From: owner@bugs.debian.org 
  
 This is a multi-part message in MIME format... 
  
 Your message dated Mon, 25 Aug 2025 14:32:28 +0000 
 with message-id  
 and subject line Bug#1092774: fixed in libfcgi 2.4.2-2+deb12u1 
 has caused the Debian Bug report #1092774, 
 regarding libfcgi: CVE-2025-23016 
 to be marked as done. 
  
 This means that you claim that the problem has been dealt with. 
 If this is not the case it is now your responsibility to reopen the 
 Bug report if necessary, and/or fix the problem forthwith. 
  
 (NB: If you are a system administrator and have no idea what this 
 message is talking about, this may indicate a serious mail system 
 misconfiguration somewhere. Please contact owner@bugs.debian.org 
 immediately.) 
  
  
 -- 
 1092774: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1092774 
 Debian Bug Tracking System 
 Contact owner@bugs.debian.org with problems 
  
 Received: (at submit) by bugs.debian.org; 11 Jan 2025 14:00:50 +0000 
 X-Spam-Checker-Version: SpamAssassin 3.4.6-bugs.debian.org_2005_01_02 
  (2021-04-09) on buxtehude.debian.org 
 X-Spam-Level: 
 X-Spam-Status: No, score=-8.6 required=4.0 tests=BAYES_00,FROMDEVELOPER, 
  KHOP_HELO_FCRDNS,RDNS_DYNAMIC,SPF_HELO_NONE,SPF_NONE,XMAILER_REPORTBUG 
  autolearn=ham autolearn_force=no 
  version=3.4.6-bugs.debian.org_2005_01_02 
 X-Spam-Bayes: score:0.0000 Tokens: new, 26; hammy, 144; neutral, 35; spammy, 
  1. spammytokens:0.944-+--H*r:bugs.debian.org 
  hammytokens:0.000-+--H*F:U*carnil, 0.000-+--XDebbugsCc, 
  0.000-+--X-Debbugs-Cc, 0.000-+--H*M:reportbug, 0.000-+--H*MI:reportbug 
 Return-path:  
 Received: from c-82-192-242-114.customer.ggaweb.ch ([82.192.242.114]:33314 
 helo=eldamar.lan) 
  by buxtehude.debian.org with esmtp (Exim 4.94.2) 
  (envelope-from ) 
  id 1tWc2i-00AlCl-SS 
  for submit@bugs.debian.org; Sat, 11 Jan 2025 14:00:50 +0000 
 Content-Type: text/plain; charset="us-ascii" 
 MIME-Version: 1.0 
 Content-Transfer-Encoding: 7bit 
 From: Salvatore Bonaccorso  
 To: Debian Bug Tracking System  
 Subject: libfcgi: CVE-2025-23016 
 Message-ID: <173660404550.3161304.8854361601592022845.reportbug@eldamar.lan> 
 X-Mailer: reportbug 13.0.2 
 Date: Sat, 11 Jan 2025 15:00:45 +0100 
 Delivered-To: submit@bugs.debian.org 
  
 Source: libfcgi 
 Version: 2.4.2-2.1 
 Severity: grave 
 Tags: security upstream 
 Forwarded: https://github.com/FastCGI-Archives/fcgi2/issues/67 
 X-Debbugs-Cc: carnil@debian.org, Debian Security Team  
 Control: found -1 2.4.2-2 
  
 Hi, 
  
 The following vulnerability was published for libfcgi. 
  
 CVE-2025-23016[0]: 
 | FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow 
 | (and resultant heap-based buffer overflow) via crafted nameLen or 
 | valueLen values in data to the IPC socket. This occurs in ReadParams 
 | in fcgiapp.c. 
  
  
 If you fix the vulnerability please also make sure to include the 
 CVE (Common Vulnerabilities & Exposures) id in your changelog entry. 
  
 For further information see: 
  
 [0] https://security-tracker.debian.org/tracker/CVE-2025-23016 
     https://www.cve.org/CVERecord?id=CVE-2025-23016 
 [1] https://github.com/FastCGI-Archives/fcgi2/issues/67 
  
 Regards, 
 Salvatore 
  
 Received: (at 1092774-close) by bugs.debian.org; 25 Aug 2025 14:32:31 +0000 
 X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02 
  (2024-03-25) on buxtehude.debian.org 
 X-Spam-Level: 
 X-Spam-Status: No, score=-113.1 required=4.0 tests=BAYES_00,DKIM_SIGNED, 
  DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FVGT_m_MULTI_ODD,HAS_BUG_NUMBER, 
  MD5_SHA1_SUM,PGPSIGNATURE,RCVD_IN_DNSWL_MED,SPF_HELO_PASS,SPF_NONE, 
  USER_IN_DKIM_WELCOMELIST autolearn=ham autolearn_force=no 
  version=4.0.1-bugs.debian.org_2005_01_02 
 X-Spam-Bayes: score:0.0000 Tokens: new, 73; hammy, 150; neutral, 124; 
 spammy, 
  0. spammytokens: hammytokens:0.000-+--HX-Debian:DAK, 
  0.000-+--H*rp:D*ftp-master.debian.org, 0.000-+--UD:debian.tar.xz, 
  0.000-+--H*RU:sk:fasolo., 0.000-+--H*r:sk:fasolo. 
 Return-path:  
 Received: from mitropoulos.debian.org ([2001:648:2ffc:deb:216:61 
 f:fe9d:958d]:43792) 
  by buxtehude.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RS 
 _PSS_RSAE_SHA256__AES_256_GCM:256) 
  (Exim 4.96) 
  (envelope-from ) 
  id 1uqYFL-00EdVd-28 
  for 1092774-close@bugs.debian.org; 
  Mon, 25 Aug 2025 14:32:31 +0000 
 Received: from [192.91.235.231] (port=45212 helo=fasolo.debian.org) 
  from C=NA,ST=NA,L=Ankh Morpork,O=Debian SMTP,OU=Debian SMTP CA, 
 N=fasolo.debian.org,EMAIL=hostmaster@fasolo.debian.org (verified) 
  by mitropoulos.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__ 
 SA_PSS_RSAE_SHA256__AES_256_GCM:256) 
  (Exim 4.94.2) 
  (envelope-from ) 
  id 1uqYFJ-00HJTZ-Rc 
  for 1092774-close@bugs.debian.org; Mon, 25 Aug 2025 14:32:29 +0000 
 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; 
  d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Content-Type: 
  Subject:MIME-Version:To:Reply-To:From:Cc:Content-Transfer-Encoding:Content- 
 ID 
  :Content-Description:In-Reply-To:References; 
  bh=UENHjqTK1rzP3T3yqJcbzm6guzw4FF9LDddDOTuWke4=; b 
 =flhox8a9FP+7+285aKLLjyJQ/q 
  6mIQvAjVGBdekqsrE/Lp866qoVu3iUGMoStFdL6puoLhPKzG+5 
 WGj03cxDwqb5GijujcPaQS0dAd6 
  Tf3yQNwV0Itz2bpnqSYi4M0iccZVdBCy3tZoTbFIUp4XbdETwr 
 HIXrNRUcJIxGgVevLAtWDVKobNB 
  yPlncnMIrUTmChB0Mq20BFQ6MQ4NCHKmUzDg1zr4LwO2/Ka36u 
 RChjE72lXzEZBsWG0eQmeLlm6QV 
  U8rNZ3IOTzCIGuyrP7kCY0yziW87/QqlC4WfFBHLCzonU0UAC4 
 ycexdPmK3xgYqHYrqmbUgdll3cq 
  cZ6/AGUg==; 
 Received: from dak by fasolo.debian.org with local (Exim 4.96) 
  (envelope-from ) 
  id 1uqYFI-00Fg35-2D; 
  Mon, 25 Aug 2025 14:32:28 +0000 
 From: Debian FTP Masters  
  
 [continued in next message] 
  
 --- SoupGate-Win32 v1.05 
  * Origin: you cannot sedate... all the things you hate (1:229/2)