[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1037208: marked as done (renderdoc: CVE-2023-33863 CVE-2023-33864 CVE-2023-33865)



Your message dated Mon, 09 Dec 2024 12:32:09 +0000
with message-id <E1tKcvp-000hoA-Gf@fasolo.debian.org>
and subject line Bug#1037208: fixed in renderdoc 1.24+dfsg-1+deb12u1
has caused the Debian Bug report #1037208,
regarding renderdoc: CVE-2023-33863 CVE-2023-33864 CVE-2023-33865
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1037208: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037208
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Source: renderdoc
Version: 1.24+dfsg-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerabilities were published for renderdoc.

CVE-2023-33863[0]:
| integer overflow to heap-based buffer overflow


CVE-2023-33864[1]:
| integer underflow to heap-based buffer overflow


CVE-2023-33865[2]:
| symlink vulnerability in /tmp/RenderDoc


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-33863
    https://www.cve.org/CVERecord?id=CVE-2023-33863
[1] https://security-tracker.debian.org/tracker/CVE-2023-33864
    https://www.cve.org/CVERecord?id=CVE-2023-33864
[2] https://security-tracker.debian.org/tracker/CVE-2023-33865
    https://www.cve.org/CVERecord?id=CVE-2023-33865

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: renderdoc
Source-Version: 1.24+dfsg-1+deb12u1
Done: Adrian Bunk <bunk@debian.org>

We believe that the bug you reported is fixed in the latest version of
renderdoc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1037208@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adrian Bunk <bunk@debian.org> (supplier of updated renderdoc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 08 Dec 2024 14:42:02 +0200
Source: renderdoc
Architecture: source
Version: 1.24+dfsg-1+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Adrian Bunk <bunk@debian.org>
Closes: 1037208
Changes:
 renderdoc (1.24+dfsg-1+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2023-33863: integer overflow
   * CVE-2023-33864: integer overflow
   * CVE-2023-33865: symlink attack
   * Closes: #1037208
Checksums-Sha1:
 8ba2c1fce5de41ce6db8409294c24f7935b7ef6b 3154 renderdoc_1.24+dfsg-1+deb12u1.dsc
 b8c69d3a88ec9c189e46d271b6e0daf7673d9500 2594176 renderdoc_1.24+dfsg.orig-swig.tar.xz
 8b85c04e757b5f21bebf27962201e8c2c9cf7959 8923700 renderdoc_1.24+dfsg.orig.tar.xz
 7f41c3352e7bcdbe660a268438e485d514af266b 26816 renderdoc_1.24+dfsg-1+deb12u1.debian.tar.xz
Checksums-Sha256:
 7947c39a6d44cb17f3864c11bdc944e4a435538387e6ce1af6cdbb1c887f11ac 3154 renderdoc_1.24+dfsg-1+deb12u1.dsc
 42e6b6f234c0a125193992700995b5090848ee408a43f4a8edfcdf7b2913145b 2594176 renderdoc_1.24+dfsg.orig-swig.tar.xz
 1ac578b5cdfadea690e1e4e6bfb2295742824259dd1f75be4a750ecc9599ece8 8923700 renderdoc_1.24+dfsg.orig.tar.xz
 e2330de87c46b4a305b3ee74d162dfca569903306af21ee08f2484e684080d7f 26816 renderdoc_1.24+dfsg-1+deb12u1.debian.tar.xz
Files:
 733bedaa1002e8271afb9a9decfa434d 3154 graphics optional renderdoc_1.24+dfsg-1+deb12u1.dsc
 6c86105842cd3a6aa24eb80a4959391d 2594176 graphics optional renderdoc_1.24+dfsg.orig-swig.tar.xz
 cac3f6a0af5e6cb31defc4bee4127fce 8923700 graphics optional renderdoc_1.24+dfsg.orig.tar.xz
 51f139ef086ad75359cad4e49b50e4ea 26816 graphics optional renderdoc_1.24+dfsg-1+deb12u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmdV1CkACgkQiNJCh6LY
mLFcbBAAp2e3smR7T0SdXqGdYqtN23t9Jrawbg6hm90GWKahfqei4QSAMlD3rR61
GhEeCAkMusAV5ubNFAb5hkYK5pZ9YenalRHKHUJ6xze+M7ka8+KseNhhRkqsfVNg
4ddm4c/Au+Vn19W5yZKDlLNCqassmUVIpuBZzlwlErxCXHRUQcro64GAF7ZMRlyD
1rn3aHUYJgdYvd/dKJhc6de92Qf42cqJvNZm2R5XXPOIZxIyZv6wwxDiEKyUqrlU
LkPCl6zvMFeSkQ1SNsCtAcTaS1/sZwvDEMdiZOOG4I1CATQr6KlbPK/JANqYknLg
ABJMmb+Ok1TZKDub6qD0wrzvaI+2ikXKM0Pco1J5fYD+A5G1g1K7TWlsZXEfJegl
6zphiLSlZKZx+wiD3J+a1IRksNfSvb8a3bkRHrWA42oIhG6ERywu/SvfzA0jVZy6
cLs0a4rcLT5OYOOrNAe+B6AyI8vBMzNp/z0NU6Tk9kdI9w9txABMsaVtd703Ta/B
g2Be/Pi9UCf6uOBOH50yPavPvmt1cUIKmhMLflE/sSN6jypJ6uT/NjNuxdjUs5/D
zSK6AVVtuOomHPAZ585Qo/qqRgptxKxu/fusUrVvIuZS6oEqGeuX0AKkCyykImLg
Kq7vxdC3u1EMEavlUFhPeM6HbEqg75HCw7khwt872z/92DiEtxU=
=Q9ZX
-----END PGP SIGNATURE-----

Attachment: pgp6W0NlBBZPk.pgp
Description: PGP signature


--- End Message ---

Reply to: