1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.RC

  • Bug#1067115: gross: CVE-2023-52159

    From Salvatore Bonaccorso@21:1/5 to All on Mon Mar 18 19:10:02 2024
    Source: gross
    Version: 1.0.2-4
    Severity: grave
    Tags: security upstream
    Justification: user security hole
    X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

    Hi,

    The following vulnerability was published for gross.

    CVE-2023-52159[0]:
    | A stack-based buffer overflow vulnerability in gross 0.9.3 through
    | 1.x before 1.0.4 allows remote attackers to trigger a denial of
    | service (grossd daemon crash) or potentially execute arbitrary code
    | in grossd via crafted SMTP transaction parameters that cause an
    | incorrect strncat for a log entry.


    If you fix the vulnerability please also make sure to include the
    CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

    For further information see:

    [0] https://security-tracker.debian.org/tracker/CVE-2023-52159
    https://www.cve.org/CVERecord?id=CVE-2023-52159
    [1] https://codeberg.org/bizdelnick/gross/wiki/Known-vulnerabilities#cve-2023-52159

    Regards,
    Salvatore

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Debian Bug Tracking System@21:1/5 to All on Sat Mar 23 22:50:01 2024
    Processing control commands:

    tags 1067115 + patch
    Bug #1067115 [src:gross] gross: CVE-2023-52159
    Added tag(s) patch.
    tags 1067115 + pending
    Bug #1067115 [src:gross] gross: CVE-2023-52159
    Added tag(s) pending.

    --
    1067115: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067115
    Debian Bug Tracking System
    Contact owner@bugs.debian.org with problems

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Debian Bug Tracking System@21:1/5 to All on Mon Mar 25 03:30:02 2024
    This is a multi-part message in MIME format...

    Your message dated Mon, 25 Mar 2024 01:27:41 +0000
    with message-id <E1roZ7l-00AcNp-UB@fasolo.debian.org>
    and subject line Bug#1067115: fixed in gross 1.0.2-4.1
    has caused the Debian Bug report #1067115,
    regarding gross: CVE-2023-52159
    to be marked as done.

    This means that you claim that the problem has been dealt with.
    If this is not the case it is now your responsibility to reopen the
    Bug report if necessary, and/or fix the problem forthwith.

    (NB: If you are a system administrator and have no idea what this
    message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org
    immediately.)


    --
    1067115: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067115
    Debian Bug Tracking System
    Contact owner@bugs.debian.org with problems

    Received: (at submit) by bugs.debian.org; 18 Mar 2024 17:59:29 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.6-bugs.debian.org_2005_01_02
    (2021-04-09) on buxtehude.debian.org
    X-Spam-Level:
    X-Spam-Status: No, score=-7.2 required=4.0 tests=BAYES_00,FOURLA,FROMDEVELOPER,
    HELO_LH_HOME,KHOP_HELO_FCRDNS,RDNS_DYNAMIC,SPF_HELO_NONE,SPF_NONE,
    T_SCC_BODY_TEXT_LINE,XMAILER_REPORTBUG autolearn=ham
    autolearn_force=no version=3.4.6-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 19; hammy, 149; neutral, 37; spammy,
    1. spammytokens:0.945-+--H*r:bugs.debian.org
    hammytokens:0.000-+--H*F:U*carnil, 0.000-+--X-Debbugs-Cc,
    0.000-+--XDebbugsCc, 0.000-+--H*M:reportbug, 0.000-+--H*MI:reportbug Return-path: <carnil@debian.org>
    Received: from c-82-192-242-114.customer.ggaweb.ch ([82.192.242.114]:58360 helo=eldamar.lan)
    by buxtehude.debian.org with
  • From Debian Bug Tracking System@21:1/5 to All on Sat Apr 6 09:52:12 2024
    This is a multi-part message in MIME format...

    Your message dated Tue, 02 Apr 2024 20:32:32 +0000
    with message-id <E1rrko4-001drb-RE@fasolo.debian.org>
    and subject line Bug#1067115: fixed in gross 1.0.2-4.1~deb11u1
    has caused the Debian Bug report #1067115,
    regarding gross: CVE-2023-52159
    to be marked as done.

    This means that you claim that the problem has been dealt with.
    If this is not the case it is now your responsibility to reopen the
    Bug report if necessary, and/or fix the problem forthwith.

    (NB: If you are a system administrator and have no idea what this
    message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org
    immediately.)


    --
    1067115: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067115
    Debian Bug Tracking System
    Contact owner@bugs.debian.org with problems

    Received: (at submit) by bugs.debian.org; 18 Mar 2024 17:59:29 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.6-bugs.debian.org_2005_01_02
    (2021-04-09) on buxtehude.debian.org
    X-Spam-Level:
    X-Spam-Status: No, score=-7.2 required=4.0 tests=BAYES_00,FOURLA,FROMDEVELOPER,
    HELO_LH_HOME,KHOP_HELO_FCRDNS,RDNS_DYNAMIC,SPF_HELO_NONE,SPF_NONE,
    T_SCC_BODY_TEXT_LINE,XMAILER_REPORTBUG autolearn=ham
    autolearn_force=no version=3.4.6-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 19; hammy, 149; neutral, 37; spammy,
    1. spammytokens:0.945-+--H*r:bugs.debian.org
    hammytokens:0.000-+--H*F:U*carnil, 0.000-+--X-Debbugs-Cc,
    0.000-+--XDebbugsCc, 0.000-+--H*M:reportbug, 0.000-+--H*MI:reportbug Return-path: <carnil@debian.org>
    Received: from c-82-192-242-114.customer.ggaweb.ch ([82.192.242.114]:58360 helo=eldamar.lan)
    by buxtehude.debian.org with