Bug#932556: marked as done (zipios++: CVE-2019-13453)

To: Francois Mazen <francois@mzf.fr>
Subject: Bug#932556: marked as done (zipios++: CVE-2019-13453)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sat, 05 Oct 2019 14:48:06 +0000
Message-id: <[🔎] handler.932556.D932556.157028669624074.ackdone@bugs.debian.org>
Reply-to: 932556@bugs.debian.org
References: <E1iGlIk-000AaC-Ez@fasolo.debian.org> <156363808676.7128.14023975581388069789.reportbug@eldamar.local>

Your message dated Sat, 05 Oct 2019 14:44:54 +0000
with message-id <E1iGlIk-000AaC-Ez@fasolo.debian.org>
and subject line Bug#932556: fixed in zipios++ 0.1.5.9+cvs.2007.04.28-11
has caused the Debian Bug report #932556,
regarding zipios++: CVE-2019-13453
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
932556: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932556
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: zipios++: CVE-2019-13453
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat, 20 Jul 2019 17:54:46 +0200
Message-id: <156363808676.7128.14023975581388069789.reportbug@eldamar.local>

Source: zipios++
Version: 0.1.5.9+cvs.2007.04.28-10
Severity: important
Tags: security upstream
Control: found -1 0.1.5.9+cvs.2007.04.28-6

Hi,

The following vulnerability was published for zipios++.

CVE-2019-13453[0]:
| Zipios before 0.1.7 does not properly handle certain malformed zip
| archives and can go into an infinite loop, causing a denial of
| service. This is related to zipheadio.h:readUint32() and
| zipfile.cpp:Zipfile::Zipfile().


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-13453
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13453
[1] https://sourceforge.net/p/zipios/news/2019/07/version-017-cve-/
[2] https://salvatoresecurity.com/fun-with-fuzzers-how-i-discovered-three-vulnerabilities-part-2-of-3/

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

To: 932556-close@bugs.debian.org
Subject: Bug#932556: fixed in zipios++ 0.1.5.9+cvs.2007.04.28-11
From: Francois Mazen <francois@mzf.fr>
Date: Sat, 05 Oct 2019 14:44:54 +0000
Message-id: <E1iGlIk-000AaC-Ez@fasolo.debian.org>

Source: zipios++
Source-Version: 0.1.5.9+cvs.2007.04.28-11

We believe that the bug you reported is fixed in the latest version of
zipios++, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 932556@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Francois Mazen <francois@mzf.fr> (supplier of updated zipios++ package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 05 Oct 2019 13:57:39 +0200
Source: zipios++
Architecture: source
Version: 0.1.5.9+cvs.2007.04.28-11
Distribution: unstable
Urgency: high
Maintainer: Francois Mazen <francois@mzf.fr>
Changed-By: Francois Mazen <francois@mzf.fr>
Closes: 834214 932556
Changes:
 zipios++ (0.1.5.9+cvs.2007.04.28-11) unstable; urgency=high
 .
   * New Maintainer (Closes: #834214)
   * fix CVE-2019-13453 (Closes: #932556)
Checksums-Sha1:
 621d050eee4003dfa80fae48e3eb10356202509a 2281 zipios++_0.1.5.9+cvs.2007.04.28-11.dsc
 58cddbda96a828290dda07b6646925777e18661b 7868 zipios++_0.1.5.9+cvs.2007.04.28-11.debian.tar.xz
Checksums-Sha256:
 66c8d14ebb4e0a24865e335f60b64b92fb07165e2da14bd2fb343d64d74af60d 2281 zipios++_0.1.5.9+cvs.2007.04.28-11.dsc
 a83772d8df266047d93896b1b0552607c546dc7b7d18ed76c74412f442a4a7e2 7868 zipios++_0.1.5.9+cvs.2007.04.28-11.debian.tar.xz
Files:
 707e06b6fb36e912ba3333ca89e94de3 2281 devel optional zipios++_0.1.5.9+cvs.2007.04.28-11.dsc
 9a52c5a3ab464a0579f55c07cfac3dfb 7868 devel optional zipios++_0.1.5.9+cvs.2007.04.28-11.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQJDBAEBCAAtFiEEZaEt9P4xrWusTXauM1X01jtYIcwFAl2Yo0oPHGJhcnRtQGtu
YXJzLmJlAAoJEDNV9NY7WCHMiMMQAI3HZIgDVCll5300++QhATGMwyf23CqoZrXk
/UHnCLHw+UBoXsZXTbqfoHOOOzFeMSr/SXsRIPffYaza7kvCd5Rpf0GWP8pidowu
JKZM1+0hYms7jJnlI3z93JspBg+iVMh2yX+KNmFg/FWSpAbQp5fLOgU5vHBHeCzD
Lg+yBEfJ5KJrEvp5Pj5yPe4legq5vojPThkByUz+vbrOBNEyOtyIvsdyF9ck05Oe
5VXU9AzBH2QnD+G/VcJhar0WjLWvw1WyhS8A+bO1GR52FONyZybcWJEotiEfotjV
lpuev98cchSS7P5rTDi0oJZvoRwZIF8O82hH7TkBgKKrqtGDXmdc8qLPjhwo5tmW
X8xHWQL6Q1bdJn9qcv4bN2EPqE9aIrE3BkFMbDJff3i/Aks3xfMZPZHL0mqE0RFQ
s5eFNOohsfrmsBvHCcgEN11XzOkb2r/cBq1DhPQd00t0C/61ddKsxKuhFEasKNUF
khkduBzUWFANoUfm21D04ENl9y0WnimWc5kFOLB2gRJ6l06jpS1Qz9H9cYOcxEEx
uDC4r6nioQL1TAgC35mAFc439fwdKG4XsvHHJog/jY1jWvNj6jim2+YYaX4Z8bct
QOg4i/zf6Si7HDZ0a63S7dQ/D0tr8v+iJMuIzwWbqoeAUyNJ/3GL9g9jqzElAMMd
XuCVvQr0
=I2xp
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Processed: tagging bugs as not affecting stable
Next by Date: Processed: tagging 937299
Previous by thread: Processed: tagging bugs as not affecting stable
Next by thread: Processed: tagging 937299
Index(es):
- Date
- Thread