Your message dated Thu, 20 Dec 2007 19:53:50 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#454133: fixed in pwlib 1.10.2-2+etch1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: pwlib
Version: 1.10.2-1
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for pwlib.
CVE-2007-4897[0]:
| pwlib, as used by Ekiga 2.0.5 and possibly other products, allows
| remote attackers to cause a denial of service (application crash) via
| a long argument to the PString::vsprintf function, related to a
| "memory management flaw". NOTE: this issue was originally reported as
| being in the SIPURL::GetHostAddress function in Ekiga (formerly
| GnomeMeeting).
If you fix this vulnerability please also include the CVE id
in your changelog entry.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4897
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgp6iCiI8gzyU.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: pwlib
Source-Version: 1.10.2-2+etch1
We believe that the bug you reported is fixed in the latest version of
pwlib, which is due to be installed in the Debian FTP archive:
libpt-1.10.0_1.10.2-2+etch1_i386.deb
to pool/main/p/pwlib/libpt-1.10.0_1.10.2-2+etch1_i386.deb
libpt-dbg_1.10.2-2+etch1_i386.deb
to pool/main/p/pwlib/libpt-dbg_1.10.2-2+etch1_i386.deb
libpt-dev_1.10.2-2+etch1_i386.deb
to pool/main/p/pwlib/libpt-dev_1.10.2-2+etch1_i386.deb
libpt-doc_1.10.2-2+etch1_all.deb
to pool/main/p/pwlib/libpt-doc_1.10.2-2+etch1_all.deb
libpt-plugins-alsa_1.10.2-2+etch1_i386.deb
to pool/main/p/pwlib/libpt-plugins-alsa_1.10.2-2+etch1_i386.deb
libpt-plugins-avc_1.10.2-2+etch1_i386.deb
to pool/main/p/pwlib/libpt-plugins-avc_1.10.2-2+etch1_i386.deb
libpt-plugins-dc_1.10.2-2+etch1_i386.deb
to pool/main/p/pwlib/libpt-plugins-dc_1.10.2-2+etch1_i386.deb
libpt-plugins-oss_1.10.2-2+etch1_i386.deb
to pool/main/p/pwlib/libpt-plugins-oss_1.10.2-2+etch1_i386.deb
libpt-plugins-v4l2_1.10.2-2+etch1_i386.deb
to pool/main/p/pwlib/libpt-plugins-v4l2_1.10.2-2+etch1_i386.deb
libpt-plugins-v4l_1.10.2-2+etch1_i386.deb
to pool/main/p/pwlib/libpt-plugins-v4l_1.10.2-2+etch1_i386.deb
pwlib_1.10.2-2+etch1.diff.gz
to pool/main/p/pwlib/pwlib_1.10.2-2+etch1.diff.gz
pwlib_1.10.2-2+etch1.dsc
to pool/main/p/pwlib/pwlib_1.10.2-2+etch1.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Kilian Krause <[EMAIL PROTECTED]> (supplier of updated pwlib package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 4 Dec 2007 12:20:23 +0100
Source: pwlib
Binary: libpt-plugins-v4l2 libpt-plugins-oss libpt-plugins-alsa libpt-1.10.0
libpt-plugins-dc libpt-dev libpt-plugins-v4l libpt-plugins-avc libpt-doc
libpt-dbg
Architecture: source i386 all
Version: 1.10.2-2+etch1
Distribution: proposed-updates
Urgency: high
Maintainer: Debian VoIP Team <[EMAIL PROTECTED]>
Changed-By: Kilian Krause <[EMAIL PROTECTED]>
Description:
libpt-1.10.0 - Portable Windows Library
libpt-dbg - Portable Windows Library development debug files
libpt-dev - Portable Windows Library development files
libpt-doc - Portable Windows Library documentation & sample files
libpt-plugins-alsa - Portable Windows Library Audio Plugin for the ALSA
Interface
libpt-plugins-avc - PWLib Video Plugin for IEEE1394 (FireWire) AVC devices
libpt-plugins-dc - PWLib Video Plugin for IEEE1394 (Firewire) DC Devices
libpt-plugins-oss - Portable Windows Library Audio Plugins for the OSS
Interface
libpt-plugins-v4l - Portable Windows Library Video Plugin for Video4Linux
libpt-plugins-v4l2 - Portable Windows Library Video Plugin for Video4Linux v2
Closes: 454133
Changes:
pwlib (1.10.2-2+etch1) proposed-updates; urgency=high
.
* Fix remote denial of service vulnerability caused
by a call to PString::vsprintf if the used object already
contained more than 1000 characters (CVE-2007-4897; Closes: #454133).
Files:
474274f23ff55e7431db60f452070b42 1326 libs optional pwlib_1.10.2-2+etch1.dsc
088667f020f5ca3935606517e059e5dd 21880 libs optional
pwlib_1.10.2-2+etch1.diff.gz
029bf796c89705bde5c72b2493cace03 1176660 libs optional
libpt-1.10.0_1.10.2-2+etch1_i386.deb
554dd0002ac3b5a674c581bda54e169c 2517044 libdevel optional
libpt-dev_1.10.2-2+etch1_i386.deb
bfcd8e5a6664a3657b040cbc400a3fe8 3614540 libdevel extra
libpt-dbg_1.10.2-2+etch1_i386.deb
c3c97ac7171df13a44a0bdfc449fbb42 56678 libs optional
libpt-plugins-v4l_1.10.2-2+etch1_i386.deb
83a0fec3a133af3f14a1b256942cb225 57420 libs optional
libpt-plugins-v4l2_1.10.2-2+etch1_i386.deb
db511085776868929d209ed845935d00 58970 libs optional
libpt-plugins-avc_1.10.2-2+etch1_i386.deb
892bb1607137082bd865dde05ddca93d 47814 libs optional
libpt-plugins-dc_1.10.2-2+etch1_i386.deb
e2f4fd52408630363bc8b77ffbf28aec 60702 libs optional
libpt-plugins-oss_1.10.2-2+etch1_i386.deb
d995849a759af3514c0d3de9d89a0152 55218 libs optional
libpt-plugins-alsa_1.10.2-2+etch1_i386.deb
62977717ce1c9d62c4bcb2fdfd3dd9ee 3123866 doc extra
libpt-doc_1.10.2-2+etch1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHVlxivdkzt4X+wX8RAqFNAJ96b2m3pQ+Aniyq4G+4UODCxqtz3wCfQHfC
TYYp8ClfDMoelNP3t+xPx7M=
=Iocf
-----END PGP SIGNATURE-----
--- End Message ---
