc 1049fb1a1cf2737bd8c4493d069088d4fa84effd 77020 zsh_5.4.2-4.debian.tar.xz cd5934827588ce2f281b8902b145ce2cefe8d3fd 3529684 zsh-common_5.4.2-4_all.deb cc2908537d5f5d337ccd790fff6a5a6aa88de984 2156544 zsh-dbgsym_5.4.2-4_amd64.deb 8fd622439c793c7e9c7621552c4f6dd0ae6c0606 243284 zsh-dev_5.4.2-4_amd64.deb c644d0936b4383366dc837c17b4dcfdc6bdf3d08 2662460 zsh-doc_5.4.2-4_all.deb cf04ccbc58e1b1fae69bc2e43874e59228211b2d 1563752 zsh-static-dbgsym_5.4.2-4_amd64.deb 33e61acca0d9e05653276b31d3f777ee566ad6f5 1089264 zsh-static_5.4.2-4_amd64.deb e860516229c7a43b9118c89cb49bf25d65318368 9762 zsh_5.4.2-4_amd64.buildinfo bab2f8bd7bb20f58fd375bb68cc93fde5e76c75d 844744 zsh_5.4.2-4_amd64.deb Checksums-Sha256: d5308a764204a7b0535e16aff78090314464cf764fd9424d20081cf05b052ae7 2475 zsh_5.4.2-4.dsc 9775340ef5a2273c13f51f8ffa70b8238980da51c024723c2718d4af5240c5c1 77020 zsh_5.4.2-4.debian.tar.xz c175eee77b970e295d1c9652d68436e661ef4f721fc63dc397b8f8b3e6b70553 3529684 zsh-common_5.4.2-4_all.deb efd13dbbcbc22ab566304d91ca2c4a852755293cbca5abf624b8d4dcc04afe69 2156544 zsh-dbgsym_5.4.2-4_amd64.deb 1644e42167cda1b63365880897d178a817bc99644f4c41af67220ffa47dbeb78 243284 zsh-dev_5.4.2-4_amd64.deb e45790b40c3a5dfec3f416c4584583689b663a116102bf322e5f671fdc45790c 2662460 zsh-doc_5.4.2-4_all.deb 27f268dc10a210f47eb733381a557a1caa08e85395f92123e0bb0e7009d264b0 1563752 zsh-static-dbgsym_5.4.2-4_amd64.deb 056adad0f23484292cc0e810483530fa943db96d48fee31f1105cc448279187a 1089264 zsh-static_5.4.2-4_amd64.deb 28abb58c532e1a3f7a23fc71f5e7dcf581be88c2eaab58da491f5aaed543eed5 9762 zsh_5.4.2-4_amd64.buildinfo 46001fdcfbafbed6a63fc0a0ed0d6b3fd844382561cb9eb0b47f92ed210f3d4c 844744 zsh_5.4.2-4_amd64.deb Files: 2d68ba263aab7c73930d077b093022ad 2475 shells optional zsh_5.4.2-4.dsc 600cf476c63c51bd08ca44db760df68e 77020 shells optional zsh_5.4.2-4.debian.tar.xz 94b525ce2bc8b292787f7014a49e6c35 3529684 shells optional zsh-common_5.4.2-4_all.deb b6ad5dd5d775393283a095ffcc8dde1d 2156544 debug optional zsh-dbgsym_5.4.2-4_amd64.deb 51e3c380bbec89d8d3c9a7470ccb8cd4 243284 libdevel optional zsh-dev_5.4.2-4_amd64.deb 36eddd8bbcc4036f5b222712214b0e41 2662460 doc optional zsh-doc_5.4.2-4_all.deb a8730337f6b6cbc1a8e13a494ae7e90c 1563752 debug optional zsh-static-dbgsym_5.4.2-4_amd64.deb 2d43f3477fbdafce671f28368f842471 1089264 shells optional zsh-static_5.4.2-4_amd64.deb 42e2e18b31ab38c194fcfc0e0ffeafd3 9762 shells optional zsh_5.4.2-4_amd64.buildinfo fbf13c15f6d25d7db77272748e193c77 844744 shells optional zsh_5.4.2-4_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERoyJeTtCmBnp12Ema+Zjx1o1yXUFAlrIJr0ACgkQa+Zjx1o1 yXWTzw/7BAx1uHihD40ltQSqz1vhDeaFdB9Yl6I+3w7pgzwuIQF/D9aaGXOGMhMd g6uKF0BI+vLewO3xktcJrL+dN9sfoZFT/JqcHTEbRiFUyWDFyRVfsv7/tn0mtQgo eBwkB3N3WCP/RNEakAF5bcxzBhXk+Knzq0BzIZ6aXrP2KmXjVSjja7IA9ogUVo7D 1vzTXE6hGBohFP5uVOEt/wF8ipbaLm9kTKfZebxRGxKahMNxW070EDNSOvLBQniF T2idOz472iUcRAQKfeILKFvGWA6adWDRdcjosp9ejnLaVmuG9/O3S7/fnov60bgz gLHs12zOd1E8+V00D0gHOMk+K+/T7QgVz5Rt69z4uIdoB72rjygj5Ak3ypS12sen e8cZrTspw8hMepXTjLwWFBOHRgehJB225DvopJ9pwCb+7fJZGGzlUK38UPrWL7ew va8tKIwh+uOF57knk5KfCGsZALnYzLYjYwZk7LFUrh7EBvuQhfY+Guyir78pCOJZ UBoy/tqOVvZnoeCGXEv2kmiKGWpj0G1ssWc4Fma7VCZ+HxTOVx1UNa/qCY2pjVUV 6oMenInNUf4XADprJmUIhgiBw0kopl0XNj0miHB02GPhGMQs4zBMqiVEFpO8+YgR EW/VK6/GDo1FVqIRkHgoOmrgO5kYbnCgyWVC16/AgPgYb19/O6w= =SSP9 -----END PGP SIGNATURE-----
--- End Message ---
