Your message dated Fri, 28 Dec 2007 19:52:18 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#443913: fixed in inotify-tools 3.3-2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: inotify-tools
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for inotify-tools.
CVE-2007-5037[0]:
| Buffer overflow in the inotifytools_snprintf function in
| src/inotifytools.c in the inotify-tools library before 3.11 allows
| context-dependent attackers to execute arbitrary code via a long
| filename.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5037
Kind regards
Nico
--
Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpGxUT2428Ou.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: inotify-tools
Source-Version: 3.3-2
We believe that the bug you reported is fixed in the latest version of
inotify-tools, which is due to be installed in the Debian FTP archive:
inotify-tools_3.3-2.diff.gz
to pool/main/i/inotify-tools/inotify-tools_3.3-2.diff.gz
inotify-tools_3.3-2.dsc
to pool/main/i/inotify-tools/inotify-tools_3.3-2.dsc
inotify-tools_3.3-2_i386.deb
to pool/main/i/inotify-tools/inotify-tools_3.3-2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Peter Makholm <[EMAIL PROTECTED]> (supplier of updated inotify-tools package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 25 Sep 2007 08:18:02 +0200
Source: inotify-tools
Binary: inotify-tools
Architecture: source i386
Version: 3.3-2
Distribution: stable-security
Urgency: high
Maintainer: Peter Makholm <[EMAIL PROTECTED]>
Changed-By: Peter Makholm <[EMAIL PROTECTED]>
Description:
inotify-tools - command-line programs providing a simple interface to inotify
Closes: 443913
Changes:
inotify-tools (3.3-2) stable-security; urgency=high
.
* Fixes buffer overflow in inotifytools_snprintf (CVE-2007-5037)
by backporting changes from new upstream vesion (3.11)
(Closes: #443913)
Files:
883ee55627b7becb5a9ca1a2e569281b 624 misc optional inotify-tools_3.3-2.dsc
204ef6e0b855ec4315f4f13e2d3d1e1a 369780 misc optional
inotify-tools_3.3.orig.tar.gz
7bde9f27b0bb470a44d64b40b1e217e1 5311 misc optional inotify-tools_3.3-2.diff.gz
e462da2503c92d98510647fb0c1f44eb 78260 misc optional
inotify-tools_3.3-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHdEkXXm3vHE4uyloRAqH2AJ4y5sbLvWAH6M29kJaMuwIU5SOB1QCgoLmr
eWVuFWu5DL6s+rwXeuqf+kQ=
=j6f4
-----END PGP SIGNATURE-----
--- End Message ---
