Bug#949325: marked as done (libmysofa: CVE-2020-6860)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Mon, 10 Feb 2020 21:19:33 +0000
with message-id <E1j1GSr-00044Z-M6@fasolo.debian.org>
and subject line Bug#949325: fixed in libmysofa 1.0~dfsg0-1
has caused the Debian Bug report #949325,
regarding libmysofa: CVE-2020-6860
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
949325: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949325
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: libmysofa: CVE-2020-6860
• From: Salvatore Bonaccorso <carnil@debian.org>
• Date: Sun, 19 Jan 2020 21:11:20 +0100
• Message-id: <157946468046.1528063.15719266069216898084.reportbug@eldamar.local>

Source: libmysofa
Version: 0.9.1~dfsg0-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/hoene/libmysofa/issues/96

Hi,

The following vulnerability was published for libmysofa.

CVE-2020-6860[0]:
| libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar in
| hdf/dataobject.c during the reading of a header message attribute.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2020-6860
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6860
[1] https://github.com/hoene/libmysofa/issues/96
[2] https://github.com/hoene/libmysofa/commit/c31120a4ddfe3fc705cfdd74da7e884e1866da85

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

• To: 949325-close@bugs.debian.org
• Subject: Bug#949325: fixed in libmysofa 1.0~dfsg0-1
• From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
• Date: Mon, 10 Feb 2020 21:19:33 +0000
• Message-id: <E1j1GSr-00044Z-M6@fasolo.debian.org>
• Reply-to: IOhannes m zmölnig (Debian/GNU) <umlaeute@debian.org>

Source: libmysofa
Source-Version: 1.0~dfsg0-1

We believe that the bug you reported is fixed in the latest version of
libmysofa, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 949325@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
IOhannes m zmölnig (Debian/GNU) <umlaeute@debian.org> (supplier of updated libmysofa package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 10 Feb 2020 22:01:08 +0100
Source: libmysofa
Architecture: source
Version: 1.0~dfsg0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: IOhannes m zmölnig (Debian/GNU) <umlaeute@debian.org>
Closes: 949325
Changes:
 libmysofa (1.0~dfsg0-1) unstable; urgency=medium
 .
   * Upload to unstable.
 .
 libmysofa (1.0~dfsg0-1~exp1) experimental; urgency=medium
 .
   * New upstream version 1.0~dfsg0
     * Fixes CVE-2020-6860 (Closes: #949325)
     * Bump soname to libmysofa1
     * Regenerate d/copyright_hints
   * Add salsa CI configuration
   * Bump standards-version to 4.5.0
Checksums-Sha1:
 aed77eb0051dfd44eb9ea516c0249e906da23c92 2318 libmysofa_1.0~dfsg0-1.dsc
 2599e6b63bdc07f390d38a1c86d3c235284fc4a8 15292 libmysofa_1.0~dfsg0-1.debian.tar.xz
Checksums-Sha256:
 2e4ae110a3ecb90ddb34224345ee5ddfc890649ffb42027dc4470090a7a58d83 2318 libmysofa_1.0~dfsg0-1.dsc
 9871ba69864f753e5ad2c69cef1236c6043213a24fc8e6259819c0d46c16d6fe 15292 libmysofa_1.0~dfsg0-1.debian.tar.xz
Files:
 ea62835c0418027932e48d9b0096e362 2318 devel optional libmysofa_1.0~dfsg0-1.dsc
 5d0909df4e5bbe9ca4febad5c015a9a1 15292 devel optional libmysofa_1.0~dfsg0-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQJKBAEBCAA0FiEEdAXnRVdICXNIABVttlAZxH96NvgFAl5BxXYWHGZvcnVtQHVt
bGFldXRlLm11ci5hdAAKCRC2UBnEf3o2+NwYD/oCoO1cQUnNdbxuo46LAEakwZHn
Eh2HHqxadl9OJG/bVsra1i3FHwaaTVaU2p5wy6KEta8wSqJHLlHixpUpYp4+AtQN
vh14Kp33/TzNcY/JAKglcmMMQkmvvAaPeisVeHHVhdd0kYACD/txFMhg5y0dK5gz
x6oK4Bh7n3j+woYVrRC956Qp5KMv8y7XpZEJdTWi23F241ElrqYpY3zFFjl8HOeU
cNOZRD26eLElc75IV0CoQ/OxTzm6oN5S4sn0hpI79UCLllKW/hmBSOhne2f1MQc+
O1uE43yFhdjbmbc6AxL3MSuVapKXiG1hDJnNIoqoTd+sAFsgFs95RyWlt3iSq9tC
OywQoNjmPWBqGMT836EHH52zMTyqcwwxXrR6shE4h/MGkg7iCU/RI+JgY+MQJuBS
2UZVyka1py+zoedDFNDUf7LFD2k9Ar2WYGmsnxSKPMqcGH6e3WUtENpwxay40OWX
j/xRhCBj5/DuKQ0+F5nedV27lsPZWlwDZwSU/bB/DnJQt9MUBzsGRzY8ppejy0VM
jHKIh97t0uavZKAE4GiJD4V0lfAdtjJRTOQZ9qwvGbq+821PW7gHfkNsAptiWE3W
BynJfI4cIcrdjDroHV/ro8UeIisRWqIeTKG5PKXsZ5hm6RTQPC4O4Cap1xHT9QpD
aYng0wxxc7tTKtbEQQ==
=X9OS
-----END PGP SIGNATURE-----

--- End Message ---