Your message dated Mon, 09 Dec 2024 12:32:09 +0000 with message-id <E1tKcvp-000hoA-Gf@fasolo.debian.org> and subject line Bug#1037208: fixed in renderdoc 1.24+dfsg-1+deb12u1 has caused the Debian Bug report #1037208, regarding renderdoc: CVE-2023-33863 CVE-2023-33864 CVE-2023-33865 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 1037208: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037208 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: renderdoc: CVE-2023-33863 CVE-2023-33864 CVE-2023-33865
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Wed, 07 Jun 2023 20:56:32 +0200
- Message-id: <168616419233.1642790.1904456516180698414.reportbug@eldamar.lan>
Source: renderdoc Version: 1.24+dfsg-1 Severity: important Tags: security upstream X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org> Hi, The following vulnerabilities were published for renderdoc. CVE-2023-33863[0]: | integer overflow to heap-based buffer overflow CVE-2023-33864[1]: | integer underflow to heap-based buffer overflow CVE-2023-33865[2]: | symlink vulnerability in /tmp/RenderDoc If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-33863 https://www.cve.org/CVERecord?id=CVE-2023-33863 [1] https://security-tracker.debian.org/tracker/CVE-2023-33864 https://www.cve.org/CVERecord?id=CVE-2023-33864 [2] https://security-tracker.debian.org/tracker/CVE-2023-33865 https://www.cve.org/CVERecord?id=CVE-2023-33865 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---
- To: 1037208-close@bugs.debian.org
- Subject: Bug#1037208: fixed in renderdoc 1.24+dfsg-1+deb12u1
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Mon, 09 Dec 2024 12:32:09 +0000
- Message-id: <E1tKcvp-000hoA-Gf@fasolo.debian.org>
- Reply-to: Adrian Bunk <bunk@debian.org>
Source: renderdoc Source-Version: 1.24+dfsg-1+deb12u1 Done: Adrian Bunk <bunk@debian.org> We believe that the bug you reported is fixed in the latest version of renderdoc, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1037208@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Adrian Bunk <bunk@debian.org> (supplier of updated renderdoc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 08 Dec 2024 14:42:02 +0200 Source: renderdoc Architecture: source Version: 1.24+dfsg-1+deb12u1 Distribution: bookworm Urgency: medium Maintainer: Debian X Strike Force <debian-x@lists.debian.org> Changed-By: Adrian Bunk <bunk@debian.org> Closes: 1037208 Changes: renderdoc (1.24+dfsg-1+deb12u1) bookworm; urgency=medium . * Non-maintainer upload. * CVE-2023-33863: integer overflow * CVE-2023-33864: integer overflow * CVE-2023-33865: symlink attack * Closes: #1037208 Checksums-Sha1: 8ba2c1fce5de41ce6db8409294c24f7935b7ef6b 3154 renderdoc_1.24+dfsg-1+deb12u1.dsc b8c69d3a88ec9c189e46d271b6e0daf7673d9500 2594176 renderdoc_1.24+dfsg.orig-swig.tar.xz 8b85c04e757b5f21bebf27962201e8c2c9cf7959 8923700 renderdoc_1.24+dfsg.orig.tar.xz 7f41c3352e7bcdbe660a268438e485d514af266b 26816 renderdoc_1.24+dfsg-1+deb12u1.debian.tar.xz Checksums-Sha256: 7947c39a6d44cb17f3864c11bdc944e4a435538387e6ce1af6cdbb1c887f11ac 3154 renderdoc_1.24+dfsg-1+deb12u1.dsc 42e6b6f234c0a125193992700995b5090848ee408a43f4a8edfcdf7b2913145b 2594176 renderdoc_1.24+dfsg.orig-swig.tar.xz 1ac578b5cdfadea690e1e4e6bfb2295742824259dd1f75be4a750ecc9599ece8 8923700 renderdoc_1.24+dfsg.orig.tar.xz e2330de87c46b4a305b3ee74d162dfca569903306af21ee08f2484e684080d7f 26816 renderdoc_1.24+dfsg-1+deb12u1.debian.tar.xz Files: 733bedaa1002e8271afb9a9decfa434d 3154 graphics optional renderdoc_1.24+dfsg-1+deb12u1.dsc 6c86105842cd3a6aa24eb80a4959391d 2594176 graphics optional renderdoc_1.24+dfsg.orig-swig.tar.xz cac3f6a0af5e6cb31defc4bee4127fce 8923700 graphics optional renderdoc_1.24+dfsg.orig.tar.xz 51f139ef086ad75359cad4e49b50e4ea 26816 graphics optional renderdoc_1.24+dfsg-1+deb12u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmdV1CkACgkQiNJCh6LY mLFcbBAAp2e3smR7T0SdXqGdYqtN23t9Jrawbg6hm90GWKahfqei4QSAMlD3rR61 GhEeCAkMusAV5ubNFAb5hkYK5pZ9YenalRHKHUJ6xze+M7ka8+KseNhhRkqsfVNg 4ddm4c/Au+Vn19W5yZKDlLNCqassmUVIpuBZzlwlErxCXHRUQcro64GAF7ZMRlyD 1rn3aHUYJgdYvd/dKJhc6de92Qf42cqJvNZm2R5XXPOIZxIyZv6wwxDiEKyUqrlU LkPCl6zvMFeSkQ1SNsCtAcTaS1/sZwvDEMdiZOOG4I1CATQr6KlbPK/JANqYknLg ABJMmb+Ok1TZKDub6qD0wrzvaI+2ikXKM0Pco1J5fYD+A5G1g1K7TWlsZXEfJegl 6zphiLSlZKZx+wiD3J+a1IRksNfSvb8a3bkRHrWA42oIhG6ERywu/SvfzA0jVZy6 cLs0a4rcLT5OYOOrNAe+B6AyI8vBMzNp/z0NU6Tk9kdI9w9txABMsaVtd703Ta/B g2Be/Pi9UCf6uOBOH50yPavPvmt1cUIKmhMLflE/sSN6jypJ6uT/NjNuxdjUs5/D zSK6AVVtuOomHPAZ585Qo/qqRgptxKxu/fusUrVvIuZS6oEqGeuX0AKkCyykImLg Kq7vxdC3u1EMEavlUFhPeM6HbEqg75HCw7khwt872z/92DiEtxU= =Q9ZX -----END PGP SIGNATURE-----Attachment: pgp6W0NlBBZPk.pgp
Description: PGP signature
--- End Message ---