Your message dated Sat, 18 Jun 2022 11:47:58 +0000
with message-id <[email protected]>
and subject line Bug#1010818: fixed in cifs-utils 2:6.8-2+deb10u1
has caused the Debian Bug report #1010818,
regarding cifs-utils: CVE-2022-27239 CVE-2022-29869
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1010818: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010818
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: cifs-utils
Version: 2:6.8-2
Severity: grave
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 2:6.11-3.1
Control: found -1 2:6.14-1
Hi,
The following vulnerabilities were published for cifs-utils.
CVE-2022-27239[0]:
| In cifs-utils through 6.14, a stack-based buffer overflow when parsing
| the mount.cifs ip= command-line argument could lead to local attackers
| gaining root privileges.
CVE-2022-29869[1]:
| cifs-utils through 6.14, with verbose logging, can cause an
| information leak when a file contains = (equal sign) characters but is
| not a valid credentials file.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-27239
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27239
[1] https://security-tracker.debian.org/tracker/CVE-2022-29869
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29869
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: cifs-utils
Source-Version: 2:6.8-2+deb10u1
Done: Salvatore Bonaccorso <[email protected]>
We believe that the bug you reported is fixed in the latest version of
cifs-utils, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated cifs-utils
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 10 May 2022 22:26:50 +0200
Source: cifs-utils
Architecture: source
Version: 2:6.8-2+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Samba Maintainers <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 1010818
Changes:
cifs-utils (2:6.8-2+deb10u1) buster-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* mount.cifs: fix length check for ip option parsing (CVE-2022-27239)
(Closes: #1010818)
* mount.cifs: fix verbose messages on option parsing (CVE-2022-29869)
(Closes: #1010818)
Checksums-Sha1:
09534755a87a2783110a9a6b65cc75240375c799 2629 cifs-utils_6.8-2+deb10u1.dsc
3440625e73a2e8ea58c63c61b46a61f5b7f95bac 384426 cifs-utils_6.8.orig.tar.bz2
14d3a856affbbfde0942801bbec85d6cd90a777c 819 cifs-utils_6.8.orig.tar.bz2.asc
edf2e3c46c477b2e68740f10ea541eb2027564de 8920
cifs-utils_6.8-2+deb10u1.debian.tar.xz
Checksums-Sha256:
16745d3fecd096804d3d2c5fe0580f525a4fc420d49428b273a3c2f888155b6e 2629
cifs-utils_6.8-2+deb10u1.dsc
e7d1f6050c43f21f82cd77e288eb756755effd22f0c310fc2c525df9d41dff79 384426
cifs-utils_6.8.orig.tar.bz2
71846355e6d02298175ae28ab1900802c5e81b56f6cbab6a2857da4e9be50291 819
cifs-utils_6.8.orig.tar.bz2.asc
268fb0c088394b304fd86d9d28c72556a481994ad2a9d70cc5de5d7b29d86375 8920
cifs-utils_6.8-2+deb10u1.debian.tar.xz
Files:
05e170a18a23db846ca966a5ce8b6d69 2629 otherosfs optional
cifs-utils_6.8-2+deb10u1.dsc
a385d60293e6f9e4cb0d4ac2093990d8 384426 otherosfs optional
cifs-utils_6.8.orig.tar.bz2
2d675503e3e323249f1ce70d1ec972da 819 otherosfs optional
cifs-utils_6.8.orig.tar.bz2.asc
d40c017b7452fdafdeaf0ec38bfff046 8920 otherosfs optional
cifs-utils_6.8-2+deb10u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmJ6ywxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EtWAP/ihfbpQ5myu3tDoAi3y7jC+KUgP8Ye0E
zEe1SngUeD5zCjwFpR+3RdQURz7ZAOkKfYPRn25EIF/azhWJhwGwN2XN6mGA7eSX
n3QMdl6r2aM93tOPrrFf6RPw9N7qq7XWyxr851ZwcWk+f0nReMfpPn99Al89QChl
CfCZxuUS8z8/ZFMSzjGThdA5cp+1RC9+4dHSl1u3sVf7t+MU2spYW1b43B1ZCa0S
VWe7Bp/AVs8Ty8vtkI0gcodrwnlRMJL9YOkJCL1dVNwsoMtt54yZuZ2ZzigwXYWj
pLEqECxBLFFtvcMtQ4DwLUMec7DXM5zTntuJ9KOV6O8yXgkGp90lvAXInME/++61
gEfyQcId4ZVE+QBJUsFSb0VqcBId89atWk+V84SZ8ymvKSkYnHIxWhyj4tAQBptl
X2OdIrKi+IgpeO4eJgyg4IVGHc8hgNS7BnzQP8e6NSKG9KYDGmO70JKWWzsSUxFx
XobkbDYBQb9VZsnZtG5eiFywzqkw5xIGsrtpQYve2uJkFZqM6oOxRHwdPc2ukkd7
/sxXArXwRfyfTrdk7MSqc3hua2M1ticFp6fBz2mlwAE3J4rTF0n7Gm53FGIGDWDy
08EnlID1R1LTrkedWQVUMUTNqr/2r0Xq9yC1hmTTl54myi7h7TJFjdqMqal24qF8
qXddwO+x770Q
=5zpg
-----END PGP SIGNATURE-----
--- End Message ---
