Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ntfs-3g: CVE-2019-9755: heap buffer overflow

Related Vulnerabilities: CVE-2019-9755  

Source

Debian Bug report logs - #925255
ntfs-3g: CVE-2019-9755: heap buffer overflow

version graph

Package: src:ntfs-3g; Maintainer for src:ntfs-3g is Laszlo Boszormenyi (GCS) <gcs@debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Thu, 21 Mar 2019 20:57:02 UTC

Severity: grave

Tags: fixed-upstream, security, upstream

Found in versions ntfs-3g/1:2016.2.22AR.1-3, ntfs-3g/1:2017.3.23AR.3-2, ntfs-3g/1:2016.2.22AR.1+dfsg-1

Fixed in versions ntfs-3g/1:2017.3.23AR.4-1, ntfs-3g/1:2016.2.22AR.1+dfsg-1+deb9u1, ntfs-3g/1:2017.3.23AR.3-3

Done: Laszlo Boszormenyi (GCS) <gcs@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, team@security.debian.org, Laszlo Boszormenyi (GCS) <gcs@debian.org>:
Bug#925255; Package src:ntfs-3g. (Thu, 21 Mar 2019 20:57:04 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, team@security.debian.org, Laszlo Boszormenyi (GCS) <gcs@debian.org>. (Thu, 21 Mar 2019 20:57:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: ntfs-3g: CVE-2019-9755: heap buffer overflow
Date: Thu, 21 Mar 2019 21:56:11 +0100
Source: ntfs-3g
Version: 1:2017.3.23AR.3-2
Severity: grave
Tags: security upstream fixed-upstream
Control: found -1 1:2016.2.22AR.1+dfsg-1
Control: fixed -1 1:2016.2.22AR.1+dfsg-1+deb9u1
Control: fixed -1 1:2017.3.23AR.4-1

Hi,

The following vulnerability was published for ntfs-3g, still filling
a bug for tracking.

CVE-2019-9755[0]:
heap buffer overflow

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-9755
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9755
[1] https://sourceforge.net/p/ntfs-3g/ntfs-3g/ci/85c1634a26faa572d3c558d4cf8aaaca5202d4e9/

Regards,
Salvatore

Marked as found in versions ntfs-3g/1:2016.2.22AR.1+dfsg-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to submit@bugs.debian.org. (Thu, 21 Mar 2019 20:57:04 GMT) (full text, mbox, link).

Marked as fixed in versions ntfs-3g/1:2016.2.22AR.1+dfsg-1+deb9u1. Request was from Salvatore Bonaccorso <carnil@debian.org> to submit@bugs.debian.org. (Thu, 21 Mar 2019 20:57:04 GMT) (full text, mbox, link).

Marked as fixed in versions ntfs-3g/1:2017.3.23AR.4-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to submit@bugs.debian.org. (Thu, 21 Mar 2019 20:57:05 GMT) (full text, mbox, link).

Marked as found in versions ntfs-3g/1:2016.2.22AR.1-3. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Thu, 21 Mar 2019 21:18:03 GMT) (full text, mbox, link).

Reply sent to Laszlo Boszormenyi (GCS) <gcs@debian.org>:
You have taken responsibility. (Fri, 22 Mar 2019 00:39:03 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Fri, 22 Mar 2019 00:39:03 GMT) (full text, mbox, link).

Message #18 received at 925255-close@bugs.debian.org (full text, mbox, reply):

From: Laszlo Boszormenyi (GCS) <gcs@debian.org>
To: 925255-close@bugs.debian.org
Subject: Bug#925255: fixed in ntfs-3g 1:2017.3.23AR.3-3
Date: Fri, 22 Mar 2019 00:36:49 +0000
Source: ntfs-3g
Source-Version: 1:2017.3.23AR.3-3

We believe that the bug you reported is fixed in the latest version of
ntfs-3g, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 925255@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <gcs@debian.org> (supplier of updated ntfs-3g package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 21 Mar 2019 23:52:51 +0000
Source: ntfs-3g
Architecture: source
Version: 1:2017.3.23AR.3-3
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Closes: 925255
Changes:
 ntfs-3g (1:2017.3.23AR.3-3) unstable; urgency=high
 .
   [ Salvatore Bonaccorso <carnil@debian.org> ]
   * Fix heap-based buffer overflow (CVE-2019-9755) (closes: #925255).
Checksums-Sha1:
 1af5228c5b3888a83b3fcdf95727922f1023d3dd 2176 ntfs-3g_2017.3.23AR.3-3.dsc
 79893964d4b1c952cbc83aaad63f1043889211e7 23024 ntfs-3g_2017.3.23AR.3-3.debian.tar.xz
 ce6139d2c2c1d2e1e71e0f65f1692769efba72c5 9048 ntfs-3g_2017.3.23AR.3-3_amd64.buildinfo
Checksums-Sha256:
 aa77d40ad25d04c2ec569ab16dbaa8e116dd3b16cd6377c5897e8c8cbe0415ad 2176 ntfs-3g_2017.3.23AR.3-3.dsc
 029fb1f91bd69c9e7ca125ddca2524e0288724db022dc2bfd9c7c6cb6f648629 23024 ntfs-3g_2017.3.23AR.3-3.debian.tar.xz
 bf9ba2263583fffb08038655978acd32f2724c65aece98761dfac9cc7f67c243 9048 ntfs-3g_2017.3.23AR.3-3_amd64.buildinfo
Files:
 9544f562f7a61c347cd456a86ceea06a 2176 otherosfs optional ntfs-3g_2017.3.23AR.3-3.dsc
 3f7c4578f6e7e85b45706c74a9eb21d7 23024 otherosfs optional ntfs-3g_2017.3.23AR.3-3.debian.tar.xz
 0bcbab542a07710591c2ff009d582061 9048 otherosfs optional ntfs-3g_2017.3.23AR.3-3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAlyUKOUACgkQ3OMQ54ZM
yL/a3A//UjP42v/IwgRbwhTpXbYNeR8QP/icS3ZFah4i416EqLdYY7XSMqjZY/MH
vc3ISSTpySoS0Z42qvbpM/hpUjKPPT9Tfz/u87FZffftf+QigehgAlHTMZEYRqBi
kVpV1DQAqKVzjazSMidQq24c77g5PiBcr19wsC57thoOV+IYavAIat/yhU2wdTQO
3YZ9dkZdvOtV8v1wygItkX0MzO5KJHKyiI6Ti32XIzZm+rgC3BvrdgJpDVQEa2lo
ktXoRfJ/ZvqarXBP7BxBlVvBV47n5m6Hfd5ARXNISd2WJhVT4qyMDerV7uWI6BeH
CCT9Rl9dtcgPQ34nZD0kIQrN020AXU8ALOoKko9hF84cgzjJMcIySSWaI3io3Rtx
4ShUVZrbKZ0QsgnIsBX0SJ9zMjepb6lai5kQHoynZq/79YHC6jx12ODd6E0GEPEP
CXxPRMA6ZONk1eyEr8YRUYsE6tYBnnkHIE6XcAbM/THKRiWE29D/z+6SZ42R60/N
Lsnw70YWIzztdmHbwlvxvaRh4rGJ27EnTvyN0Gbo0sKiCgIZRJe37PE6YgnO0jzu
2bS15ajSysH/bJNqZqyxHeuO09Oy8KlYc8B8ckmyaOYrlJjmCpVO6q9bs7GNd5TW
X6j5YrQc6iq7B3r+1TAFOkz3TjHQtpesqWsc74Bm2Va35QsupEc=
=8tmI
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 28 Apr 2019 07:33:23 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 17:36:27 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started