Your message dated Sun, 13 Nov 2016 11:17:19 +0000 with message-id <e1c5sml-000afz...@fasolo.debian.org> and subject line Bug#842171: fixed in musl 1.1.5-2+deb8u1 has caused the Debian Bug report #842171, regarding musl: CVE-2016-8859: Regex integer overflow in buffer size computations to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 842171: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842171 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: musl Version: 1.1.15-1 Severity: grave Tags: security upstream Hi, the following vulnerability was published for musl. CVE-2016-8859[0]: Regex integer overflow in buffer size computations If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-8859 [1] http://www.openwall.com/lists/oss-security/2016/10/19/1 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: musl Source-Version: 1.1.5-2+deb8u1 We believe that the bug you reported is fixed in the latest version of musl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 842...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Reiner Herrmann <rei...@reiner-h.de> (supplier of updated musl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 26 Oct 2016 19:39:31 +0200 Source: musl Binary: musl musl-dev musl-tools Architecture: source Version: 1.1.5-2+deb8u1 Distribution: jessie Urgency: high Maintainer: Kevin Bortis <p...@bortis.ch> Changed-By: Reiner Herrmann <rei...@reiner-h.de> Description: musl - standard C library musl-dev - standard C library development files musl-tools - standard C library tools Closes: 842171 Changes: musl (1.1.5-2+deb8u1) jessie; urgency=high . * Cherry-pick upstream fix for regex integer overflow in buffer size computations; CVE-2016-8859 (Closes: #842171) Checksums-Sha1: a33cb0f3b8a934a4771e0779e39a4ce894d3f472 2001 musl_1.1.5-2+deb8u1.dsc 5be2642367c9a47ae752ae6df24263fd00301ab9 872924 musl_1.1.5.orig.tar.gz ad796cbdc93d7d349b76996dcac7fee7742eda29 9100 musl_1.1.5-2+deb8u1.debian.tar.xz Checksums-Sha256: eba9601342e611e5525bab3905f7b4426f5140fd6b740df66a1e73e7e3074179 2001 musl_1.1.5-2+deb8u1.dsc 352362b1724cc9740f4c3ce0fe02aae45e4de9809ea4ac961f31aedc11b87393 872924 musl_1.1.5.orig.tar.gz 8fce12f591a0781c42edbfa5b1262f725db0ed79d64875e645329ef51d31e271 9100 musl_1.1.5-2+deb8u1.debian.tar.xz Files: 838ab4fa9dc027668b4316466440e055 2001 libs extra musl_1.1.5-2+deb8u1.dsc 94f8aa9dab80229fed68991bb9984cc5 872924 libs extra musl_1.1.5.orig.tar.gz 19a8b2cb347ba53a755d79098868f39f 9100 libs extra musl_1.1.5-2+deb8u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJYIQPFAAoJEMzwSSjbDuqndwwP/0MNCsuPp8WLwvFxHViBxuNl yBtTA2VirWg+bLuXq1qMzy8Dr6fQTNIUyaQ3zMBr7WPO4u2RsK2g/qWFqL+LfB8J fWHGA/4BrdHNX4gzBMjKJDraNfDUTaHSrgQHlepuFFV5Ns2cDI874tDDrFfiAKyu ulmlpV9cENg7TBqb1OiZ+bfKxc/NGBkBdUtCwIO7kwydr8v+eEMLXk+a4O0ajxO7 7I8+meCGR0slhanoo3D5TSuV4wAC07J0ZL5GXMTeZNZkYt9gw7rpRuL+27nmXwA0 0vNzjJIQAxIxMxVNpLliIOsW6k110986aeqgZs1Ku9N/Jx6P5MSLzR9d9DzNbgxX FIcdgnJ6xyfwoIg+ZBFWsy14h2lWyZCiEV27IAkf1A7CLklutMTv2nOhgtCfcC2X bAZd940o1EvOetS76ndfqjKVzjanu5r7azECgx/vYllBUoVNM5QRyCi296h9qZ95 Z7dvCgs5tj6Rz8LGmiq7Occsm084z6FoswuVDT/w+yJN93GBeqBpV2/2vuHn/H3o WxqpzhcLRN0rxGi8TE16ZDBTjx3nkvxovhpFZCCXKwP/0/0yCKCS0vIX6Iz10sEG 3dx3ya2mW3JqTkdSBp/xRpnz1HDkLeVJTX/7vH64Rz2Y8p+iB8K1kJZQ3J6IsDke lPxoODv28zkzmJZBWf8J =zFXX -----END PGP SIGNATURE-----
--- End Message ---
