Your message dated Sat, 20 Mar 2021 14:20:33 +0000 with message-id <e1lncsv-0009s0...@fasolo.debian.org> and subject line Bug#983686: fixed in libcaca 0.99.beta19-2.2 has caused the Debian Bug report #983686, regarding libcaca: CVE-2021-3410 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 983686: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983686 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libcaca Version: 0.99.beta19-2.1 Severity: important Tags: security upstream Forwarded: https://github.com/cacalabs/libcaca/issues/52 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for libcaca. CVE-2021-3410[0]: | A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in | caca_resize function in libcaca/caca/canvas.c may lead to local | execution of arbitrary code in the user context. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-3410 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3410 [1] https://github.com/cacalabs/libcaca/issues/52 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libcaca Source-Version: 0.99.beta19-2.2 Done: Salvatore Bonaccorso <car...@debian.org> We believe that the bug you reported is fixed in the latest version of libcaca, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 983...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated libcaca package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 10 Mar 2021 14:59:27 +0100 Source: libcaca Architecture: source Version: 0.99.beta19-2.2 Distribution: unstable Urgency: medium Maintainer: Sam Hocevar <s...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 983686 Changes: libcaca (0.99.beta19-2.2) unstable; urgency=medium . * Non-maintainer upload. * Illegal write memory access in caca_resize function (CVE-2021-3410) - canvas: fix an integer overflow in caca_resize(). - Fix a problem in the caca_resize() overflow detection and add several unit tests (Closes: #983686) Checksums-Sha1: cf7b34d62a930559d013782959474ca55399b1cd 2379 libcaca_0.99.beta19-2.2.dsc a76dadb29228862f17c9aac4a9c6fb1f40157a63 15020 libcaca_0.99.beta19-2.2.debian.tar.xz Checksums-Sha256: 104441468035910d534efea7cfb3f297ebbea634debf5fcb042101d6eb44e2bd 2379 libcaca_0.99.beta19-2.2.dsc 98eef7fc803224cbabc226f1e6488b25316f0b6282077db02d8cb490a5a919dc 15020 libcaca_0.99.beta19-2.2.debian.tar.xz Files: cca202f9263a97fd8a5b0bc59da60e4b 2379 libs optional libcaca_0.99.beta19-2.2.dsc 20672594f1b274f7dfef1ac3ff7c758a 15020 libs optional libcaca_0.99.beta19-2.2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmBV/gtfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EaNQP/jrn/+KNUMVysYeH2KKMlWwbQpcSTxUI r/qzJauq1PGuaAgQAMETGk9YGUSqHY9ugd2S5eScnxFKiEugEQtcmz6wBieHY5vk a55wgg/s5Sq0YVl4CcqvaD4TCOUTrSR4+CO4T7sjIVIvPhg6Dfa+gr0z95mwUhVZ Bue6guGWhvnB81eYe5lX79A+dRpNKm/Lq4oWBoWG2Z5urfAe37ZtxBhqMHsK4rL1 ecY/1mUkAAXboJaSo3PVt3VaDMxrpLFZiumpiMX7ZPC6EASO+EWhiURHb0Ldj1Ri UgcFo9YdWZJdGY7Mf5PJJ3IV0ZLG2YTKMoDrOPu75kYvcwZRME+0pBudfH3CEQqp /5rbG+uHA3RzmPmToKnTcQrs+CuzHG1eoA3qxIlxU3gObBQeoCxbcVxStF2dTPGD /tLd2+ZhGMIss7/IoViex4CLsNaqW30v8XxVuhIq4Kx7G7YI7/JhK69Za5oypFGU KUZ2Ddr2AzVL5E6pVdu3up2ZxtEYbMpTUHfcC7jg3/2Pbape40//JsYehM84Bo1J IFuz/MIUws9J/TP2S2+YM+jHsc/lVLMa8V0CMtjKFSFD4QqqrcNQS8TMT+u4WT++ T33yAH+GCpK03qc8Ca+0Ze9bVVI2V9p/Ady26o2fQBKOj/IXXPOx7zHgPZ+eP2uA X6yhZK8tl/T9 =wDPb -----END PGP SIGNATURE-----
--- End Message ---
