Debian Bug report logs -
#847275
zlib: CVE-2016-9843
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 6 Dec 2016 21:06:02 UTC
Severity: important
Tags: patch, security, upstream
Found in version zlib/1:1.2.8.dfsg-2
Fixed in version zlib/1:1.2.8.dfsg-3
Done: Mark Brown <broonie@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Mark Brown <broonie@debian.org>:
Bug#847275; Package src:zlib.
(Tue, 06 Dec 2016 21:06:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Mark Brown <broonie@debian.org>.
(Tue, 06 Dec 2016 21:06:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: zlib
Version: 1:1.2.8.dfsg-2
Severity: important
Tags: security upstream patch
Hi,
the following vulnerability was published for zlib.
CVE-2016-9843[0]:
No description was found (try on a search engine)
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-9843
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9843
[1] https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Reply sent
to Mark Brown <broonie@debian.org>:
You have taken responsibility.
(Wed, 07 Dec 2016 10:24:09 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Wed, 07 Dec 2016 10:24:09 GMT) (full text, mbox, link).
Message #10 received at 847275-close@bugs.debian.org (full text, mbox, reply):
Source: zlib
Source-Version: 1:1.2.8.dfsg-3
We believe that the bug you reported is fixed in the latest version of
zlib, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 847275@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mark Brown <broonie@debian.org> (supplier of updated zlib package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 07 Dec 2016 09:15:05 +0000
Source: zlib
Binary: zlib1g zlib1g-dev zlib1g-dbg zlib1g-udeb lib64z1 lib64z1-dev lib32z1 lib32z1-dev libn32z1 libn32z1-dev
Architecture: source amd64
Version: 1:1.2.8.dfsg-3
Distribution: unstable
Urgency: high
Maintainer: Mark Brown <broonie@debian.org>
Changed-By: Mark Brown <broonie@debian.org>
Description:
lib32z1 - compression library - 32 bit runtime
lib32z1-dev - compression library - 32 bit development
lib64z1 - compression library - 64 bit runtime
lib64z1-dev - compression library - 64 bit development
libn32z1 - compression library - n32 runtime
libn32z1-dev - compression library - n32 development
zlib1g - compression library - runtime
zlib1g-dbg - compression library - development
zlib1g-dev - compression library - development
zlib1g-udeb - compression library - runtime for Debian installer (udeb)
Closes: 847270 847274 847275
Changes:
zlib (1:1.2.8.dfsg-3) unstable; urgency=high
.
* Apply upstream fix for CVE-2016-9841 (closes: #847270).
* Apply upstream fix for CVE-2016-9842 (closes: #847274).
* Apply upstream fix for CVE-2016-9843 (closes: #847275).
* Standards version 3.9.8 (no changes).
Checksums-Sha1:
5155d5c4b2880d1136b1475cf3e0f61a8cea92cf 2153 zlib_1.2.8.dfsg-3.dsc
415adbe30d92dacc119639ab9c5532a45d5c82d2 16596 zlib_1.2.8.dfsg-3.debian.tar.xz
3c9c7546ac4ef65ed46dc705b6995ca875129884 90658 lib32z1-dev_1.2.8.dfsg-3_amd64.deb
8dfd28037440a0f577ace36941b86af96259168a 88148 lib32z1_1.2.8.dfsg-3_amd64.deb
7a56e2cb3cd5304bd9b4e78924fb0fce8126801d 184678 zlib1g-dbg_1.2.8.dfsg-3_amd64.deb
03582e66c238dda58646aeb89edb421e56b706aa 204894 zlib1g-dev_1.2.8.dfsg-3_amd64.deb
ca78f5416a2dfc2caa561c808ecad4ca2add95eb 48456 zlib1g-udeb_1.2.8.dfsg-3_amd64.udeb
01fd9f6915b2b3400a10af6fa9919c95fc57c23f 87408 zlib1g_1.2.8.dfsg-3_amd64.deb
12d321e1c0da7b3a21485869ebe69662bb499fa5 6655 zlib_1.2.8.dfsg-3_amd64.buildinfo
Checksums-Sha256:
c71341b1a4f17cdb093442683c9bd85d9e4f7a59fe7a4d0e46b7d5203ff61c49 2153 zlib_1.2.8.dfsg-3.dsc
190e2d2384c98cda2fb4213b9ca8c693e130ddb9ff7ef79d71448ef954d73d78 16596 zlib_1.2.8.dfsg-3.debian.tar.xz
2c29a0f0b40b528d0764627d48f9f2808b6a630c9a76c73276f2b9a710221ed4 90658 lib32z1-dev_1.2.8.dfsg-3_amd64.deb
4c38f3b65c9f6299aad342b7575bdf293f4d8d43182518ef689a648d39317527 88148 lib32z1_1.2.8.dfsg-3_amd64.deb
f81354af570214e0c3c294317bbd6f51371216006663cc1eaaecf55ae96f0ca0 184678 zlib1g-dbg_1.2.8.dfsg-3_amd64.deb
1cf5cbba2ad0704698d7492ab70aebce8f7ad448b09e52f53cc87887bbe22828 204894 zlib1g-dev_1.2.8.dfsg-3_amd64.deb
e7527e20330f6a57c9ffe28f42ee2d8be07d07f60e068d6f76ac852d072e0689 48456 zlib1g-udeb_1.2.8.dfsg-3_amd64.udeb
d64931c8032ab28dacfc94f7f9f50d487d9cb41906a774ea3f615d947db1e3c0 87408 zlib1g_1.2.8.dfsg-3_amd64.deb
609c500a7f1f11a85d8a766d32f851c5c1e5df969571487902ebe464239bcf08 6655 zlib_1.2.8.dfsg-3_amd64.buildinfo
Files:
cf5274954e37460dd68bae6ecb0537a9 2153 libs optional zlib_1.2.8.dfsg-3.dsc
1383afa4afad1b3988e5c898708cfb6d 16596 libs optional zlib_1.2.8.dfsg-3.debian.tar.xz
fa03aebd86ffc749ab1dd30272203c3a 90658 libdevel optional lib32z1-dev_1.2.8.dfsg-3_amd64.deb
b4575acc0b32b0a4b2eb0968c6bdb768 88148 libs optional lib32z1_1.2.8.dfsg-3_amd64.deb
39359aba4954e824899a45a31bedbe73 184678 debug extra zlib1g-dbg_1.2.8.dfsg-3_amd64.deb
069f83e1fec767793e535949cd76d589 204894 libdevel optional zlib1g-dev_1.2.8.dfsg-3_amd64.deb
a9fa89f5e8d07ef167fdd1fe0db3f887 48456 debian-installer optional zlib1g-udeb_1.2.8.dfsg-3_amd64.udeb
a840cc91160b8930b5baaeb92c0337cd 87408 libs required zlib1g_1.2.8.dfsg-3_amd64.deb
82117ac9364f7682b247fee649700e66 6655 libs optional zlib_1.2.8.dfsg-3_amd64.buildinfo
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
iQFHBAEBCAAxFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAlhH3GATHGJyb29uaWVA
ZGViaWFuLm9yZwAKCRAk1otyXVSH0O5hB/451L+5j+hHDl0wr67suhea57GOjEZv
HeWU1bUjmV9sQh+JAhjtwSjFcEgNY1HmoxKmPDWTwlRaoIHNh4861IU7uWA7ILFO
gJXGjj017dYULjCShGE+xpPgDkJoSlT6S0XeMVwup7YXLJWB0NgC8NVgWT+uY2DB
DDH2KVZ1+SxfxbH73+hID5FJr6pltHTMSQvBF16oSXvoRPtcJdGx9L4x7fbqe7TP
oGvfO/bzyWU30ax40wONyuaVvgeNI6+1hqt9+PUdZMLIphSyoUvFlTsUtvmlG1YY
/HAmE/B4IL+EdITnvrMYaGiwTtozBApkemM3HfrL4E8VXKXypDOe89Y4
=DE+b
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 27 Jan 2017 11:04:58 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:06:19 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon