Debian Bug report logs -
#924614
CVE-2018-20536 CVE-2018-20537 CVE-2018-20539
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Thu, 14 Mar 2019 21:51:01 UTC
Severity: important
Tags: security, upstream
Found in versions liblas/1.8.1-10, liblas/1.8.1-3
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian GIS Project <pkg-grass-devel@lists.alioth.debian.org>
:
Bug#924614
; Package src:liblas
.
(Thu, 14 Mar 2019 21:51:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian GIS Project <pkg-grass-devel@lists.alioth.debian.org>
.
(Thu, 14 Mar 2019 21:51:03 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: liblas
Severity: important
Tags: security
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20539
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20537
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20536
Cheers,
Moritz
Added tag(s) upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Thu, 14 Mar 2019 22:51:02 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian GIS Project <pkg-grass-devel@lists.alioth.debian.org>
:
Bug#924614
; Package src:liblas
.
(Fri, 15 Mar 2019 05:45:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Sebastiaan Couwenberg <sebastic@xs4all.nl>
:
Extra info received and forwarded to list. Copy sent to Debian GIS Project <pkg-grass-devel@lists.alioth.debian.org>
.
(Fri, 15 Mar 2019 05:45:05 GMT) (full text, mbox, link).
Message #12 received at 924614@bugs.debian.org (full text, mbox, reply):
With libLAS being deprecated and in maintenance mode upstream, it will
take some time to get fixes from upstream unless someone contributes them.
Once the fixes are available they'll be added to the Debian package.
During the bullseye development cycle liblas is likely to be removed
from Debian, once grass & pktools stop using it.
Kind Regards,
Bas
--
GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146 50D1 6750 F10A E88D 4AF1
Marked as found in versions liblas/1.8.1-10.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Fri, 15 Mar 2019 06:39:03 GMT) (full text, mbox, link).
Marked as found in versions liblas/1.8.1-3.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Fri, 15 Mar 2019 06:39:04 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian GIS Project <pkg-grass-devel@lists.alioth.debian.org>
:
Bug#924614
; Package src:liblas
.
(Wed, 20 Mar 2019 18:21:09 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@inutil.org>
:
Extra info received and forwarded to list. Copy sent to Debian GIS Project <pkg-grass-devel@lists.alioth.debian.org>
.
(Wed, 20 Mar 2019 18:21:09 GMT) (full text, mbox, link).
Message #21 received at 924614@bugs.debian.org (full text, mbox, reply):
On Fri, Mar 15, 2019 at 06:43:23AM +0100, Sebastiaan Couwenberg wrote:
> With libLAS being deprecated and in maintenance mode upstream, it will
> take some time to get fixes from upstream unless someone contributes them.
>
> Once the fixes are available they'll be added to the Debian package.
Ack, there's all fairly harmless anyway. I've marked them as <no-dsa>
for buster, if at some point patches emerge, we can fix them post
release still
Cheers,
Moritz
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:55:50 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.