Bug#908939: marked as done (gpp: CVE-2018-17076)
Your message dated Sat, 25 Jul 2020 10:48:39 +0000
with message-id <E1jzHjL-000FGZ-HY@fasolo.debian.org>
and subject line Bug#908939: fixed in gpp 2.26-1
has caused the Debian Bug report #908939,
regarding gpp: CVE-2018-17076
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
908939: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908939
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: gpp: CVE-2018-17076
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Sun, 16 Sep 2018 11:43:15 +0200
- Message-id: <153709099581.1635.15901117598760679275.reportbug@eldamar.local>
Source: gpp
Version: 2.24-3
Severity: normal
Tags: security upstream
Forwarded: https://github.com/logological/gpp/issues/26
Hi,
The following vulnerability was published for gpp.
CVE-2018-17076[0]:
| GPP through 2.25 will try to use more memory space than is available on
| the stack, leading to a segmentation fault or possibly unspecified
| other impact via a crafted file.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-17076
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17076
[1] https://github.com/logological/gpp/issues/26
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: gpp
Source-Version: 2.26-1
Done: Leandro Cunha <leandrocunha016@gmail.com>
We believe that the bug you reported is fixed in the latest version of
gpp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 908939@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Leandro Cunha <leandrocunha016@gmail.com> (supplier of updated gpp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 21 Jul 2020 14:22:12 -0300
Source: gpp
Architecture: source
Version: 2.26-1
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Leandro Cunha <leandrocunha016@gmail.com>
Closes: 908939
Changes:
gpp (2.26-1) unstable; urgency=medium
.
* QA upload.
* New upstream release:
- Fix stack overflow during parse (Closes: #908939, CVE-2018-17076).
* debian/copyright:
- Update file and add myself.
* debian/control:
- Update standards version to 4.5.0.
- Bump debhelper from old 12 to 13.
* Set upstream metadata all fields in debian/upstream/metadata.
* d/p/00-fix-spelling.patch: Drop patch applied upstream.
* Add debian/tests/control for autopkgtest.
* Add debian/salsa-ci.yml.
* Upload sponsored by Samuel Henrique <samueloph@debian.org>.
.
[ Automatic changes ]
* Bump debhelper from old 11 to 12.
* Re-export upstream signing key without extra signatures.
* Set upstream metadata fields: Bug-Submit.
Checksums-Sha1:
03dd35bfa7a44fa81db837940c5aabac7d802fe2 2018 gpp_2.26-1.dsc
2e5cb4e1ba64c6487275665b4a1892d023e77dab 139544 gpp_2.26.orig.tar.bz2
b74008d584a4be371fd713a8a87610b76647e097 833 gpp_2.26.orig.tar.bz2.asc
5f4ba257636eddd0ba8ecf66d813571abcfba3af 6880 gpp_2.26-1.debian.tar.xz
5c4f41673ff46e36a8f882cb00af4641ab51de08 5755 gpp_2.26-1_amd64.buildinfo
Checksums-Sha256:
4f44cf0ff181bf32563826f4d30db3fd414cef617d7ea3f8fb8dc33e8d9dfef8 2018 gpp_2.26-1.dsc
4176aa5e37be1c72cb8a90a371ecb2d3388c772814a34debe0ff581f2e1dccb3 139544 gpp_2.26.orig.tar.bz2
496525768f7dd7135b1db2d73c9adac7075e08c8bc53a68e0d106b907c2c61dd 833 gpp_2.26.orig.tar.bz2.asc
c39bcb14d5cb702d47ba5378a30d5b9cea16555c9c0f104cee10c787bc55e964 6880 gpp_2.26-1.debian.tar.xz
7ecbb2410b297d3c0051450dac2afb2ac73ade22c4edeb61b2efa0294d8738fa 5755 gpp_2.26-1_amd64.buildinfo
Files:
bd031467c3888885cc3c602cd5710f85 2018 devel optional gpp_2.26-1.dsc
55cc47da67900f1182d06dfb70b31aea 139544 devel optional gpp_2.26.orig.tar.bz2
37a8c70c4c09525b09919441a3a78733 833 devel optional gpp_2.26.orig.tar.bz2.asc
15f315b66a5020680307c66e493a8e13 6880 devel optional gpp_2.26-1.debian.tar.xz
ecba792e07c284d726203bd0703f923a 5755 devel optional gpp_2.26-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEBdtqg34QX0sdAsVfu6n6rcz7RwcFAl8cCfgACgkQu6n6rcz7
RweWfw/7BYy8opd+tfpdQDmxvafHTyk/1MbxX4ukty9qGtjOsZ0YpEet5z15yQjo
jQPfh+3aoHaBl81qhDkzagsS+o/1/56ENFgYlvSs6Le/NY05Ve5cIyjYcvhKW2aZ
X7JaIvQ4IyZueCtVf3792cDqwAJi44XanTqxa63ZKAw7MecFlHQoMsyBdxaeLqlX
qhGvJzDGUikGx9z/y4LClFcQrvaB2A+YZz2jfOe0RYZyrHyozsUePGxLPh60guDA
HgE3ZiQaElwO+8Xjn4EEDAosXKk4lsldS1G/9lsNZc0TntjbJoOYajkuCRaJ65WN
+sOlZWqxoTNdRd+LsY60ZmhxG8r57w2F1luM+gEABS70Z+YgbaoM2tQ01l3LS1r/
wU2KqwlCQU9iFyZebcjj+Aivdkk3kNO45js4QwXOEdHz/NtUM/754TFdnx1spPei
wiD9KfOUijXssW7JmMrI76z3lu3ZgqVkntAEbcgPSZkVAZpXh6eiFXKhXnMEpUk+
meNoFpYXyaEt2y/VLVlVFgG/4NZ4773cevRYYf+yWWjbn9OvM2xyzgNEy9PRD/Rf
+uVwonJsbRfMJdy6HlYhIrd67SuW2Kf6WLrkkeB7fUlWnsn/R+snr1zFZ1ZveEOl
WHJ0BFJtswzPYvL9Hq8GHDooR+CTE3q1RrGfR9l9+7v0bq2Rmc0=
=QjX3
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: