Your message dated Tue, 19 Jul 2005 07:02:10 -0400
with message-id <[EMAIL PROTECTED]>
and subject line Bug#318970: fixed in ekg 1:1.5+20050718+1.6rc3-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 18 Jul 2005 22:56:06 +0000
>From [EMAIL PROTECTED] Mon Jul 18 15:56:06 2005
Return-path: <[EMAIL PROTECTED]>
Received: from starnet.skynet.com.pl (skynet.skynet.com.pl) [213.25.173.230]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1DueWs-00065q-00; Mon, 18 Jul 2005 15:56:06 -0700
Received: from gw4.bielsko.msk.pl ([81.219.223.245] helo=localhost)
by skynet.skynet.com.pl with asmtp (Exim 3.35 #1 (Debian))
id 1DueWk-0006vE-00
for <[EMAIL PROTECTED]>; Tue, 19 Jul 2005 00:55:58 +0200
Received: from porridge by localhost with local (Exim 4.52)
id 1DueWn-00078D-PI
for [EMAIL PROTECTED]; Tue, 19 Jul 2005 00:56:01 +0200
Date: Tue, 19 Jul 2005 00:56:01 +0200
From: Marcin Owsiany <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Integer overflow in libgadu
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.9i
X-Scanner: exiscan *1DueWk-0006vE-00*/PQlzAnd4xk*
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
RCVD_IN_SBLXBL,RCVD_IN_SBLXBL_CBL autolearn=no
version=2.60-bugs.debian.org_2005_01_02
Package: ekg
Version: 1.5+20050411-4
Severity: grave
Tags: pending, security
This is potentially a remote arbitrary code execution
http://cvs.toxygen.net/ekg/lib/libgadu.c.diff?r1=1.147&r2=1.148&f=u
http://cvs.toxygen.net/ekg/lib/events.c.diff?r1=1.95&r2=1.96&f=u
This is also present in versions in testing/sid (including
1.5+20050712+1.6rc2-1)
It is fixed upstream in 1.6rc3
I will prepare uploads now.
Marcin
--
Marcin Owsiany <[EMAIL PROTECTED]> http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216
---------------------------------------
Received: (at 318970-close) by bugs.debian.org; 19 Jul 2005 11:14:40 +0000
>From [EMAIL PROTECTED] Tue Jul 19 04:14:40 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1Duq3c-0004Bo-00; Tue, 19 Jul 2005 04:14:40 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1DuprW-0004hZ-00; Tue, 19 Jul 2005 07:02:10 -0400
From: Marcin Owsiany <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#318970: fixed in ekg 1:1.5+20050718+1.6rc3-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Tue, 19 Jul 2005 07:02:10 -0400
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Source: ekg
Source-Version: 1:1.5+20050718+1.6rc3-1
We believe that the bug you reported is fixed in the latest version of
ekg, which is due to be installed in the Debian FTP archive:
ekg_1.5+20050718+1.6rc3-1.diff.gz
to pool/main/e/ekg/ekg_1.5+20050718+1.6rc3-1.diff.gz
ekg_1.5+20050718+1.6rc3-1.dsc
to pool/main/e/ekg/ekg_1.5+20050718+1.6rc3-1.dsc
ekg_1.5+20050718+1.6rc3-1_i386.deb
to pool/main/e/ekg/ekg_1.5+20050718+1.6rc3-1_i386.deb
ekg_1.5+20050718+1.6rc3.orig.tar.gz
to pool/main/e/ekg/ekg_1.5+20050718+1.6rc3.orig.tar.gz
libgadu-dev_1.5+20050718+1.6rc3-1_i386.deb
to pool/main/e/ekg/libgadu-dev_1.5+20050718+1.6rc3-1_i386.deb
libgadu3_1.5+20050718+1.6rc3-1_i386.deb
to pool/main/e/ekg/libgadu3_1.5+20050718+1.6rc3-1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Marcin Owsiany <[EMAIL PROTECTED]> (supplier of updated ekg package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 19 Jul 2005 12:45:08 +0200
Source: ekg
Binary: ekg libgadu3 libgadu-dev
Architecture: source i386
Version: 1:1.5+20050718+1.6rc3-1
Distribution: unstable
Urgency: high
Maintainer: Marcin Owsiany <[EMAIL PROTECTED]>
Changed-By: Marcin Owsiany <[EMAIL PROTECTED]>
Description:
ekg - console Gadu Gadu client for UNIX systems
libgadu-dev - Gadu-Gadu protocol library - development files
libgadu3 - Gadu-Gadu protocol library - runtime files
Closes: 318970
Changes:
ekg (1:1.5+20050718+1.6rc3-1) unstable; urgency=high
.
* New upstream release candidate (1.6rc3)
* Among other things, contains security fix for integer overflow in libgadu
lib/events.c, lib/libgadu.c (CAN-2005-1852) Closes: #318970
Files:
65330379cdb7aa2dba272579ae4c0446 776 net optional ekg_1.5+20050718+1.6rc3-1.dsc
421b8874e4b1c16fd7a17f08bec9c3fc 501596 net optional
ekg_1.5+20050718+1.6rc3.orig.tar.gz
32cb40176c4572fdfc2b355d375dfcc2 33739 net optional
ekg_1.5+20050718+1.6rc3-1.diff.gz
b31eebbde4fe5db5f95c2c124c460393 271774 net optional
ekg_1.5+20050718+1.6rc3-1_i386.deb
efbb3edae2eb2ec8bd4f7de3dec59e62 126370 libdevel optional
libgadu-dev_1.5+20050718+1.6rc3-1_i386.deb
960f40d2aeaba1ce52a16eb47b7a723d 63520 libs optional
libgadu3_1.5+20050718+1.6rc3-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFC3NuEOg2KoGD0EhYRAvnfAJ4zQwwUM7DKh1qWrVsD5lRFg2r+ZACeO+eH
e3+uk9/ozrhXab1cYQqOFnY=
=H7JV
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
