Debian Bug report logs -
#1055170
libnbd: CVE-2023-5871
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 1 Nov 2023 16:18:01 UTC
Severity: important
Tags: security, upstream
Found in version libnbd/1.18.0-1
Fixed in version libnbd/1.18.1-1
Done: Hilko Bengen <bengen@debian.org>
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, Hilko Bengen <bengen@debian.org>:
Bug#1055170; Package src:libnbd.
(Wed, 01 Nov 2023 16:18:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, Hilko Bengen <bengen@debian.org>.
(Wed, 01 Nov 2023 16:18:03 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: libnbd
Version: 1.18.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Hi,
The following vulnerability was published for libnbd.
CVE-2023-5871[0]:
| generator: Fix assertion in ext-mode BLOCK_STATUS
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-5871
https://www.cve.org/CVERecord?id=CVE-2023-5871
[1] https://lists.libguestfs.org/archives/list/guestfs@lists.libguestfs.org/thread/PFVUCMPFQUDC23JXSCUUPXIGDZ7XCFMD/
[2] https://gitlab.com/nbdkit/libnbd/-/commit/4451e5b61ca07771ceef3e012223779e7a0c7701
Regards,
Salvatore
Reply sent
to Hilko Bengen <bengen@debian.org>:
You have taken responsibility.
(Wed, 01 Nov 2023 17:42:11 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Wed, 01 Nov 2023 17:42:11 GMT) (full text, mbox, link).
Message #10 received at 1055170-close@bugs.debian.org (full text, mbox, reply):
Source: libnbd
Source-Version: 1.18.1-1
Done: Hilko Bengen <bengen@debian.org>
We believe that the bug you reported is fixed in the latest version of
libnbd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1055170@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hilko Bengen <bengen@debian.org> (supplier of updated libnbd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 01 Nov 2023 18:20:18 +0100
Source: libnbd
Architecture: source
Version: 1.18.1-1
Distribution: unstable
Urgency: high
Maintainer: Hilko Bengen <bengen@debian.org>
Changed-By: Hilko Bengen <bengen@debian.org>
Closes: 1055170
Changes:
libnbd (1.18.1-1) unstable; urgency=high
.
* New upstream version 1.18.1
* Add upstreeam patch to fix CVE-2023-5871. Closes: #1055170
Checksums-Sha1:
dd5880e5074eaac6f036ed969a905fc0bc8f83c6 2705 libnbd_1.18.1-1.dsc
4f99e6f21edffe62b394aa9c7fb68149e6d4d5e4 1482736 libnbd_1.18.1.orig.tar.gz
f9a431cb1f235dabb4482f961da8d19a9e3719c8 858 libnbd_1.18.1.orig.tar.gz.asc
188d73af3b96f4fe0ab115a73e21a1c360acc9fa 86540 libnbd_1.18.1-1.debian.tar.xz
3c4d653d676fe657a58c97b0439cb830c1b77991 9364 libnbd_1.18.1-1_source.buildinfo
Checksums-Sha256:
a895e804de917427ec0856b65df20ede0035822cedcebb3b3f37f82bf79cc228 2705 libnbd_1.18.1-1.dsc
50d1d1a610f0d727119e9d0a0a5cc7952b8b231b3931ce2072307e105fec99b6 1482736 libnbd_1.18.1.orig.tar.gz
fc250987092411d621f95cc857272e3ca197bb56d7336b840a34098ebb0e3e2c 858 libnbd_1.18.1.orig.tar.gz.asc
beb42488643fedeba3d6c6f1d6d23690e6fd6b6f633cced12d8a5410d305e28f 86540 libnbd_1.18.1-1.debian.tar.xz
19de14f78e229308f3bd6248277949201125fb1c20de5d56eb200f2cbef2da9c 9364 libnbd_1.18.1-1_source.buildinfo
Files:
eff52a98cbd78de55b09f8d3dd967d03 2705 libs optional libnbd_1.18.1-1.dsc
b7a59685e4b196647e9c9c67c7242688 1482736 libs optional libnbd_1.18.1.orig.tar.gz
a0d99120561778efff0e43104ef1afea 858 libs optional libnbd_1.18.1.orig.tar.gz.asc
9c5d8f79e52075935e9b40ee30bcffcc 86540 libs optional libnbd_1.18.1-1.debian.tar.xz
48b064b1cc3f04628fefa8426d4e8bb5 9364 libs optional libnbd_1.18.1-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEErnMQVUQqHZbPTUx4dbcQY1whOn4FAmVCiSkACgkQdbcQY1wh
On79Yg/9E6IHl+vsgb6G7/k+ujYjG0YGH+Xl/KkhX7XxvoyB6SfjJ8ptpyG/bjWN
JqC+aUveEldKpl9+O34C6G0BJd95RF5d+b/4+KgVMqgTb/GRGlhhRgy2rRerlmuS
2L3baAtki6fKqXZjmLYLcnmDp5wxjuzWREwZE1KkikemnwY0sJe7z67IApwtA3P5
0BWLSf1NG0BpBJQxp5jULWK3w/ETitJfCsjib//P8DWJ+l37xOqi9bl/4t0Vo7f3
zi8tgABD6HXS9gnGw8ZP5jJvtH6+yb4wSE7sm7wIO5YvPh4Vy6z+/datak1ieZik
SZ7uV01GqJ05OOha0L4Y/MkVdJvUyVxywJAcgS/9M+k5JTB+eLdf9U9G1RGjXnCt
V7FzZjs14wfrXIIDarVSrH+ClnYQH355oxQuiQx9maWNl5BGtpFEh/hZm13+1VcR
Bs2s44/t0krcRYoM4zKE45HKE8Bkbvg6T/8xh/Ey+acRp/8BuHHnZzPDaRaqKS25
aw7TItq6Gq43MhTIqCkpBOstyoVdrjoki9W/fJFuUg1QsShoUGgm34v9PPvHQ28d
qVDgjFZgqwMiw1wzxyzn6zGVWJO0dozJsAkdbd/3tFojBnxJBaTebrGrazvSrLhK
4ooTzraXcTfTG9ndPkGroQ0y1aX2FWSiQdpmSD85rIT4J+wDBT8=
=Mf9i
-----END PGP SIGNATURE-----
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Nov 1 17:55:05 2023;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon