Debian Bug report logs -
#892458
cfitsio: vulnerabilities
Reported by: Ole Streicher <olebole@debian.org>
Date: Fri, 9 Mar 2018 09:00:02 UTC
Severity: grave
Tags: security
Found in versions 3.370-2, 3.420-3
Fixed in version cfitsio/3.430-1
Done: Aurelien Jarno <aurel32@debian.org>
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian Astronomy Maintainers <debian-astro-maintainers@lists.alioth.debian.org>
:
Bug#892458
; Package cfitsio
.
(Fri, 09 Mar 2018 09:00:13 GMT) (full text, mbox, link).
Acknowledgement sent
to Ole Streicher <olebole@debian.org>
:
New Bug report received and forwarded. Copy sent to Debian Astronomy Maintainers <debian-astro-maintainers@lists.alioth.debian.org>
.
(Fri, 09 Mar 2018 09:00:13 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: cfitsio
Version: 3.420-3
Severity: grave
Tags: security
Hi,
a new version of cfitsio just came out, accompanied with the following
notice from upstream:
The NASA security team requires the following warning to all users of
CFITSIO:
=====
The CFITSIO open source software project contains vulnerabilities
that could allow a remote, unauthenticated attacker to take control
of a server running the CFITSIO software. These vulnerabilities
affect all servers and products running the CFITSIO software.
The CFITSIO team has released software updates to address these
vulnerabilities. There are no workarounds to address these
vulnerabilities. In all cases, the CFITSIO team is recommending an
immediate update to resolve the issues.
=====
I didn't check the specific problem, but it may be important to upgrade.
Best regards
Ole
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Astronomy Maintainers <debian-astro-maintainers@lists.alioth.debian.org>
:
Bug#892458
; Package cfitsio
.
(Fri, 09 Mar 2018 10:51:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Adrian Bunk <bunk@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian Astronomy Maintainers <debian-astro-maintainers@lists.alioth.debian.org>
.
(Fri, 09 Mar 2018 10:51:05 GMT) (full text, mbox, link).
Message #10 received at 892458@bugs.debian.org (full text, mbox, reply):
Control: retitle -1 cfitsio: vulnerabilities
Control: found -1 3.370-2
On Fri, Mar 09, 2018 at 09:56:39AM +0100, Ole Streicher wrote:
> Package: cfitsio
> Version: 3.420-3
> Severity: grave
> Tags: security
>
> Hi,
>
> a new version of cfitsio just came out, accompanied with the following
> notice from upstream:
>
> The NASA security team requires the following warning to all users of
> CFITSIO:
>
> =====
> The CFITSIO open source software project contains vulnerabilities
> that could allow a remote, unauthenticated attacker to take control
> of a server running the CFITSIO software. These vulnerabilities
> affect all servers and products running the CFITSIO software.
>
> The CFITSIO team has released software updates to address these
> vulnerabilities. There are no workarounds to address these
> vulnerabilities. In all cases, the CFITSIO team is recommending an
> immediate update to resolve the issues.
> =====
>
>
> I didn't check the specific problem, but it may be important to upgrade.
Even more important are DSAs backporting all required fixes (if any) to
stable and oldstable.
> Best regards
>
> Ole
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
Changed Bug title to 'cfitsio: vulnerabilities' from 'Security: please consider upgrade to 3.43(0)'.
Request was from Adrian Bunk <bunk@debian.org>
to 892458-submit@bugs.debian.org
.
(Fri, 09 Mar 2018 10:51:05 GMT) (full text, mbox, link).
Marked as found in versions 3.370-2.
Request was from Adrian Bunk <bunk@debian.org>
to 892458-submit@bugs.debian.org
.
(Fri, 09 Mar 2018 10:51:06 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Astronomy Maintainers <debian-astro-maintainers@lists.alioth.debian.org>
:
Bug#892458
; Package cfitsio
.
(Fri, 09 Mar 2018 13:21:09 GMT) (full text, mbox, link).
Acknowledgement sent
to Aurelien Jarno <aurelien@aurel32.net>
:
Extra info received and forwarded to list. Copy sent to Debian Astronomy Maintainers <debian-astro-maintainers@lists.alioth.debian.org>
.
(Fri, 09 Mar 2018 13:21:09 GMT) (full text, mbox, link).
Message #19 received at 892458@bugs.debian.org (full text, mbox, reply):
On 2018-03-09 12:47, Adrian Bunk wrote:
> Control: retitle -1 cfitsio: vulnerabilities
> Control: found -1 3.370-2
>
> On Fri, Mar 09, 2018 at 09:56:39AM +0100, Ole Streicher wrote:
> > Package: cfitsio
> > Version: 3.420-3
> > Severity: grave
> > Tags: security
> >
> > Hi,
> >
> > a new version of cfitsio just came out, accompanied with the following
> > notice from upstream:
> >
> > The NASA security team requires the following warning to all users of
> > CFITSIO:
> >
> > =====
> > The CFITSIO open source software project contains vulnerabilities
> > that could allow a remote, unauthenticated attacker to take control
> > of a server running the CFITSIO software. These vulnerabilities
> > affect all servers and products running the CFITSIO software.
> >
> > The CFITSIO team has released software updates to address these
> > vulnerabilities. There are no workarounds to address these
> > vulnerabilities. In all cases, the CFITSIO team is recommending an
> > immediate update to resolve the issues.
> > =====
> >
> >
> > I didn't check the specific problem, but it may be important to upgrade.
>
> Even more important are DSAs backporting all required fixes (if any) to
> stable and oldstable.
It's not clear what the security issue is. There is only this announce
from NASA, and it's not track as a CVE. Looking at the diff there are
many sprintf changed into snprintf, but I am not 100% sure it's the
issue or the sole issue.
Aurelien
--
Aurelien Jarno GPG: 4096R/1DDD8C9B
aurelien@aurel32.net http://www.aurel32.net
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Astronomy Maintainers <debian-astro-maintainers@lists.alioth.debian.org>
:
Bug#892458
; Package cfitsio
.
(Wed, 14 Mar 2018 15:27:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Ole Streicher <olebole@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian Astronomy Maintainers <debian-astro-maintainers@lists.alioth.debian.org>
.
(Wed, 14 Mar 2018 15:27:04 GMT) (full text, mbox, link).
Message #24 received at 892458@bugs.debian.org (full text, mbox, reply):
FYI
-------- Forwarded Message --------
Subject: [Debian-astro-maintainers] ftools update
Date: Wed, 14 Mar 2018 10:42:25 -0400
From: Michael Arida <Michael.Arida@nasa.gov>
To: debian-astro-maintainers@lists.alioth.debian.org
Dear Debian Astro Maintainers,
As you may have noticed CFITSIO was updated Friday (March 2) for a
major bug fix. Since you have a software bundle that uses what we
assume is CFITSIO somewhere under the hood, we wanted to let you know
that you should update that code. We are also expecting another
update in April.
If you have any questions or concerns, feel free to contact me.
Regards,
Mike Arida
____________________________________________________________
Michael Arida (ADNET) ASD/HEASARC
301.286.2291/1215 (voice/fax) Code 660, NASA/GSFC
michael.arida@nasa.gov Greenbelt, MD 20771
_______________________________________________
Debian-astro-maintainers mailing list
Debian-astro-maintainers@lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/debian-astro-maintainers
Reply sent
to Aurelien Jarno <aurel32@debian.org>
:
You have taken responsibility.
(Mon, 19 Mar 2018 00:39:04 GMT) (full text, mbox, link).
Notification sent
to Ole Streicher <olebole@debian.org>
:
Bug acknowledged by developer.
(Mon, 19 Mar 2018 00:39:04 GMT) (full text, mbox, link).
Message #29 received at 892458-close@bugs.debian.org (full text, mbox, reply):
Source: cfitsio
Source-Version: 3.430-1
We believe that the bug you reported is fixed in the latest version of
cfitsio, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 892458@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Aurelien Jarno <aurel32@debian.org> (supplier of updated cfitsio package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 19 Mar 2018 01:02:44 +0100
Source: cfitsio
Binary: libcfitsio5 libcfitsio-dev libcfitsio-bin libcfitsio-doc
Architecture: source
Version: 3.430-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Astronomy Maintainers <debian-astro-maintainers@lists.alioth.debian.org>
Changed-By: Aurelien Jarno <aurel32@debian.org>
Description:
libcfitsio-bin - CFITSIO based utilities
libcfitsio-dev - library for I/O with FITS format data files (development files)
libcfitsio-doc - documentation for CFITSIO
libcfitsio5 - shared library for I/O with FITS format data files
Closes: 892458
Changes:
cfitsio (3.430-1) unstable; urgency=medium
.
* New upstream version:
- Fixes unknown vulnerabilities (Closes: #892458).
- Rebase 07-pkgconfig-no-curl.patch.
* Update VCS URLs to salsa.debian.org.
* Rebuild all PDF documentation and ship it instead of the PS version.
Checksums-Sha1:
8eddffe5984f7045f0ae1706d653bad402d9792b 2264 cfitsio_3.430-1.dsc
78b6c36d5146e278b1904d4b6aa81bf1f5d186e5 4696718 cfitsio_3.430.orig.tar.gz
1149ce021c1f70b281a6f417c5fe88a8596e2373 18888 cfitsio_3.430-1.debian.tar.xz
135c1a8f757d76f2f937d9a6ad4631750dbf2417 5437 cfitsio_3.430-1_source.buildinfo
Checksums-Sha256:
637cf0eed2043ea4fda0374e44e87e64e313033534d2d6e1f8923bb46135421b 2264 cfitsio_3.430-1.dsc
c8deae752aba1e736336b01f0471d4004a497dc50bc1e01aad2eebb2574084e7 4696718 cfitsio_3.430.orig.tar.gz
cf3667130c9dcd2a9ac64750e19985160002e14ccfb29ba7467c18fc17348217 18888 cfitsio_3.430-1.debian.tar.xz
3c1f7e60c36a4788c3a725a9de89cacda0a5288022ead3217e2628be02fbc786 5437 cfitsio_3.430-1_source.buildinfo
Files:
498bae2d2b3d2e4dfc71d730bbf6ca06 2264 devel optional cfitsio_3.430-1.dsc
d23ab7cad8853bcb8b192681cb4cb7b8 4696718 devel optional cfitsio_3.430.orig.tar.gz
c2d2d744ed5148701a5dcd6a38b936bd 18888 devel optional cfitsio_3.430-1.debian.tar.xz
75772d8a194a763daa1d1a6f069ec838 5437 devel optional cfitsio_3.430-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUryGlb40+QrX1Ay4E4jA+JnoM2sFAlqu/kwACgkQE4jA+Jno
M2thgw/+LtnHu/4ErAxqonHGEuc9vzO9DjpScbgaymc4D7OoeolFX46P0daR/sL2
oCnPhEHR77DNjEHkw5ACdSTQ2J+cat7sE75Ok7UaTI+DvkAdOS4QFMtWkZTWZcll
u670sQ7a+2s8KgueAswrgi6fU8bECwOP+ZP21I9mAe6fGkDqk7P0slixnBLFu422
ILvGlxVm1maceXk6r+nVMTXzKPg4214oEVWbGZKC62wUAc0UeEAOMuDQea0iUCLd
Sh4djJSLyt/7B+NWZ4PHWcZvnD4wrJhXws+o7sflL/APNzsT06f+wjOb2Bo5ufKK
f/KMr1hM4720Rr+vRvV0MXftayIV/2l3TKcpirDgQyxn1DrTLYK6VUc3wXRxVERc
48xwQuNkv5eviGv0eO99qZlp+hrDay3rWQEt0xHdxLqkE4lh9GSaVf7wSxhV3RDv
8DTdGDD07tfUyrZ7Dinq1lqi8ciws/1+OMKXhUhop/+a89fsKGYpluijQ4qlMQeD
/7liLNMFBysY8z9+A/3+L3luVeD992C1qq8IhFVQeaUB9JLfhiwwIOqklyQPlqKl
Oh4Tq71cb6UOXh7XGOvBnyB2iYbPjksblS/fInWeImvvN8FnbI8+vlX7cEPjWyrZ
z5GJrZxlnDJV2Nc9Gv1Y8alqjp7M4nWJFx8QtUQD2vVMTGQ0wvE=
=6xxH
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Astronomy Maintainers <debian-astro-maintainers@lists.alioth.debian.org>
:
Bug#892458
; Package cfitsio
.
(Mon, 09 Apr 2018 00:27:03 GMT) (full text, mbox, link).
Acknowledgement sent
to sfowler@redhat.com
:
Extra info received and forwarded to list. Copy sent to Debian Astronomy Maintainers <debian-astro-maintainers@lists.alioth.debian.org>
.
(Mon, 09 Apr 2018 00:27:03 GMT) (full text, mbox, link).
Message #34 received at 892458@bugs.debian.org (full text, mbox, reply):
On Wed, 14 Mar 2018 16:22:19 +0100 Ole Streicher <olebole@debian.org> wrote:
> FYI
>
>
> -------- Forwarded Message --------
> Subject: [Debian-astro-maintainers] ftools update
> Date: Wed, 14 Mar 2018 10:42:25 -0400
> From: Michael Arida <Michael.Arida@nasa.gov>
> To: debian-astro-maintainers@lists.alioth.debian.org
>
>
> Dear Debian Astro Maintainers,
>
> As you may have noticed CFITSIO was updated Friday (March 2) for a
> major bug fix. Since you have a software bundle that uses what we
> assume is CFITSIO somewhere under the hood, we wanted to let you know
> that you should update that code. We are also expecting another
> update in April.
>
> If you have any questions or concerns, feel free to contact me.
>
> Regards,
> Mike Arida
> ____________________________________________________________
> Michael Arida (ADNET) ASD/HEASARC
> 301.286.2291/1215 (voice/fax) Code 660, NASA/GSFC
> michael.arida@nasa.gov Greenbelt, MD 20771
>
> _______________________________________________
> Debian-astro-maintainers mailing list
> Debian-astro-maintainers@lists.alioth.debian.org
> https://lists.alioth.debian.org/mailman/listinfo/debian-astro-maintainers
This has been assigned has been assigned CVE-2018-1000166.
Regards,
--
Sam Fowler, Red Hat Product Security
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Astronomy Maintainers <debian-astro-maintainers@lists.alioth.debian.org>
:
Bug#892458
; Package cfitsio
.
(Mon, 16 Apr 2018 20:42:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian Astronomy Maintainers <debian-astro-maintainers@lists.alioth.debian.org>
.
(Mon, 16 Apr 2018 20:42:02 GMT) (full text, mbox, link).
Message #39 received at 892458@bugs.debian.org (full text, mbox, reply):
Hi Sam,
On Mon, Apr 09, 2018 at 10:19:34AM +1000, Sam Fowler wrote:
> On Wed, 14 Mar 2018 16:22:19 +0100 Ole Streicher <olebole@debian.org> wrote:
> > FYI
> >
> >
> > -------- Forwarded Message --------
> > Subject: [Debian-astro-maintainers] ftools update
> > Date: Wed, 14 Mar 2018 10:42:25 -0400
> > From: Michael Arida <Michael.Arida@nasa.gov>
> > To: debian-astro-maintainers@lists.alioth.debian.org
> >
> >
> > Dear Debian Astro Maintainers,
> >
> > As you may have noticed CFITSIO was updated Friday (March 2) for a
> > major bug fix. Since you have a software bundle that uses what we
> > assume is CFITSIO somewhere under the hood, we wanted to let you know
> > that you should update that code. We are also expecting another
> > update in April.
> >
> > If you have any questions or concerns, feel free to contact me.
> >
> > Regards,
> > Mike Arida
> > ____________________________________________________________
> > Michael Arida (ADNET) ASD/HEASARC
> > 301.286.2291/1215 (voice/fax) Code 660, NASA/GSFC
> > michael.arida@nasa.gov Greenbelt, MD 20771
> >
> > _______________________________________________
> > Debian-astro-maintainers mailing list
> > Debian-astro-maintainers@lists.alioth.debian.org
> > https://lists.alioth.debian.org/mailman/listinfo/debian-astro-maintainers
>
> This has been assigned has been assigned CVE-2018-1000166.
Looking at
https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0531
https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0529
it looks for those issues already CVE-2018-3848, CVE-2018-3849 and
CVE-2018-3846 were assigned and CVE-2018-1000166 is duplicate. Can you
confirm? And if so ask for rejection of CVE-2018-1000166?
Regards,
Salvatore
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Astronomy Maintainers <debian-astro-maintainers@lists.alioth.debian.org>
:
Bug#892458
; Package cfitsio
.
(Tue, 17 Apr 2018 04:21:02 GMT) (full text, mbox, link).
Acknowledgement sent
to sfowler@redhat.com
:
Extra info received and forwarded to list. Copy sent to Debian Astronomy Maintainers <debian-astro-maintainers@lists.alioth.debian.org>
.
(Tue, 17 Apr 2018 04:21:02 GMT) (full text, mbox, link).
Message #44 received at 892458@bugs.debian.org (full text, mbox, reply):
On 17/04/18 06:40, Salvatore Bonaccorso wrote:
> Hi Sam,
>
> On Mon, Apr 09, 2018 at 10:19:34AM +1000, Sam Fowler wrote:
>> On Wed, 14 Mar 2018 16:22:19 +0100 Ole Streicher <olebole@debian.org> wrote:
>>> FYI
>>>
>>>
>>> -------- Forwarded Message --------
>>> Subject: [Debian-astro-maintainers] ftools update
>>> Date: Wed, 14 Mar 2018 10:42:25 -0400
>>> From: Michael Arida <Michael.Arida@nasa.gov>
>>> To: debian-astro-maintainers@lists.alioth.debian.org
>>>
>>>
>>> Dear Debian Astro Maintainers,
>>>
>>> As you may have noticed CFITSIO was updated Friday (March 2) for a
>>> major bug fix. Since you have a software bundle that uses what we
>>> assume is CFITSIO somewhere under the hood, we wanted to let you know
>>> that you should update that code. We are also expecting another
>>> update in April.
>>>
>>> If you have any questions or concerns, feel free to contact me.
>>>
>>> Regards,
>>> Mike Arida
>>> ____________________________________________________________
>>> Michael Arida (ADNET) ASD/HEASARC
>>> 301.286.2291/1215 (voice/fax) Code 660, NASA/GSFC
>>> michael.arida@nasa.gov Greenbelt, MD 20771
>>>
>>> _______________________________________________
>>> Debian-astro-maintainers mailing list
>>> Debian-astro-maintainers@lists.alioth.debian.org
>>> https://lists.alioth.debian.org/mailman/listinfo/debian-astro-maintainers
>>
>> This has been assigned has been assigned CVE-2018-1000166.
>
> Looking at
> https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0531
> https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0529
> it looks for those issues already CVE-2018-3848, CVE-2018-3849 and
> CVE-2018-3846 were assigned and CVE-2018-1000166 is duplicate. Can you
> confirm? And if so ask for rejection of CVE-2018-1000166?
>
> Regards,
> Salvatore
Hi Salvatore,
Looks like you are correct. I've request a rejection of CVE-2018-1000166
from DWF in favour of CVE-2018-3846. I've filed separate RH bugs for
CVE-2018-3848 and CVE-2018-3849.
Thanks for the heads up,
--
Sam Fowler, Red Hat Product Security
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Astronomy Maintainers <debian-astro-maintainers@lists.alioth.debian.org>
:
Bug#892458
; Package cfitsio
.
(Tue, 17 Apr 2018 05:27:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian Astronomy Maintainers <debian-astro-maintainers@lists.alioth.debian.org>
.
(Tue, 17 Apr 2018 05:27:04 GMT) (full text, mbox, link).
Message #49 received at 892458@bugs.debian.org (full text, mbox, reply):
Hi Sam,
On Tue, Apr 17, 2018 at 02:18:26PM +1000, Sam Fowler wrote:
> On 17/04/18 06:40, Salvatore Bonaccorso wrote:
> > Hi Sam,
> >
> > On Mon, Apr 09, 2018 at 10:19:34AM +1000, Sam Fowler wrote:
> >> On Wed, 14 Mar 2018 16:22:19 +0100 Ole Streicher <olebole@debian.org> wrote:
> >>> FYI
> >>>
> >>>
> >>> -------- Forwarded Message --------
> >>> Subject: [Debian-astro-maintainers] ftools update
> >>> Date: Wed, 14 Mar 2018 10:42:25 -0400
> >>> From: Michael Arida <Michael.Arida@nasa.gov>
> >>> To: debian-astro-maintainers@lists.alioth.debian.org
> >>>
> >>>
> >>> Dear Debian Astro Maintainers,
> >>>
> >>> As you may have noticed CFITSIO was updated Friday (March 2) for a
> >>> major bug fix. Since you have a software bundle that uses what we
> >>> assume is CFITSIO somewhere under the hood, we wanted to let you know
> >>> that you should update that code. We are also expecting another
> >>> update in April.
> >>>
> >>> If you have any questions or concerns, feel free to contact me.
> >>>
> >>> Regards,
> >>> Mike Arida
> >>> ____________________________________________________________
> >>> Michael Arida (ADNET) ASD/HEASARC
> >>> 301.286.2291/1215 (voice/fax) Code 660, NASA/GSFC
> >>> michael.arida@nasa.gov Greenbelt, MD 20771
> >>>
> >>> _______________________________________________
> >>> Debian-astro-maintainers mailing list
> >>> Debian-astro-maintainers@lists.alioth.debian.org
> >>> https://lists.alioth.debian.org/mailman/listinfo/debian-astro-maintainers
> >>
> >> This has been assigned has been assigned CVE-2018-1000166.
> >
> > Looking at
> > https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0531
> > https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0529
> > it looks for those issues already CVE-2018-3848, CVE-2018-3849 and
> > CVE-2018-3846 were assigned and CVE-2018-1000166 is duplicate. Can you
> > confirm? And if so ask for rejection of CVE-2018-1000166?
> >
> > Regards,
> > Salvatore
>
> Hi Salvatore,
>
> Looks like you are correct. I've request a rejection of CVE-2018-1000166
> from DWF in favour of CVE-2018-3846. I've filed separate RH bugs for
> CVE-2018-3848 and CVE-2018-3849.
>
> Thanks for the heads up,
Thanks a lot for confirming that quickly. I have removed as well any
CVE-2018-1000166 from our security-tracker now as well.
Regards,
Salvatore
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:55:59 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.