Debian Bug report logs -
#909161
hylafax: CVE-2018-17141
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 19 Sep 2018 06:36:01 UTC
Severity: grave
Tags: patch, security, upstream
Found in version hylafax/3:6.0.6-1
Fixed in versions hylafax/3:6.0.6-7+deb9u1, hylafax/3:6.0.6-8.1
Done: Salvatore Bonaccorso <carnil@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, team@security.debian.org, Giuseppe Sacco <eppesuig@debian.org>:
Bug#909161; Package src:hylafax.
(Wed, 19 Sep 2018 06:36:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, team@security.debian.org, Giuseppe Sacco <eppesuig@debian.org>.
(Wed, 19 Sep 2018 06:36:03 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: hylafax
Version: 3:6.0.6-1
Severity: grave
Tags: patch security upstream
Control: fixed -1 3:6.0.6-7+deb9u1
Hi,
The following vulnerability was published for hylafax:
CVE-2018-17141[0]. Fix commited as [1].
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-17141
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17141
[1] http://git.hylafax.org/HylaFAX?a=commit;h=82fa7bdbffc253de4d3e80a87d47fdbf68eabe36
Regards,
Salvatore
Marked as fixed in versions hylafax/3:6.0.6-7+deb9u1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to submit@bugs.debian.org.
(Wed, 19 Sep 2018 06:36:04 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Giuseppe Sacco <eppesuig@debian.org>:
Bug#909161; Package src:hylafax.
(Sun, 23 Sep 2018 06:27:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Giuseppe Sacco <eppesuig@debian.org>.
(Sun, 23 Sep 2018 06:27:06 GMT) (full text, mbox, link).
Message #12 received at 909161@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Control: tags 909161 + pending
Dear maintainer,
I've prepared an NMU for hylafax (versioned as 3:6.0.6-8.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.
Regards,
Salvatore
[hylafax-6.0.6-8.1-nmu.diff (text/x-diff, attachment)]
[signature.asc (application/pgp-signature, inline)]
Added tag(s) pending.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to 909161-submit@bugs.debian.org.
(Sun, 23 Sep 2018 06:27:07 GMT) (full text, mbox, link).
Reply sent
to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility.
(Tue, 25 Sep 2018 07:09:05 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Tue, 25 Sep 2018 07:09:05 GMT) (full text, mbox, link).
Message #19 received at 909161-close@bugs.debian.org (full text, mbox, reply):
Source: hylafax
Source-Version: 3:6.0.6-8.1
We believe that the bug you reported is fixed in the latest version of
hylafax, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 909161@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated hylafax package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 23 Sep 2018 08:11:23 +0200
Source: hylafax
Binary: hylafax-server hylafax-client hylafax-server-dbg hylafax-client-dbg
Architecture: source
Version: 3:6.0.6-8.1
Distribution: unstable
Urgency: high
Maintainer: Giuseppe Sacco <eppesuig@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 909161
Description:
hylafax-client - Flexible client/server fax software - client utilities
hylafax-client-dbg - Flexible client/server fax software - client utilities
hylafax-server - Flexible client/server fax software - server daemons
hylafax-server-dbg - Debug symbols for the hylafax server
Changes:
hylafax (3:6.0.6-8.1) unstable; urgency=high
.
* Non-maintainer upload.
* A remote attacker can write to an unitialized pointer during a FAX
reception session in Hylafax (CVE-2018-17141) (Closes: #909161)
Checksums-Sha1:
3f32ca346b137d0639ad2d3171a0e06f14d19ad4 2281 hylafax_6.0.6-8.1.dsc
8fe48b806978ec51f5f844c7b677ba34fc08750d 68252 hylafax_6.0.6-8.1.debian.tar.xz
Checksums-Sha256:
a3f48a16c110595fa903cf88a1c389f12bd1774b1d377bdd2c4509ae77571128 2281 hylafax_6.0.6-8.1.dsc
4a5b4ad59bb0e43e38fa613fd6a1ae465380c34b0d70734063b8b8040f6332d6 68252 hylafax_6.0.6-8.1.debian.tar.xz
Files:
4c56f3b78bc97260ed95cc53d27b4ac8 2281 comm extra hylafax_6.0.6-8.1.dsc
17abf77ce99e83500effbf9ee1e40b58 68252 comm extra hylafax_6.0.6-8.1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlunMOhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EG2UP/0YKX/qwUSBkTbvoK/mpjnH5y654HMbp
qTbGwGZGOZ/2tuQ6WZBBi/xR/jPFlx9RSQKpxBaGknAbOhkTzHDw+qY9R+RIDguY
jBvbbNir1ZcgzqKfcKmOh8fHmEaiHKnkiFLLwXI8EOVolUTTADrPnAOh+eXjp2Ff
dIwCeGr2WYYRvzO7xW6nHZKQgXkfZ6fw7y+QnTmIDqoCGqVnrCag+RtpPHpH+S4L
1LWLITCFIiKP+okg4sD2j1hOUeLOZtjc3F0UYQg+QTl3IHrufKQoV4b9Qn2eVq6C
0Q7ZrKRaWjDJbzmjLo1QeFOrar6+6ftVpZBKyS38Wvad9LVVNaWGB5bCXQS+xE7m
MOiMNlQjzKgaer/YED+MzyrKMxbibJLK5C5SDx0aIiy3+3K9PESQPCh/TR0cZrXD
0PdME6tTdgiE09CS/PT3ix3/NBENI2YNBwl15WrwLYmgJJTe7viyieukP5dhvG92
QR7RxbxfDROu3FvEaFMHiA/r7ozfYY8n8IJSs/YTRuoNM//w92pEtRTtGuHP4FrG
gTPCnF8wAjUesG2nW+fX4NZ4vtgWY2TKBa3ltpw1UaHIt5h6DJXOkCIQYIuW8tSl
1rSrF8R4Z5RD6YVebPkaOKMHdzdL1Ubtg5HVDDZ1KBfKAdXPJGEpLAdgYkgDrvTg
2bf5ydDpwddY
=n/oR
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 11 Nov 2018 07:32:44 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:05:52 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon