Your message dated Sat, 14 Jul 2018 10:21:26 +0000 with message-id <e1fehg6-0009zn...@fasolo.debian.org> and subject line Bug#903729: fixed in isc-kea 1.4.0.P1-1 has caused the Debian Bug report #903729, regarding isc-kea: CVE-2018-5739: failure to release memory may exhaust system resources to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 903729: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903729 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: isc-kea Version: 1.4.0-1 Severity: grave Tags: security upstream Hi, The following vulnerability was published for isc-kea. The version in unstable is not affected by the issue, but 1.4.0 was uploaded to experimental. To avoid the issue enters unstable, making the bug RC (technically would possibly not justify the RC severity). That is, can you please only upload a version >= 1.4.0-P1 to unstable? [In case though I missed something let me know please] CVE-2018-5739[0]: failure to release memory may exhaust system resources If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-5739 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5739 [1] https://kb.isc.org/article/AA-01626 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: isc-kea Source-Version: 1.4.0.P1-1 We believe that the bug you reported is fixed in the latest version of isc-kea, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 903...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Ondřej Surý <ond...@debian.org> (supplier of updated isc-kea package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 14 Jul 2018 08:51:37 +0000 Source: isc-kea Binary: kea-dhcp4-server kea-dhcp6-server kea-dhcp-ddns-server kea-doc kea-admin kea-dev kea-common Architecture: source Version: 1.4.0.P1-1 Distribution: unstable Urgency: medium Maintainer: Kea <isc-...@packages.debian.org> Changed-By: Ondřej Surý <ond...@debian.org> Description: kea-admin - Administration utilities for ISC KEA DHCP server kea-common - Common libraries for the ISC KEA DHCP server kea-dev - Development headers for ISC KEA DHCP server kea-dhcp-ddns-server - ISC KEA DHCP Dynamic DNS service kea-dhcp4-server - ISC KEA IPv4 DHCP server kea-dhcp6-server - ISC KEA IPv6 DHCP server kea-doc - Documentation for ISC KEA DHCP server Closes: 903729 Changes: isc-kea (1.4.0.P1-1) unstable; urgency=medium . * New upstream version 1.4.0.P1 + [CVE-2018-5739]: failure to release memory may exhaust system resources (Closes: #903729) Checksums-Sha1: 5ebb1a0d0f95ec969a196fe3ec52ebd7467057e8 2572 isc-kea_1.4.0.P1-1.dsc 316d76b7bdf8f152d99cf3122e29b2e5929ce50d 6645111 isc-kea_1.4.0.P1.orig.tar.gz d4e2f8787452ed5c510057f47fcab167aa5ede8c 14132 isc-kea_1.4.0.P1-1.debian.tar.xz 12b2a23a379ac6d1ade9203b7de18e56feb04a16 11825 isc-kea_1.4.0.P1-1_amd64.buildinfo Checksums-Sha256: 2b74f0d71a0f16079e36004cad83df3563b4866443055262f917428ff19b61f6 2572 isc-kea_1.4.0.P1-1.dsc 46356bd4594a73d269719a724042c43474e592e99476fb63dd8135e78c800411 6645111 isc-kea_1.4.0.P1.orig.tar.gz 76968b21e7f06f73008261e85232b2f40000c60942dfd5d10be2917d637355fc 14132 isc-kea_1.4.0.P1-1.debian.tar.xz 62340f3369989fb5e67f70238fa8ec436dc8b85f4211f98cbbcd9ac441df6cb3 11825 isc-kea_1.4.0.P1-1_amd64.buildinfo Files: 23db3c32e58baf84807c733765854e98 2572 net extra isc-kea_1.4.0.P1-1.dsc d94d6121b2df3b03c60f7874b68ce945 6645111 net extra isc-kea_1.4.0.P1.orig.tar.gz 606e8641792964064ab0025b8227a5aa 14132 net extra isc-kea_1.4.0.P1-1.debian.tar.xz adf23d64e184c5378b9afd234512233e 11825 net extra isc-kea_1.4.0.P1-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEw2Gx4wKVQ+vGJel9g3Kkd++uWcIFAltJviZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEMz NjFCMUUzMDI5NTQzRUJDNjI1RTk3RDgzNzJBNDc3RUZBRTU5QzIACgkQg3Kkd++u WcIuPBAAiEjuB62fn4D4t1AYlKmVOqjJelK+UMGfK1wC6mempxV1znB4iY4h1eTu sm+d2h5KKbALmkd6zDIT5qpZ2LBjvdE/Hl/+B1LXElnruFnmLiiEZ34OVcr5PJHr EZcD2fOAaR4b63r39/XnnmpccEzcYVf3efpboj0t/2/+wpwEZo/m4CLctAdOGIcF YZvHI7tFW28FaFf5rQt8NrSMtL90CTWtwn92HGxR3RCo9PWttB99+0sjK1QTLVrl 2z4isrwCAJhG+oevCf07Z6976rmAOHfqSlP99IE6N0OeMMTHqE+YIwiCBAHSkFCe oCZF2FyAPYdsFW5Sl1jsJewGLqUuVXW21urnIdi2cuaXzVL8s7EG1fjX/kkX1/BN FuQDKNoM7Wl1JvEDn52G96sobcKmFCdQXqcy2efidlGBF8L03ttEY353bJM+1Gpq 3vIRKnY+WMzBZCgYSwkwhgOJj0IK5HvHAl83Z7MLyHzDRVFc6e39wIjRr4L45aI5 DsMx5qHcnNKyE/67s6PWcl/5NOwJiMt70EqW1P3OOcpsEH5rKRb1H/lBjDncBR6N 8Ob3nWCp7c0KljyQWZfG7T10cL3+NGRQt8IhBMuFYZD4XDIpOlHhTQ5aZPX+pfwE DpcApYhA0QxJ7aXborAU0tGRhP9chHBGblNPelcBQ1Dmpy6Lpxo= =NKYF -----END PGP SIGNATURE-----
--- End Message ---
