[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#933996: marked as done (brandy: CVE-2019-14665 CVE-2019-14663 CVE-2019-14662)

Your message dated Fri, 18 Feb 2022 22:34:09 +0000
with message-id <E1nLBpJ-000Cmc-Cg@fasolo.debian.org>
and subject line Bug#933996: fixed in brandy 1.22.13-1
has caused the Debian Bug report #933996,
regarding brandy: CVE-2019-14665 CVE-2019-14663 CVE-2019-14662
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
933996: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933996
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: brandy
Version: 1.20.1-1
Severity: important
Tags: security upstream

Hi,

The following vulnerabilities were published for brandy.

CVE-2019-14665[0]:
| Brandy 1.20.1 has a heap-based buffer overflow in define_array in
| variables.c via crafted BASIC source code.


CVE-2019-14663[1]:
| Brandy 1.20.1 has a stack-based buffer overflow in fileio_openin in
| fileio.c via crafted BASIC source code.


CVE-2019-14662[2]:
| Brandy 1.20.1 has a stack-based buffer overflow in fileio_openout in
| fileio.c via crafted BASIC source code.


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-14665
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14665
[1] https://security-tracker.debian.org/tracker/CVE-2019-14663
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14663
[2] https://security-tracker.debian.org/tracker/CVE-2019-14662
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14662

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: brandy
Source-Version: 1.22.13-1
Done: Stephen Kitt <skitt@debian.org>

We believe that the bug you reported is fixed in the latest version of
brandy, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 933996@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Stephen Kitt <skitt@debian.org> (supplier of updated brandy package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 18 Feb 2022 23:08:48 +0100
Source: brandy
Architecture: source
Version: 1.22.13-1
Distribution: unstable
Urgency: medium
Maintainer: Stephen Kitt <skitt@debian.org>
Changed-By: Stephen Kitt <skitt@debian.org>
Closes: 933996 990610
Changes:
 brandy (1.22.13-1) unstable; urgency=medium
 .
   * Switch to Matrix Brandy. This fork features many improvements over the
     abandoned Brandy; it notably fixes CVE-2019-14662, CVE-2019-14663, and
     CVE-2019-14665. Closes: #933996.
   * Adopt the package. Closes: #990610.
   * Drop debian/dirs which is now obsolete.
   * Install the project history as the upstream changelog.
   * Update debian/copyright using information provided by Nicolas
     Boulenguez.
Checksums-Sha1:
 015d11b61d9fb3d347847758e10aa63f60f4fde5 1841 brandy_1.22.13-1.dsc
 746e89e86a3692878418e74d293bd94e6a1bf25c 611150 brandy_1.22.13.orig.tar.gz
 5522e9dfda854231845883eb4e94fcec60b4b74d 5532 brandy_1.22.13-1.debian.tar.xz
 84d01428d9057e16a18481c5e467ff9f340461b7 10491 brandy_1.22.13-1_source.buildinfo
Checksums-Sha256:
 55a26f2f311431998ef691c356c2ac6734fab91a7ebc0df0e87a12eaaec22da3 1841 brandy_1.22.13-1.dsc
 eaafdf9e89cc715e38f96f9fb6786e9be62756db6bc92640973fe36a09018288 611150 brandy_1.22.13.orig.tar.gz
 915c8ab8291c45ad4a956d4f9730c80df646da9fdb9cd7cec7f4d70d5e53ccac 5532 brandy_1.22.13-1.debian.tar.xz
 8ed51bc8dc19819093a0923313c61ce0d98f61895294df11b6f4297c9929b3a1 10491 brandy_1.22.13-1_source.buildinfo
Files:
 20b696c55d70c47bdb4e5ca7df976a18 1841 interpreters optional brandy_1.22.13-1.dsc
 53348b6671c02440f03270688ca0b142 611150 interpreters optional brandy_1.22.13.orig.tar.gz
 3f98f5ab8d0b2b0d60f54b7a46eb8c61 5532 interpreters optional brandy_1.22.13-1.debian.tar.xz
 4a9fa236d8162c5b769dd722b4d8cd09 10491 interpreters optional brandy_1.22.13-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEnPVX/hPLkMoq7x0ggNMC9Yhtg5wFAmIQGw8ACgkQgNMC9Yht
g5wFsw/+LwkGmxYzw2FpQ6ftX4GNp/rUa/fflow2p0FBGyUMUmFYXa77O/caBu1q
I2UZCmPSOynTAIH3drK7C/AeVJYPPgJySjjSLwVvFZ5Qjg8ZkGAYULKWmynE6LES
Zt4kKpod4t1Tj5YV1wEU6rQFUBU/3gjzqS8ENdURCTttRsFR8azQliXFKm9cLeYb
NUbTnPgBHvQnvwCj9fZ/JAOu3Lxy7BUacsqgzg08j2lUIRbfrqPfLWm/wZmLiN7L
aWpa8gz8kIDgmNwj7H8PQJ/mcEMA65vMb97fvPbD+wT82khY5uR4fX8SvQokwmmz
I9V6ou2opud5UkAovJM86nGwoU7NCbQ4CPxt08IF9UQjpZrR9GpwAQ/Ob+D39ziT
FnBHv0DWc4wP/aEhyyjL01laFbPE5D1ZdTuN1lF8OnMczbWuQIjMJPMHeDdF5Yok
yl6AkTK/XN5k1+iIPI53CWY+5bW/jVxuVX+2+FDKUz/i8KmFC9TLXftVpyeclTbS
BDbCbOowi0RXe6b6Bqhn7A1QBW3N+U0a+5Q96uxGFyyAtG73nn9969cgdH+43vSu
WeGdxYdoIc6xd/BwTB6NuNGNhF6r/SUwPiCDcnKiJBy2cW9XAD4deAQXp8FUyKCp
yNr3pJaiKBK57mZepKcKdL/iybtKmuM49AQHx2zA/fUQjzihGSQ=
=NHI3
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: