Your message dated Mon, 13 Mar 2017 20:50:38 +0000
with message-id <e1cnwvo-0008sx...@fasolo.debian.org>
and subject line Bug#852385: fixed in libplist 1.12+git+1+e37ca00-0.1
has caused the Debian Bug report #852385,
regarding libplist: CVE-2017-5545
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
852385: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852385
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libplist
Version: 1.11-3
Severity: important
Tags: upstream patch security fixed-upstream
Forwarded: https://github.com/libimobiledevice/libplist/issues/87
Hi,
the following vulnerability was published for libplist.
CVE-2017-5545[0]:
| The main function in plistutil.c in libimobiledevice libplist through
| 1.12 allows attackers to obtain sensitive information from process
| memory or cause a denial of service (buffer over-read) via Apple
| Property List data that is too short.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-5545
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5545
[1] https://github.com/libimobiledevice/libplist/issues/87
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libplist
Source-Version: 1.12+git+1+e37ca00-0.1
We believe that the bug you reported is fixed in the latest version of
libplist, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 852...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hilko Bengen <ben...@debian.org> (supplier of updated libplist package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 26 Feb 2017 19:21:32 +0100
Source: libplist
Binary: libplist3 libplist++3v5 libplist-dev libplist++-dev libplist-dbg
python-plist libplist-utils libplist-doc
Architecture: source
Version: 1.12+git+1+e37ca00-0.1
Distribution: unstable
Urgency: medium
Maintainer: gtkpod Maintainers <pkg-gtkpod-de...@lists.alioth.debian.org>
Changed-By: Hilko Bengen <ben...@debian.org>
Description:
libplist++-dev - Library for handling Apple binary and XML property lists
libplist++3v5 - Library for handling Apple binary and XML property lists
libplist-dbg - Library for handling Apple binary and XML property lists
libplist-dev - Library for handling Apple binary and XML property lists
libplist-doc - Library for handling Apple binary and XML property lists - docs
libplist-utils - Apple property list converter
libplist3 - Library for handling Apple binary and XML property lists
python-plist - Library for handling Apple binary and XML property lists
Closes: 851196 852385 854000
Changes:
libplist (1.12+git+1+e37ca00-0.1) unstable; urgency=medium
.
* Non-maintainer upload.
* New upstream snapshot; tarball was generated from
https://github.com/libimobiledevice/libplist/archive/e37ca0090343e0dae97e967d467bab56d502c37a.tar.gz
- Fixes CVE-2017-5834, CVE-2017-5835, CVE-2017-5836 (Closes: #854000)
- Fixes CVE-2017-5209 (Closes: #851196)
- Fixes CVE-2017-5545 (Closes: #852385)
* Update symbols file
* Rebase patch
* Add dh_python build-dependency
Checksums-Sha1:
cd9460ba56cce47f585819989f8af1e1d68ca63d 2582
libplist_1.12+git+1+e37ca00-0.1.dsc
479a1576ed9af72e8ed7e23959da866735caf0b2 160736
libplist_1.12+git+1+e37ca00.orig.tar.gz
9d15aa370ef1950183930131eca350b412f7a076 9540
libplist_1.12+git+1+e37ca00-0.1.debian.tar.xz
7af788c5ebd113b74c9ed65638922e786f8d5515 5041
libplist_1.12+git+1+e37ca00-0.1_source.buildinfo
Checksums-Sha256:
2b08d2fb9d84b8b331ce86a557ece4d3cdf37f96d8831980b582e7efc4fa64cb 2582
libplist_1.12+git+1+e37ca00-0.1.dsc
676f970b325b6bee68648551c066260bed99aa510f620f9488dbe060d4244695 160736
libplist_1.12+git+1+e37ca00.orig.tar.gz
c72458e91e68f4e6e1fc1b3914ec458b27be7be63f3e01200bb3037b9946ef9e 9540
libplist_1.12+git+1+e37ca00-0.1.debian.tar.xz
aa657d0e31852664b49b8433d00420ccc5821ab396547ba8ba2eea2d4da69564 5041
libplist_1.12+git+1+e37ca00-0.1_source.buildinfo
Files:
203022c0681f892b2a9c1a900d748add 2582 libs optional
libplist_1.12+git+1+e37ca00-0.1.dsc
7715473abb463eba9687b0c024933df2 160736 libs optional
libplist_1.12+git+1+e37ca00.orig.tar.gz
0f74556aeb109479135ca4947952cb53 9540 libs optional
libplist_1.12+git+1+e37ca00-0.1.debian.tar.xz
cdb47a514a5ca814e4bfd2e06dc4285b 5041 libs optional
libplist_1.12+git+1+e37ca00-0.1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEErnMQVUQqHZbPTUx4dbcQY1whOn4FAlizKDUACgkQdbcQY1wh
On7How//WRMwMFH9zTvpTatjiXAU444BPbHwWcSffVIX2ghGTjHIMkYI/zXCQl/5
aMzPgWrfVdbvzD0l9KFVWFelLR5lBHOz3DAZOExe6YtZzbiXNR3ju5545IpT+s8i
HpBxO5lWv7ilIy8o3s/Zksq0eONzUfs9ELHXkJDad71w3wy0jobKcwZtB2MJF4vJ
GzvwJQFUjiAqpD+FLddhEr25LFQ2YpXiEOOjpKhznP6QURP/JoApejauEjavN5iM
n+LsJtckr1YOQxLCXvAFueqGN/hbutInz0RIdL44nDff39eG0eQhoiZDo4QuX/CY
AhhQcxK0u8gIYEnvCZi6dkKLytCrrZBF+qyspu8fji1xIk+Cymn8wirydpmstaRX
maXcjtonirf5UZnuLfV8kHsBsOXcl9vtsIErZ97IK4XUwpRVcxSB2UaG0lihaWwW
Owfih3zYHr4RUD0eOxANJRH6pXxQ/CsgQnNDg/HLy+x2rePnYjv5gZdG0S15SRIc
SaZs+7iPvCqZz+rPgc4w7SXNGuPLPcTPu2vBZFnKycqO029QQhjijAF5xghiJPuB
zblPH8AHgrnCKuwxfwWbSJgbryxX8Uvd1s2MH5LmAAIw1mEtH6LWjwvGSncQ9Xu/
C7I8HCDomof4nvYLYE73IXUA285FsCBTF56ZWsF4N34bXTl/58o=
=r5GD
-----END PGP SIGNATURE-----
--- End Message ---
