Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2024-0911

Source

Debian Bug report logs - #1061543
indent: CVE-2024-0911

Package: src:indent; Maintainer for src:indent is Santiago Vila <sanvila@debian.org>;

Reported by: Moritz Mühlenhoff <jmm@inutil.org>

Date: Fri, 26 Jan 2024 07:57:02 UTC

Severity: important

Tags: fixed-upstream, patch, security, upstream

Found in versions indent/2.2.13-3, indent/2.2.12-1, indent/2.2.12-4+deb12u2

Fixed in version indent/2.2.13-4

Done: Santiago Vila <sanvila@debian.org>

Forwarded to https://lists.gnu.org/archive/html/bug-indent/2024-01/msg00001.html

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, Santiago Vila <sanvila@debian.org>:
Bug#1061543; Package src:indent. (Fri, 26 Jan 2024 07:57:04 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Mühlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Santiago Vila <sanvila@debian.org>. (Fri, 26 Jan 2024 07:57:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Source: indent
X-Debbugs-CC: team@security.debian.org
Severity: normal
Tags: security

Hi,

This was assigned CVE-2024-0911:
https://lists.gnu.org/archive/html/bug-indent/2024-01/msg00001.html

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-0911
    https://www.cve.org/CVERecord?id=CVE-2024-0911

Please adjust the affected versions in the BTS as needed.

Added tag(s) fixed-upstream, upstream, and patch. Request was from Andrej Shadura <andrew.shadura@collabora.co.uk> to control@bugs.debian.org. (Fri, 26 Jan 2024 08:54:02 GMT) (full text, mbox, link).

Set Bug forwarded-to-address to 'https://lists.gnu.org/archive/html/bug-indent/2024-01/msg00001.html'. Request was from Andrej Shadura <andrew.shadura@collabora.co.uk> to control@bugs.debian.org. (Fri, 26 Jan 2024 08:54:03 GMT) (full text, mbox, link).

Marked as found in versions indent/2.2.13-3. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Fri, 26 Jan 2024 13:33:02 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#1061543; Package src:indent. (Fri, 26 Jan 2024 19:51:03 GMT) (full text, mbox, link).

Acknowledgement sent to Santiago Vila <sanvila@debian.org>:
Extra info received and forwarded to list. (Fri, 26 Jan 2024 19:51:03 GMT) (full text, mbox, link).

Message #16 received at 1061543@bugs.debian.org (full text, mbox, reply):

severity 1061543 important
found 1061543 2.2.12-1
found 1061543 2.2.12-4+deb12u2
thanks

El 26/1/24 a las 8:52, Moritz Mühlenhoff escribió:
> Source: indent
> X-Debbugs-CC: team@security.debian.org
> Severity: normal
> Tags: security
> 
> Hi,
> 
> This was assigned CVE-2024-0911:
> https://lists.gnu.org/archive/html/bug-indent/2024-01/msg00001.html
> 
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
[...]

Thanks for the report.

I've just applied the (code part of the) patch for unstable.

Can you confirm that proposed-updates is good enough to fix this in stable?
(i.e. no DSA, like other recent previous indent CVEs).

Thanks.

Severity set to 'important' from 'normal' Request was from Santiago Vila <sanvila@debian.org> to control@bugs.debian.org. (Fri, 26 Jan 2024 19:51:04 GMT) (full text, mbox, link).

Marked as found in versions indent/2.2.12-1. Request was from Santiago Vila <sanvila@debian.org> to control@bugs.debian.org. (Fri, 26 Jan 2024 19:51:04 GMT) (full text, mbox, link).

Marked as found in versions indent/2.2.12-4+deb12u2. Request was from Santiago Vila <sanvila@debian.org> to control@bugs.debian.org. (Fri, 26 Jan 2024 19:51:05 GMT) (full text, mbox, link).

Reply sent to Santiago Vila <sanvila@debian.org>:
You have taken responsibility. (Fri, 26 Jan 2024 19:51:07 GMT) (full text, mbox, link).

Notification sent to Moritz Mühlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. (Fri, 26 Jan 2024 19:51:07 GMT) (full text, mbox, link).

Message #27 received at 1061543-close@bugs.debian.org (full text, mbox, reply):

Source: indent
Source-Version: 2.2.13-4
Done: Santiago Vila <sanvila@debian.org>

We believe that the bug you reported is fixed in the latest version of
indent, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1061543@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Santiago Vila <sanvila@debian.org> (supplier of updated indent package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 26 Jan 2024 20:24:00 +0100
Source: indent
Architecture: source
Version: 2.2.13-4
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila <sanvila@debian.org>
Changed-By: Santiago Vila <sanvila@debian.org>
Closes: 1061543
Changes:
 indent (2.2.13-4) unstable; urgency=medium
 .
   * Fix a heap buffer underread in set_buf_break(). Closes: #1061543.
     Patch by Petr Písař <ppisar@redhat.com>.
     This is CVE-2024-0911.
Checksums-Sha1:
 5bfc643d66a123c5629806fc414e8ae6adc1a9bb 1433 indent_2.2.13-4.dsc
 1bec7cddc4e5b2ddaf294392bba3aec468f978cd 7464 indent_2.2.13-4.debian.tar.xz
 d2e776ac21aa26798279f4f62fb470ab51fe0c43 5535 indent_2.2.13-4_source.buildinfo
Checksums-Sha256:
 1a6a5559f4d1d2446bc4cec6f6b5b74560de4af92d67b9dba7203190d5b2934f 1433 indent_2.2.13-4.dsc
 9264c5d095e0f233c0e148f781f731718249bde0940ab244429761c9bb632e97 7464 indent_2.2.13-4.debian.tar.xz
 9620c27eaacc050da1e5949ef632a4ccdd8f4b39da29e162e2981920a4024456 5535 indent_2.2.13-4_source.buildinfo
Files:
 6fa5dc8bb77b90fd7a1ed64c05cc1d44 1433 devel optional indent_2.2.13-4.dsc
 77374a992145cc77b899e7d9675d828b 7464 devel optional indent_2.2.13-4.debian.tar.xz
 773303248e5f7e4b5da9fbf0807bc942 5535 devel optional indent_2.2.13-4_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAmW0B4sACgkQQc5/C58b
izJI+Qf+LcfVvIe0xMOZYGyh4kVotNBGQOUO8RDUJe5u/rKOl76WZl4rnqjTCic5
3IKugS5C8wYVJAVwBjRizI+XkC6ewW/5Fl5JOifhwnw2Rxk5B6EIWQJlckV60HmX
AODJCiR+8DW5L88wBFZpWdar1vlHMKAGnQIdqv11+Dp5DWF91o9ZEVThhDK+psW5
YB5YnLCxUudy+un8jGaam7dnHpfZ6O/ph4X5tEdwaY2QHg8ITO1OhibC0A9/rVYY
RzsSSZnL7flM1SMN8DaxrwQU7soasuzcIsSNepTTDtkpAj8FEbNrJ08X0PJHEjXf
sFR9KjDSpbUehhexgydbtZjeLPOUdQ==
=6kfF
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Jan 27 08:21:23 2024; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

indent: CVE-2024-0911

Debian Bug report logs - #1061543
indent: CVE-2024-0911

Vulmon Search

About

Products

Connect

indent: CVE-2024-0911

Debian Bug report logs - #1061543 indent: CVE-2024-0911

Vulmon Search

About

Products

Connect

Debian Bug report logs - #1061543
indent: CVE-2024-0911