Your message dated Wed, 27 Nov 2024 20:27:54 +0100 with message-id <4ca4zhudqewwzagkgx5qxsrc5iuvfxqtak77ykaflzl4rjqexw@tarta.nabijaczleweli.xyz> and subject line Close: Bug#1084524: lifelines: Lifeline contains a code associated with CVE. has caused the Debian Bug report #1084524, regarding lifelines: Lifeline contains a code associated with CVE. to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 1084524: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084524 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: lifelines: Lifeline contains a code associated with CVE.
- From: Mariam Arutunian <mariamarutunian@gmail.com>
- Date: Mon, 07 Oct 2024 19:26:19 +0400
- Message-id: <172831477994.37687.9317059828572190088.reportbug@mariam-System-Product-Name>
Package: lifelines Version: 3.0.61 (latest) Severity: important X-Debbugs-Cc: mariamarutunian@gmail.com Dear Maintainer, A vulnerability identified as CVE-2018-21027 was discovered and fixed in Boa project with the following commit: https://github.com/gpg/boa/pull/1/commits/e139b87835994d007fbd64eead6c1455d7b8cf4e. Which amended the "scandir" function located in extras/scandir.c file. Lifeline project contains an identical "scandir" function in the src/arch/scandir.c file, which has not been fixed. Is is not fixed in version 3.0.62 either. -- System Information: Debian Release: trixie/sid APT prefers noble-updates APT policy: (500, 'noble-updates'), (500, 'noble-security'), (500, 'noble'), (500, 'bionic'), (100, 'noble-backports') Architecture: amd64 (x86_64) Kernel: Linux 6.8.0-45-generic (SMP w/20 CPU threads; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages lifelines depends on: ii libc6 2.39-0ubuntu8.3 ii libncursesw5 6.1-1ubuntu1 ii libncursesw6 6.4+20240113-1ubuntu2 ii libtinfo5 6.1-1ubuntu1 ii libtinfo6 6.4+20240113-1ubuntu2 lifelines recommends no packages. lifelines suggests no packages.
--- End Message ---
--- Begin Message ---
- To: 1084524-close@bugs.debian.org, control@bugs.debian.org
- Subject: Close: Bug#1084524: lifelines: Lifeline contains a code associated with CVE.
- From: наб <nabijaczleweli@nabijaczleweli.xyz>
- Date: Wed, 27 Nov 2024 20:27:54 +0100
- Message-id: <4ca4zhudqewwzagkgx5qxsrc5iuvfxqtak77ykaflzl4rjqexw@tarta.nabijaczleweli.xyz>
- Mail-followup-to: 1084524-close@bugs.debian.org, control@bugs.debian.org
- In-reply-to: <172831477994.37687.9317059828572190088.reportbug@mariam-System-Product-Name>
- References: <172831477994.37687.9317059828572190088.reportbug@mariam-System-Product-Name>
forwarded 1084524 https://github.com/lifelines/lifelines/pull/484 thanks Contains? sure, but this code is never built on Debian, so this bug has never affected lifelines in Debian. I forwarded this upstream on your behalf.Attachment: signature.asc
Description: PGP signature
--- End Message ---