Debian Bug report logs -
#945361
ros-ros-comm: CVE-2019-13566
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, team@security.debian.org, Debian Science Maintainers <debian-science-maintainers@lists.alioth.debian.org>:
Bug#945361; Package src:ros-ros-comm.
(Sat, 23 Nov 2019 15:45:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, team@security.debian.org, Debian Science Maintainers <debian-science-maintainers@lists.alioth.debian.org>.
(Sat, 23 Nov 2019 15:45:07 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: ros-ros-comm
Version: 1.14.3+ds1-9
Severity: important
Tags: security upstream
Forwarded: https://github.com/ros/ros_comm/issues/1735
Control: found -1 1.14.3+ds1-5
Hi,
The following vulnerability was published for ros-ros-comm.
CVE-2019-13566[0]:
| An issue was discovered in the ROS communications-related packages
| (aka ros_comm or ros-melodic-ros-comm) through 1.14.3. A buffer
| overflow allows attackers to cause a denial of service and possibly
| execute arbitrary code via an IP address with a long hostname.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-13566
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13566
[1] https://github.com/ros/ros_comm/issues/1735
[2] https://github.com/ros/ros_comm/pull/1771
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Marked as found in versions ros-ros-comm/1.14.3+ds1-5.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to submit@bugs.debian.org.
(Sat, 23 Nov 2019 15:45:07 GMT) (full text, mbox, link).
Reply sent
to Jochen Sprickerhof <jspricke@debian.org>:
You have taken responsibility.
(Sat, 23 Nov 2019 17:39:10 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Sat, 23 Nov 2019 17:39:10 GMT) (full text, mbox, link).
Message #12 received at 945361-close@bugs.debian.org (full text, mbox, reply):
Source: ros-ros-comm
Source-Version: 1.14.3+ds1-10
We believe that the bug you reported is fixed in the latest version of
ros-ros-comm, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 945361@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jochen Sprickerhof <jspricke@debian.org> (supplier of updated ros-ros-comm package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 23 Nov 2019 18:05:02 +0100
Source: ros-ros-comm
Architecture: source
Version: 1.14.3+ds1-10
Distribution: unstable
Urgency: high
Maintainer: Debian Science Maintainers <debian-science-maintainers@lists.alioth.debian.org>
Changed-By: Jochen Sprickerhof <jspricke@debian.org>
Closes: 945361
Changes:
ros-ros-comm (1.14.3+ds1-10) unstable; urgency=high
.
* Add https://github.com/ros/ros_comm/pull/1771 (Fix CVE-2019-13566)
(Closes: #945361)
Checksums-Sha1:
8e703b552ba862b8812e7ae5a4d9b75b50938f56 5021 ros-ros-comm_1.14.3+ds1-10.dsc
c8860f1e8b410fdf325877719f622fc277e46514 16056 ros-ros-comm_1.14.3+ds1-10.debian.tar.xz
9ccf1d6108bf038658bf68546e0796ef998d8c9b 12296 ros-ros-comm_1.14.3+ds1-10_source.buildinfo
Checksums-Sha256:
f267069a78c958d61b8f07eb67ce95c232ec546217de42fabbaea35853f5978d 5021 ros-ros-comm_1.14.3+ds1-10.dsc
268bae819ac641bbbcb9b0b5f35599b76f8e991e910d275d898b5f3625113201 16056 ros-ros-comm_1.14.3+ds1-10.debian.tar.xz
fb2f61a18feb42780b0ddaf087c825be258eb7cf0912606bc6b7e92b4ff4b26b 12296 ros-ros-comm_1.14.3+ds1-10_source.buildinfo
Files:
d81dff943f651460d6c2b47b7e5988e0 5021 libs optional ros-ros-comm_1.14.3+ds1-10.dsc
0165d47ca9e5998f1bb8e28fccf2fdcd 16056 libs optional ros-ros-comm_1.14.3+ds1-10.debian.tar.xz
bef323a6fc1a385b7218f9ee092b931b 12296 libs optional ros-ros-comm_1.14.3+ds1-10_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEc7KZy9TurdzAF+h6W//cwljmlDMFAl3ZZzcACgkQW//cwljm
lDNcnQ//f1EMzxc7f4FdwLYRSEADDLkei9lv8z22Dk5WMdx2Blif/DsdyYY3XvjY
z9vJxEJ8fQcnYIr5W4ThGOPqG0EX+vGi+lIotKnNalUXR53/lIwybvQZlBOyue5/
sEOFgg4hxt0jrIBgTt+J2kK6Ak4fFH0QZ6nVTHAReoIYD4bGBP18NtylE1XcKmr5
AD8mA0dE6BxDU2Zp8Ezxd6kFriY6aaBvRkujU/jLD2yTt3/nVl9KnKi3ws0QOceH
sXESCxu1ArIzFveUsrJclJTbF6dmNOaOD+gaNpACgQtE/Sk4benhxlO7n7ybtm4c
oujIDnvjQrOKGJ2Md3CB+r9sBL7hADLBOZ1XCzjfnHOMdi3nSpDVU0JO51pwDmE6
8JFgK49DSv+vLg+nNrHuvMLmYEk7aEX7E0TRwxLwZBkDglYTzyOfy8hRbEqvzCJf
9UyBL1snvw4ZV/ASEGakeNgzt6SDUmf0AaV6U6JzAXUs+CiwGlzqhEwVHUB+hLfp
c0WcFqVvKna7XBimvddMk1rcrnbk8r4UVgXm3Ieh09frlnpW0qiJDkNwfwxLlW6r
AC8717mqWrAbgeV7t4OI9FYlZxZIn7x2h4PlwL1karC7sCJPGvnpYBqHxtLwsxcd
JpVHGvEuxR8COByKeJwJQ3fNJMrCDueC6ERTfmr13JDKZZcYlKo=
=AHXO
-----END PGP SIGNATURE-----
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sat Nov 23 20:49:50 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon