Debian Bug report logs -
#924613
CVE-2009-5155
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Thu, 14 Mar 2019 21:45:01 UTC
Severity: grave
Tags: security
Found in version gnulib/20140202+stable-3.1
Fixed in versions gnulib/20180621~6979c25-1, gnulib/20140202+stable-3.2
Done: Salvatore Bonaccorso <carnil@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#924613; Package src:gnulib.
(Thu, 14 Mar 2019 21:45:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian QA Group <packages@qa.debian.org>.
(Thu, 14 Mar 2019 21:45:03 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: gnulib
Severity: grave
Tags: security
Please see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155
Patch:
http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272
Cheers,
Moritz
Marked as found in versions gnulib/20140202+stable-3.1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Thu, 14 Mar 2019 22:36:06 GMT) (full text, mbox, link).
Marked as fixed in versions gnulib/20180621~6979c25-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Thu, 14 Mar 2019 22:36:07 GMT) (full text, mbox, link).
Reply sent
to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility.
(Fri, 15 Mar 2019 20:45:03 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Fri, 15 Mar 2019 20:45:03 GMT) (full text, mbox, link).
Message #14 received at 924613-close@bugs.debian.org (full text, mbox, reply):
Source: gnulib
Source-Version: 20140202+stable-3.2
We believe that the bug you reported is fixed in the latest version of
gnulib, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 924613@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated gnulib package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 15 Mar 2019 21:08:27 +0100
Source: gnulib
Architecture: source
Version: 20140202+stable-3.2
Distribution: unstable
Urgency: medium
Maintainer: build-common team <team+build-common@tracker.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 924613
Changes:
gnulib (20140202+stable-3.2) unstable; urgency=medium
.
* Non-maintainer upload.
* Diagnose ERE '()|\1' (CVE-2009-5155) (Closes: #924613)
Checksums-Sha1:
297977f5968f44a72aa0a96ffa21207e5036978c 2248 gnulib_20140202+stable-3.2.dsc
fe027c6e84925791f43c7329f51f47bdcb6588d6 291480 gnulib_20140202+stable-3.2.debian.tar.xz
Checksums-Sha256:
b73f3740740eccdfa7897e51a1b02185cc6e0650f54348d2cfcc623992aa4eb7 2248 gnulib_20140202+stable-3.2.dsc
72af86028654a4bbf7be37eaffb247f33e11bccd78d21d06a7e76110a5723afd 291480 gnulib_20140202+stable-3.2.debian.tar.xz
Files:
86029ab0a3519f1560c87fc3cd75bb5b 2248 devel optional gnulib_20140202+stable-3.2.dsc
5f2e99721ec0e636fbd4e1c65d06252e 291480 devel optional gnulib_20140202+stable-3.2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlyMBxVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EDrgQAI3hUp7cswWuHs8ygLWgAVi9ZuJTO050
Ye5SxIsKZIfFXgCCjpDpFM465necah8UXu0qYnRDCpBgQBR9zixZ1oklKKxA+2Nf
S64d6thMVAtErLTG2PCvnwsS/lnfwYENzW6P9TGEjVctXFdSNbx0vUou+PnJl/8O
XaqglIx4oPehCWMjEiFyee9zpOpp5f6xbC2Z2x7Ij9YKIYOSC4QRZjAJESDPQmmj
DoS/bglr1o7SE1gIbEtGrtoSutIF9OXyWwH9pBuOw3tjoW9Xqywlonucam0oc4RH
mH9fTuC7L4zL8F8M3j6PT7OYa3FuZ/cWUFBwV+MZSf1GXtkWBFwca78txOq4G+BU
NofQVb6GVSRrm5DivLvdhFuyfYMqTysGUna3XEQPmCgY7c3QB1anQ6YJ7iNCDBfv
Jqvh6gHf2oWxvnJbmepD0uBWbznTPD11ALFZJt39VMjlAj8+hW5b3De7lMTHMn6W
CJqfPkiaE1zoROU5pwVtyBZxC9sloAmXtQ90X2L3YH4QkYutTyGox3ULpQbjYPR8
Mr8wi8Vbv/ITYJUS/g2CmzLyyzC6SymltMdC9QxwlaHR86cKyGKDL2YULR1QhCdb
Wk9sKnjWZeXRHDZfrm83UeZHsnkGROQmZBTXYSov35SmvHtzDSSEtYicPSYCWHuR
/Se/NYwmTKuH
=gDWk
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 13 Apr 2019 07:27:22 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:50:03 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon