Bug#902724: marked as done (CVE-2018-1000517)

To: Ben Hutchings <ben@decadent.org.uk>
Subject: Bug#902724: marked as done (CVE-2018-1000517)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Fri, 13 Jul 2018 03:51:07 +0000
Message-id: <[🔎] handler.902724.D902724.153145375432058.ackdone@bugs.debian.org>
Reply-to: 902724@bugs.debian.org
References: <E1fdp4x-00093b-79@fasolo.debian.org> <153030645270.17917.7889477078740923156.reportbug@hullmann.westfalen.local>

Your message dated Fri, 13 Jul 2018 03:49:11 +0000
with message-id <E1fdp4x-00093b-79@fasolo.debian.org>
and subject line Bug#902724: fixed in busybox 1:1.27.2-3
has caused the Debian Bug report #902724,
regarding CVE-2018-1000517
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
902724: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902724
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: CVE-2018-1000517

From: Moritz Muehlenhoff <jmm@debian.org>

Date: Fri, 29 Jun 2018 23:07:32 +0200

Message-id: <153030645270.17917.7889477078740923156.reportbug@hullmann.westfalen.local>
Package: busybox
Version: 1:1.27.2-2
Severity: important
Tags: security

This was assigned CVE-2018-1000517:
https://git.busybox.net/busybox/commit/?id=8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e

Cheers,
        Moritz
--- End Message ---

--- Begin Message ---

To: 902724-close@bugs.debian.org
Subject: Bug#902724: fixed in busybox 1:1.27.2-3
From: Ben Hutchings <ben@decadent.org.uk>
Date: Fri, 13 Jul 2018 03:49:11 +0000
Message-id: <E1fdp4x-00093b-79@fasolo.debian.org>

Source: busybox
Source-Version: 1:1.27.2-3

We believe that the bug you reported is fixed in the latest version of
busybox, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 902724@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ben Hutchings <ben@decadent.org.uk> (supplier of updated busybox package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 13 Jul 2018 04:19:08 +0100
Source: busybox
Binary: busybox busybox-static busybox-udeb busybox-syslogd udhcpc udhcpd
Architecture: source
Version: 1:1.27.2-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Install System Team <debian-boot@lists.debian.org>
Changed-By: Ben Hutchings <ben@decadent.org.uk>
Description:
 busybox    - Tiny utilities for small and embedded systems
 busybox-static - Standalone rescue shell with tons of builtin utilities
 busybox-syslogd - Provides syslogd and klogd using busybox
 busybox-udeb - Tiny utilities for the debian-installer (udeb)
 udhcpc     - Provides the busybox DHCP client implementation
 udhcpd     - Provides the busybox DHCP server implementation
Closes: 886506 902724
Changes:
 busybox (1:1.27.2-3) unstable; urgency=medium
 .
   [ Cyril Brulebois ]
   * Update Vcs-{Browser,Git} to point to salsa (alioth's replacement).
 .
   [ Chris Lamb ]
   * PEP8 fixes.
 .
   [ Ben Hutchings ]
   * Stop overriding stack alignment on i386 (Closes: #886506)
   * Apply security fixes for wget from upstream:
     - wget: more thorough sanitization of other side's data
     - wget: check chunk length for overflowing off_t (CVE-2018-1000517)
       (Closes: #902724)
     - wget: handle URLs with @ or hash differently
Checksums-Sha1:
 efb1505df34962853cf3ae29ad54af5bdec84d5e 2240 busybox_1.27.2-3.dsc
 a60a1544351f1d926b9786f1f22cbc50432442c7 56412 busybox_1.27.2-3.debian.tar.xz
 d108a27671ea486dc66187a51a9c6e0bf9db93ce 5939 busybox_1.27.2-3_source.buildinfo
Checksums-Sha256:
 cc8de54c17b58f0563cfd0f7c942d64ff909963443ba872f316e06f4f50812b1 2240 busybox_1.27.2-3.dsc
 369f054e959cde26a16849a62804bad18bd3a29dc003e77c6ac80444cfc0878d 56412 busybox_1.27.2-3.debian.tar.xz
 fada18f659a2e5a608e2b2e0e91918a22f58bbc3f5b5ab41319a77a09fb36b23 5939 busybox_1.27.2-3_source.buildinfo
Files:
 66b2f2f538d552d261b8f920ac0b8548 2240 utils optional busybox_1.27.2-3.dsc
 07e82f2c84b58f6781abdb7b1bff10f7 56412 utils optional busybox_1.27.2-3.debian.tar.xz
 bd5e8b78f4c435b5545f95bdf48dd319 5939 utils optional busybox_1.27.2-3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAltIHeoACgkQ57/I7JWG
EQlpxRAAknoRBxSR/Ul6fllnMxO6nX4P7ns5MsQhsnrQ4Nq1gKlsD7muM+nkE/Xb
MVgqWr+0n2AwsOwb7PPTC/0WO8Q7KeDBsVvxoW4RkXFR+plYympQ/1HT5nMLF3PD
duBfAuaPsDztPjauiZVdQ2cP0x7NQSg9FNnAxUWpaq2kNzQzDfNc5rAASXMHcWqJ
MCn4VFQRe345ryBS14pccpCjrPp9oVJe+LPfg25m02lB6FEbOsXGxc0KW9UFNV+l
BJel6UlieIhdsOCvr3ulRR1zNkrF24ZcO3+2+UdbYe8LrJ9nKgIEddaaEg8VTcVY
FYSmurRdxWuoDIiFNi7pD3t8Ow16PUFi4TamnZ6iuKTgotjTAxvxXIFBBOorLAUt
8Rel0yzxO1YA+D6iVJWKERSZTNgUn0pUmKVJQPUUCEerOPisFVi2aC05EFL5z/zL
jMdim4KeFLivfJrh4H0VUUD8GK431aoU9HBkOZgyeJsYmzWkOhTMKdiBIGakWAQr
sZ1+lEQeV7w4m0ZLTFRE1GdR5L4VOxOiBMvkDaLf32G42QZN4f7IXFySc6ESMvxm
OUYhWV4PmukHzGT8NG2zG88uGdOyI75nmTk2RXaTk6e/N+2uLTSojWIfU3xBTQaV
CzEp18LbmjHDBMhdDYzC1OywO6ypSb2/AGn7u1oWSkonjRoeUFw=
=Nlmf
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Processed: Bug #902724 in busybox marked as pending
Next by Date: Processing of busybox_1.27.2-3_source.changes
Previous by thread: Processed: Bug #902724 in busybox marked as pending
Next by thread: Processing of busybox_1.27.2-3_source.changes
Index(es):
- Date
- Thread