Your message dated Thu, 26 Mar 2015 21:19:24 +0000 with message-id <e1ybfbu-000246...@franck.debian.org> and subject line Bug#780958: fixed in dulwich 0.9.7-3 has caused the Debian Bug report #780958, regarding dulwich: CVE-2015-0838: buffer overflow in C implementation of pack apply_delta() to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 780958: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780958 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: dulwich Version: 0.8.5-1 Severity: grave Tags: security upstream patch fixed-upstream Hi Jelmer, Documenting this issue as well in the BTS: the following vulnerability was published for dulwich. CVE-2015-0838[0]: buffer overflow in C implementation of pack apply_delta() If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-0838 [1] https://lists.launchpad.net/dulwich-users/msg00829.html Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: dulwich Source-Version: 0.9.7-3 We believe that the bug you reported is fixed in the latest version of dulwich, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 780...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jelmer Vernooij <jel...@debian.org> (supplier of updated dulwich package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 24 Mar 2015 22:34:34 +0000 Source: dulwich Binary: python-dulwich python-dulwich-dbg Architecture: source amd64 Version: 0.9.7-3 Distribution: jessie Urgency: medium Maintainer: Jelmer Vernooij <jel...@debian.org> Changed-By: Jelmer Vernooij <jel...@debian.org> Description: python-dulwich - Python Git library python-dulwich-dbg - Python Git library - Debug Extension Closes: 780958 780989 Changes: dulwich (0.9.7-3) testing-proposed-updates; urgency=medium . * Add 02_cve_2015-0838: Fix buffer overflow in C implementation of apply_delta (CVE-2015-0838). Closes: #780958 * Add 03_cve_2014-9706: Don't allow writing to files under .git/ when checking out working trees (CVE-2014-9706). Closes: #780989 Checksums-Sha1: df95be1d3a9f9f0e0efad54d6cee1032e250d780 2084 dulwich_0.9.7-3.dsc 7c7362c1afb76a87ab6e6ead6e78a465bc2eee2e 407536 dulwich_0.9.7-3.debian.tar.xz 5d7b2ea3b0d894dce544429ea3795497c824b177 192144 python-dulwich_0.9.7-3_amd64.deb 0897ca2853620f697e93156d7a8e5dc1e4e075c4 68930 python-dulwich-dbg_0.9.7-3_amd64.deb Checksums-Sha256: 2ed1f4b70a46401dd86d119c11caa694e1f592734c7ab2a5e39b87a4de00d0bb 2084 dulwich_0.9.7-3.dsc 1f4b1095e39077e51919c7cd6a43bd667790aee3227c3ae3d39cf150b9ce4a1c 407536 dulwich_0.9.7-3.debian.tar.xz df53edc4554cf8d9c6557d262fc9e988a250ae09addf555b3415865b9ed2c4d8 192144 python-dulwich_0.9.7-3_amd64.deb 5d383f70892b9e7697541986127aadbf5526cbb440082b88928c2c0cf1a70d30 68930 python-dulwich-dbg_0.9.7-3_amd64.deb Files: ff5dcc3118fc447178983bbb2e71f7cf 2084 python optional dulwich_0.9.7-3.dsc 373fa036faa90ad153b572910b93d8ab 407536 python optional dulwich_0.9.7-3.debian.tar.xz 4c34ece84548ab183ae5a7927800fd2e 192144 python optional python-dulwich_0.9.7-3_amd64.deb 05c1349c47b67ab45f5612b54a61b616 68930 debug extra python-dulwich-dbg_0.9.7-3_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVFHXOAAoJEACAbyvXKaRXzosP/RqjYIrEpsRCBnoA2xEOsze3 SN2MO+oTTPfulKNEIqkWfz6VxfagQPl2C+0g7yLs7DztHz7R/9LRpVV0f8sPUBnb 7avw5SV4pTANwsYnTRHuHrxCmO/FywfpArnZJW7j1vvwyxG3H3153vou/TaXKQuS 9YuRjMHPU/of8+twbSqwxk6sadxfLsHo21ANf4D7h5vkrSoqQy6j+eDIgRUOMgNq lI9PZb7ixMZ+6d3gnyFrcOgBLtgpX3cowQ6+ApWuQFQUwWk1gk4Rwyp6rMrcgM4J lxufTxqvTjJ5b1gQ8yMQyBfEmsJslv5e6v+BTei1sKB9kA7jTFGzHZtRxNIjS6Sm WDZWG1I8AWGmWuarnt69EiYbNj8HaT6lQlVAinki8yfCwpMhC3XBNYvOuBSH0A5f OMmb6zcse2Ak+WGcJhvcO3clTE1tE8D5FzXlVVI7cFes3n279XHwglRBQ0PiSYn4 1Or+RHsLZp+yWGqqmQlINhhzQV9itmQq6DFBsKjAgFJJUm4CYNNNsgJ5GsO7cTI4 2K/4PsIzDpvtKYVJ0c8PDoBzNxn/23aCytzHwr5JXETXuKEy0wYMQUAkZqtGV3+y ONLiqmgVC4kEVlEv8WNBNqUyshblSwWk9kGVJcji5UvcOT9jqXhcgQOsSona8vgv 1jxajMogRh5BLbyvGoJG =mG6q -----END PGP SIGNATURE-----
--- End Message ---
