Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

abcm2ps: CVE-2018-10771

Related Vulnerabilities: CVE-2018-10771   CVE-2018-10753  

Source

Debian Bug report logs - #898130
abcm2ps: CVE-2018-10771

version graph

Package: src:abcm2ps; Maintainer for src:abcm2ps is Anselm Lingnau <lingnau@debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Mon, 7 May 2018 18:27:03 UTC

Severity: important

Tags: fixed-upstream, patch, security, upstream

Found in version abcm2ps/7.8.9-1

Fixed in version abcm2ps/8.14.2-0.1

Done: Nicolas Boulenguez <nicolas@debian.org>

Bug is archived. No further changes may be made.

Forwarded to https://github.com/leesavide/abcm2ps/issues/17

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, team@security.debian.org, Anselm Lingnau <lingnau@debian.org>:
Bug#898130; Package src:abcm2ps. (Mon, 07 May 2018 18:27:05 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, team@security.debian.org, Anselm Lingnau <lingnau@debian.org>. (Mon, 07 May 2018 18:27:05 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: abcm2ps: CVE-2018-10771
Date: Mon, 07 May 2018 20:22:01 +0200
Source: abcm2ps
Version: 7.8.9-1
Severity: important
Tags: patch security upstream
Forwarded: https://github.com/leesavide/abcm2ps/issues/17

Hi,

The following vulnerability was published for abcm2ps.

CVE-2018-10771[0]:
| Stack-based buffer overflow in the get_key function in parse.c in
| abcm2ps through 8.13.20 allows remote attackers to cause a denial of
| service (application crash) or possibly have unspecified other impact.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-10771
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10771
[1] https://github.com/leesavide/abcm2ps/issues/17
[2] https://github.com/leesavide/abcm2ps/commit/dc0372993674d0b50fedfbf7b9fad1239b8efc5f

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Added tag(s) fixed-upstream. Request was from debian-bts-link@lists.debian.org to control@bugs.debian.org. (Thu, 31 May 2018 17:40:23 GMT) (full text, mbox, link).

Reply sent to Nicolas Boulenguez <nicolas@debian.org>:
You have taken responsibility. (Sun, 13 Jan 2019 15:39:11 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Sun, 13 Jan 2019 15:39:11 GMT) (full text, mbox, link).

Message #12 received at 898130-close@bugs.debian.org (full text, mbox, reply):

From: Nicolas Boulenguez <nicolas@debian.org>
To: 898130-close@bugs.debian.org
Subject: Bug#898130: fixed in abcm2ps 8.14.2-0.1
Date: Sun, 13 Jan 2019 15:35:02 +0000
Source: abcm2ps
Source-Version: 8.14.2-0.1

We believe that the bug you reported is fixed in the latest version of
abcm2ps, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 898130@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nicolas Boulenguez <nicolas@debian.org> (supplier of updated abcm2ps package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 29 Dec 2018 14:56:32 +0100
Source: abcm2ps
Binary: abcm2ps
Architecture: source
Version: 8.14.2-0.1
Distribution: unstable
Urgency: medium
Maintainer: Anselm Lingnau <lingnau@debian.org>
Changed-By: Nicolas Boulenguez <nicolas@debian.org>
Description:
 abcm2ps    - Translates ABC music description files to PostScript
Closes: 825386 833017 897966 898130
Changes:
 abcm2ps (8.14.2-0.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * New upstream release. Closes: #825386, #833017, #897966, #898130.
     Addresses security issues: CVE-2018-10753, CVE-2018-10771.
   * Forward all changes not specific to Debian.
   * Remove autoreconf generated files from source package.
   * Remove white spaces from this changelog and source/format.
   * Debhelper 11.
   * Build-Depends: pango-dev to enable optional pango fonts support.
   * Standards-Version: 4.3.0.
   * Rules-Requires-Root: no.
   * Add Homepage.
   * HTTPS protocol in copyright format.
   * Enable all Debian hardening build flags.
   * Link with --as-needed to remove some library dependencies.
   * Add minimal run time test.
   * Update watch file.
   * Cherry-pick fix-loss-of-sep.diff from upstream VCS.
Checksums-Sha1:
 f132d4604dcb4cd2fb614a1228f0e60eb6774ede 1821 abcm2ps_8.14.2-0.1.dsc
 4d6cf3aaeb9507423354cea7461ad2420715952b 258255 abcm2ps_8.14.2.orig.tar.gz
 291f9b8266479fe07d1b715790ed1d721aa85307 4300 abcm2ps_8.14.2-0.1.debian.tar.xz
Checksums-Sha256:
 2d9f9e0ef80e397aa7954636ddda306a66b602bcd0212cd8032e0c19d18eb1af 1821 abcm2ps_8.14.2-0.1.dsc
 496bbd6eb36e6f5ab45c56373d288329853a9c905d49cf35606eb09bc40a356b 258255 abcm2ps_8.14.2.orig.tar.gz
 b165707341489df3244d864663e5b8befce5adb0a244b48a3d1f9c3fb883e3c4 4300 abcm2ps_8.14.2-0.1.debian.tar.xz
Files:
 116312ec4aed737e2b806fa5dbd23ca1 1821 text optional abcm2ps_8.14.2-0.1.dsc
 5100f806e4da53434f6493e2503dc2fd 258255 text optional abcm2ps_8.14.2.orig.tar.gz
 ddd0e4027c54c51097adfcd0ab1dbe82 4300 text optional abcm2ps_8.14.2-0.1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCAAxFiEEYtlNMqmXIhEvWffytSqc9EkN/I0FAlwnhYkTHG5pY29sYXNA
ZGViaWFuLm9yZwAKCRC1Kpz0SQ38jQUjEAC7Vryq/AkjF2Zn3NLoMERy6Sei4xbM
rn7pj4B+aTWJjCuRXw4t6TxM/6iRx1oEo4msMybVDso42Qrgz4ykLuw6Pv1CgvAL
JdQeUzzJ/l7BWcn4wFQUjcA9FrFxkFUQ1oTjKihHSkPletObRLOmisQrDpxnH3Sz
VLgtAW28fnGcS01qQIFJW5kXxUjepgawMRUjoGJB1ab70Voe0xWF+wd4ncsmr8Tb
jbK9Wfm+ZuFt+HHCCcSWWdVJpeBIsrbzj1SubVIpycoL00EjDEoaHmEWSZ3XjM9w
Sh4r6IyOkGjncVbdP8iLgHmFhFsdx8IrPyj+PU9U2ozjMoBSmf5k5ESC+KoBXMA/
WrjSBShKYhhoxE8L//7RXdx1nzylskfa7DeB4IxAJ2pcfXAn/BB0hQAcXEikSllU
0N1M6roq+DumV06MDu7bfy2q89YePiVkhaZl6nTp89sT4V6RKEoX1oSoUR2VALpN
GvjkP0woxsDXlHRF50ccvkqoFICIiJwCNIEtkUkG+SmPBI3KsFJBvSFYTLIq5RJm
nzCe8kpNMLjbuW+SY9NAI8xptRbOk3gVrbq2HaPMO5r9XsWciYBoYO/BSNZ3/0kA
0Byq2SwdENW4dWgPUdjy4kUqp+WY+k7X73k71OaSHvCtbpumpfn3ZUR/fEJixzNa
qFaoab4fwXEDng==
=xHki
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 12 Mar 2019 07:27:13 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 15:30:55 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started