Your message dated Mon, 19 Mar 2018 00:34:12 +0000 with message-id <e1exike-0003yv...@fasolo.debian.org> and subject line Bug#892458: fixed in cfitsio 3.430-1 has caused the Debian Bug report #892458, regarding cfitsio: vulnerabilities to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 892458: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892458 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: cfitsio Version: 3.420-3 Severity: grave Tags: security Hi, a new version of cfitsio just came out, accompanied with the following notice from upstream: The NASA security team requires the following warning to all users of CFITSIO: ===== The CFITSIO open source software project contains vulnerabilities that could allow a remote, unauthenticated attacker to take control of a server running the CFITSIO software. These vulnerabilities affect all servers and products running the CFITSIO software. The CFITSIO team has released software updates to address these vulnerabilities. There are no workarounds to address these vulnerabilities. In all cases, the CFITSIO team is recommending an immediate update to resolve the issues. ===== I didn't check the specific problem, but it may be important to upgrade. Best regards Ole
--- End Message ---
--- Begin Message ---Source: cfitsio Source-Version: 3.430-1 We believe that the bug you reported is fixed in the latest version of cfitsio, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 892...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Aurelien Jarno <aure...@debian.org> (supplier of updated cfitsio package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 19 Mar 2018 01:02:44 +0100 Source: cfitsio Binary: libcfitsio5 libcfitsio-dev libcfitsio-bin libcfitsio-doc Architecture: source Version: 3.430-1 Distribution: unstable Urgency: medium Maintainer: Debian Astronomy Maintainers <debian-astro-maintain...@lists.alioth.debian.org> Changed-By: Aurelien Jarno <aure...@debian.org> Description: libcfitsio-bin - CFITSIO based utilities libcfitsio-dev - library for I/O with FITS format data files (development files) libcfitsio-doc - documentation for CFITSIO libcfitsio5 - shared library for I/O with FITS format data files Closes: 892458 Changes: cfitsio (3.430-1) unstable; urgency=medium . * New upstream version: - Fixes unknown vulnerabilities (Closes: #892458). - Rebase 07-pkgconfig-no-curl.patch. * Update VCS URLs to salsa.debian.org. * Rebuild all PDF documentation and ship it instead of the PS version. Checksums-Sha1: 8eddffe5984f7045f0ae1706d653bad402d9792b 2264 cfitsio_3.430-1.dsc 78b6c36d5146e278b1904d4b6aa81bf1f5d186e5 4696718 cfitsio_3.430.orig.tar.gz 1149ce021c1f70b281a6f417c5fe88a8596e2373 18888 cfitsio_3.430-1.debian.tar.xz 135c1a8f757d76f2f937d9a6ad4631750dbf2417 5437 cfitsio_3.430-1_source.buildinfo Checksums-Sha256: 637cf0eed2043ea4fda0374e44e87e64e313033534d2d6e1f8923bb46135421b 2264 cfitsio_3.430-1.dsc c8deae752aba1e736336b01f0471d4004a497dc50bc1e01aad2eebb2574084e7 4696718 cfitsio_3.430.orig.tar.gz cf3667130c9dcd2a9ac64750e19985160002e14ccfb29ba7467c18fc17348217 18888 cfitsio_3.430-1.debian.tar.xz 3c1f7e60c36a4788c3a725a9de89cacda0a5288022ead3217e2628be02fbc786 5437 cfitsio_3.430-1_source.buildinfo Files: 498bae2d2b3d2e4dfc71d730bbf6ca06 2264 devel optional cfitsio_3.430-1.dsc d23ab7cad8853bcb8b192681cb4cb7b8 4696718 devel optional cfitsio_3.430.orig.tar.gz c2d2d744ed5148701a5dcd6a38b936bd 18888 devel optional cfitsio_3.430-1.debian.tar.xz 75772d8a194a763daa1d1a6f069ec838 5437 devel optional cfitsio_3.430-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEUryGlb40+QrX1Ay4E4jA+JnoM2sFAlqu/kwACgkQE4jA+Jno M2thgw/+LtnHu/4ErAxqonHGEuc9vzO9DjpScbgaymc4D7OoeolFX46P0daR/sL2 oCnPhEHR77DNjEHkw5ACdSTQ2J+cat7sE75Ok7UaTI+DvkAdOS4QFMtWkZTWZcll u670sQ7a+2s8KgueAswrgi6fU8bECwOP+ZP21I9mAe6fGkDqk7P0slixnBLFu422 ILvGlxVm1maceXk6r+nVMTXzKPg4214oEVWbGZKC62wUAc0UeEAOMuDQea0iUCLd Sh2djJSLyt/7B+NWZ4PHWcZvnD4wrJhXws+o7sflL/APNzsT06f+wjOb2Bo5ufKK f/KMr1hM4720Rr+vRvV0MXftayIV/2l3TKcpirDgQyxn1DrTLYK6VUc3wXRxVERc 48xwQuNkv5eviGv0eO99qZlp+hrDay3rWQEt0xHdxLqkE4lh9GSaVf7wSxhV3RDv 8DTdGDD07tfUyrZ7Dinq1lqi8ciws/1+OMKXhUhop/+a89fsKGYpluijQ4qlMQeD /7liLNMFBysY8z9+A/3+L3luVeD992C1qq8IhFVQeaUB9JLfhiwwIOqklyQPlqKl Oh4Tq71cb6UOXh7XGOvBnyB2iYbPjksblS/fInWeImvvN8FnbI8+vlX7cEPjWyrZ z5GJrZxlnDJV2Nc9Gv1Y8alqjp7M4nWJFx8QtUQD2vVMTGQ0wvE= =6xxH -----END PGP SIGNATURE-----
--- End Message ---
