Your message dated Sat, 10 Feb 2018 21:08:24 +0000 with message-id <e1ekcnk-000cul...@fasolo.debian.org> and subject line Bug#888297: fixed in p7zip 9.20.1~dfsg.1-4.1+deb8u3 has caused the Debian Bug report #888297, regarding p7zip: CVE-2017-17969: ZIP Shrink: Heap Buffer Overflow to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 888297: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888297 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: p7zip Version: 16.02+dfsg-4 Severity: grave Tags: upstream newcomer security Justification: user security hole Dear Maintainer, p7zip, p7zip-full and the non-free component p7zip-rar are affected by two vulnerabilities: https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and- zip/?hn In particular, the RAR3 and LZW algorithm implementations are susceptible to memory corruption and may compromise a system through specially crafted archives. These issues have already been fixed upstream, and a new version of p7zip (18.0) is available. Please update all p7zip* packages to their latest versions as soon as possible. Thank you. -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (990, 'testing'), (900, 'stable'), (500, 'unstable-debug'), (500, 'testing-debug'), (300, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_GB.UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) (ignored: LC_ALL set to en_GB.UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages p7zip depends on: ii libc6 2.26-2 ii libgcc1 1:7.2.0-19 ii libstdc++6 7.2.0-19 p7zip recommends no packages. Versions of packages p7zip suggests: ii p7zip-full 16.02+dfsg-4 -- no debconf information
--- End Message ---
--- Begin Message ---Source: p7zip Source-Version: 9.20.1~dfsg.1-4.1+deb8u3 We believe that the bug you reported is fixed in the latest version of p7zip, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 888...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated p7zip package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 02 Feb 2018 10:53:50 +0100 Source: p7zip Binary: p7zip p7zip-full Architecture: source Version: 9.20.1~dfsg.1-4.1+deb8u3 Distribution: jessie-security Urgency: high Maintainer: Mohammed Adnène Trojette <adn+...@diwi.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 888297 Description: p7zip - 7z file archiver with high compression ratio p7zip-full - 7z and 7za file archivers with high compression ratio Changes: p7zip (9.20.1~dfsg.1-4.1+deb8u3) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * Heap-based buffer overflow in 7zip/Compress/ShrinkDecoder.cpp (CVE-2017-17969) Thanks to Antoine Beaupré (Closes: #888297) Checksums-Sha1: 9c493de88a80d8e9f81142daac50e5e3e38251d5 1994 p7zip_9.20.1~dfsg.1-4.1+deb8u3.dsc c0534a10d8f22baecf290d4eb849584299b77091 16741 p7zip_9.20.1~dfsg.1-4.1+deb8u3.diff.gz Checksums-Sha256: 86a29c87d0f780bf6ceadc6fb21feca68d8d288277f17acb97277df3918d17df 1994 p7zip_9.20.1~dfsg.1-4.1+deb8u3.dsc 3d1b17f8492a082108bd6eb009cf912a960a1ee9c02f57be74c53364aa5db90e 16741 p7zip_9.20.1~dfsg.1-4.1+deb8u3.diff.gz Files: 51317e1270cdd9df814415474c8d23b7 1994 utils optional p7zip_9.20.1~dfsg.1-4.1+deb8u3.dsc 71b3f7a001a6f820cc7de82c3d91f1d5 16741 utils optional p7zip_9.20.1~dfsg.1-4.1+deb8u3.diff.gz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlp008dfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EgFkP/1ZAmi3kNox6OqhhDhZUxB9vQe/rccup nh3dfqqnDjDboY246ZkVn7y7II93qJ3RY0UtxarPcgveNpcvDTZ6/2PSsP8k84tp hBGfSTorJipqPdiXndaFB26VDM/qakrSPuDQnt1Z8qkGWUf8/WA0W02JP3lIP/HZ 1x04PP739zvxYTxU12Cf6pnctP2w8E+Dd/NyKQiwTG+3HQxsWccH2JMKfmcL1DcY 3WB2IwiidD9NEFxKSasjQzOHf2U6NOv1/eAS4n7kEgV3HFSNqrQ7gy3fn3VinKL3 GxXORY9f3hy5ukqPtgOSQm7MKrZ7q8mlJmQxj8iV2I6JKwAMu9vsSaIp/0dI2SqJ xfrCHKZV4SM3Mg4ACVE2Mgp3/SgTY+j1hlmALd6pzsxsw5WwKp1Dl+Pu/DtfrlHb IjY6CCYUhOPW9GRP6CtN0I9TE+YEJpKi/0oNqjKWHMxl0uuPyrWyAnZXKw7cXLpE UWtD1CRiQJIErDmduK37dLp+lhMNnbdO4kkYbqi1yYj6p7KmFfv0c2HEmoaON0xq RiNx8r92T4bD8qWPYAZWvY3Qv5a+j3eFvm1JPReW3plzz/T8P3of3DNe6ABnO0h+ Z3rnYjv72wfA42wmfpB8D5rhYbp5FJ4h2LQ3ToFYgq6slYD/7UncjrZYUL6C/GCt JKaimbj2TdOU =jx6o -----END PGP SIGNATURE-----
--- End Message ---
