Your message dated Sat, 29 Mar 2014 05:48:29 +0000 with message-id <e1wtm85-0003wb...@franck.debian.org> and subject line Bug#742732: fixed in libyaml 0.1.4-3.2 has caused the Debian Bug report #742732, regarding libyaml: CVE-2014-2525: input sanitization errors to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 742732: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742732 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: libyaml Version: 0.1.3-1 Severity: grave Tags: security upstream fixed-upstream Hi, the following vulnerability was published for libyaml. CVE-2014-2525[0]: LibYAML input sanitization errors If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2014-2525 [1] http://www.ocert.org/advisories/ocert-2014-003.html Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libyaml Source-Version: 0.1.4-3.2 We believe that the bug you reported is fixed in the latest version of libyaml, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 742...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated libyaml package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 27 Mar 2014 06:22:25 +0100 Source: libyaml Binary: libyaml-0-2 libyaml-0-2-dbg libyaml-dev Architecture: source amd64 Version: 0.1.4-3.2 Distribution: unstable Urgency: high Maintainer: Anders Kaseorg <ande...@mit.edu> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: libyaml-0-2 - Fast YAML 1.1 parser and emitter library libyaml-0-2-dbg - Fast YAML 1.1 parser and emitter library (debugging symbols) libyaml-dev - Fast YAML 1.1 parser and emitter library (development) Closes: 742732 Changes: libyaml (0.1.4-3.2) unstable; urgency=high . * Non-maintainer upload by the Security Team. * Add CVE-2014-2525.patch patch. CVE-2014-2525: Fixes heap overflow in yaml_parser_scan_uri_escapes. The heap overflow is caused by not properly expanding a string before writing to it in function yaml_parser_scan_uri_escapes in scanner.c. (Closes: #742732) Checksums-Sha1: e064c577e3943e1a8df91506b1c2bc62b763a82a 1924 libyaml_0.1.4-3.2.dsc 20b1bcdfdce31d6db935f09a61f84880cfc0c39a 6248 libyaml_0.1.4-3.2.debian.tar.xz 959bde12204fa821f07063cba5fc822c41c7e14d 47994 libyaml-0-2_0.1.4-3.2_amd64.deb a53a3713a32f0bb0fe6f03a0749971255b816645 97164 libyaml-0-2-dbg_0.1.4-3.2_amd64.deb 34df10937ef765b5dbbc63e76b24239bbba42fab 57532 libyaml-dev_0.1.4-3.2_amd64.deb Checksums-Sha256: 5746fa3ac13a5d89cdab0990863de4a1bfb3e57dfce8b05379974934db11fe9f 1924 libyaml_0.1.4-3.2.dsc 1e190a62bfb19e491d05f3ee17c7ca8461d0f78ad9e8b0ee22f70f4542e85210 6248 libyaml_0.1.4-3.2.debian.tar.xz 85b8684be5371474b6b462babf07303edcb4736ee16ceb9b20f44817c598f210 47994 libyaml-0-2_0.1.4-3.2_amd64.deb ee931974b278172f6391516582d3a5da9a824157dfbab4fc8c3a6b7cf6ac5dc5 97164 libyaml-0-2-dbg_0.1.4-3.2_amd64.deb 6643beb1f83b59c0392f5558bac873740479257c1727c0fd8d4c7a06f105b5cc 57532 libyaml-dev_0.1.4-3.2_amd64.deb Files: e9584481a784401d40408ff422fe61ef 1924 libs optional libyaml_0.1.4-3.2.dsc c59c3b86d32bb0ac1f1bf7f6f5c55330 6248 libs optional libyaml_0.1.4-3.2.debian.tar.xz 58640c378473c9d61890154f017b6623 47994 libs optional libyaml-0-2_0.1.4-3.2_amd64.deb bb16e4505ae8215842ff5d870b762f0d 97164 debug extra libyaml-0-2-dbg_0.1.4-3.2_amd64.deb ecd9522bd9759d70257b0bd30d0e8667 57532 libdevel optional libyaml-dev_0.1.4-3.2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJTM7YDAAoJEAVMuPMTQ89EeeMP/2bEWZDOj99VnyGRbinRpQOm tLeHo7ubQtSE6bJUTSKAsgkYYPU49xbBPe8V+HWABLLsLTsHZaE0TXBI3BTiejOB Q86wM/HknLC2ZGx2tR1KmXQm8i6hMfqqzIZ+7vr45/TWUA89wZ6FXB4WzKNyvM6G 29m4WEFVDFEo0iK3IJKoZENj2X4wvKE64bcavZiFCAqqh9MDPgK1XdiGVj69qFHb QPn6Nt4fd21udt8+GmAa2bIdsgm3ZLvyGOrRPeaw/9vp5RlSjODbKoC1Ae5cHGrB /HrMEdGo1rnmthAYD8XEL/tlpD+/cs3DhvN7ar5L3DOHiz0HymnTxa0HoHwUP2ms iy110y0mekTD/XDFJhiC3pHq/NE/NUnTODO/B73JKsllPe25rFo1pmfLCAwC0eQQ jzyGiqW2K/GrXRZ5N+TPcEDMXZ3iS3Oh36WSFGLlisMtgbYH0oFgnUKB4MQ2lOMb TCwEXoQnh+siNNQkVBGj3IR4m4Iy9vyzZYTr4yuxCmR+Ush7zf4S5Eb0IlWxltt1 k0RuFkYiM8e99c40ixrlkNKJOXKPJkYOVZ9xvj8/A3OoTBcr6Fo8iuZ8Q1Njd8c/ 3Ua6HXd2D3LoFl01XER8Hh8ENVNHaG31pltLudyM1M50lOibPPDs93W3YpC/I6Dq SYgXaHLOzd/U6vu9upVi =D566 -----END PGP SIGNATURE-----
--- End Message ---
