Your message dated Mon, 13 Apr 2009 05:17:05 +0000 with message-id <e1ltexz-0001vn...@ries.debian.org> and subject line Bug#515118: fixed in owl 2.2.2-1 has caused the Debian Bug report #515118, regarding CVE-2009-0363: multiple buffer overflows that can be remotely triggered to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 515118: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515118 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---package: owl Version: 2.1.11-2 severity: grave Tags: security Justification: cve-2009-0363 zwrite.c and zcrypt.c contain multiple buffer overflows in calls to sprintf that appear to be remotely exploitable. Please see the patch to barnowl 1.0.1-4 for a minimal set of changes that we think addresses this vulnerability. However there have been other related changes to barnowl and owl may well have more vulnerabilities in this area.
--- End Message ---
--- Begin Message ---Source: owl Source-Version: 2.2.2-1 We believe that the bug you reported is fixed in the latest version of owl, which is due to be installed in the Debian FTP archive: owl_2.2.2-1.diff.gz to pool/main/o/owl/owl_2.2.2-1.diff.gz owl_2.2.2-1.dsc to pool/main/o/owl/owl_2.2.2-1.dsc owl_2.2.2-1_i386.deb to pool/main/o/owl/owl_2.2.2-1_i386.deb owl_2.2.2.orig.tar.gz to pool/main/o/owl/owl_2.2.2.orig.tar.gz A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 515...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Mark W. Eichin <eic...@thok.org> (supplier of updated owl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Mon, 13 Apr 2009 00:53:12 -0400 Source: owl Binary: owl Architecture: source i386 Version: 2.2.2-1 Distribution: unstable Urgency: low Maintainer: Mark W. Eichin <eic...@thok.org> Changed-By: Mark W. Eichin <eic...@thok.org> Description: owl - A curses-based tty Zephyr client Closes: 515118 517019 Changes: owl (2.2.2-1) unstable; urgency=low . * New upstream release. The upstream author has become active again and has worked with the barnowl developers on security issues. (Closes: #515118) * configure.in, debian.control: barnowl updates via Sam Hartman eliminate retro libkrb4 and des425 dependencies. (Closes: #517019) * Do not link against libkrb4 or libkrb5; we use none of their symbols * Support openssl DES for zcrypt so that we continue to have zcrypt after libdes425 goes away Note: ditched the KerberosIV test entirely to force this version, allowing build/test on lenny. * zcrypt.c: use des.h again, so we get the openssl one above. * from unreleased 2.1.11-3: * debian/control: version debhelper depends (lintian package-lacks-versioned-build-depends-on-debhelper.) * debian/watch: New file. * debian/control: add libglib2.0-dev, per configure.in Checksums-Sha1: d5aea5824db4f2e218bcb94bba6a020b4ddaee8a 1310 owl_2.2.2-1.dsc c14f417ad47618f9cdd466b711a0bf9a5b2a8d33 456033 owl_2.2.2.orig.tar.gz 1d8a52316f5d180d60c52122fcd32587343aef18 11888 owl_2.2.2-1.diff.gz c34813a6a3e60772212bd4ec538e46ad8696df63 196512 owl_2.2.2-1_i386.deb Checksums-Sha256: 6624ef369111c03a7d6fb7b98abff3cb5daac02e4623dad2655dc45f73719ba6 1310 owl_2.2.2-1.dsc c8f207cfe61028b0425ced7a59b4b914e8010e340ca6d71c2d886a232657592a 456033 owl_2.2.2.orig.tar.gz 09f9bb56dc43c7a59b32834591a992270388ced7cb9419aac2802660ff9388f9 11888 owl_2.2.2-1.diff.gz 78926b03ec47d01e59e4264dd1183e37cf4b59db84404b9109620b861dd9ea08 196512 owl_2.2.2-1_i386.deb Files: d26aa18de8dcd7e9d5d7727712dc416b 1310 net optional owl_2.2.2-1.dsc 3c00374cb804464e188a35d41eaf63db 456033 net optional owl_2.2.2.orig.tar.gz 2bee31ed5573515eac934059c6e6b375 11888 net optional owl_2.2.2-1.diff.gz 47b61ce8374c2b7c608e385e711d59ef 196512 net optional owl_2.2.2-1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iQEVAwUBSeLGzOSzrr36rawlAQJq9Af/RzhtR6WV487w0uxXEtA/Sq6JqDv1o4o7 ZWSEYV6LImarC4P+c1ZwNg38bI6lVNega2j4k6z4fyrRfs+F0jFFHrFJz4clDYt6 vDI7SYj284JWH14Fiw1dk+1di0cCIezeyMCjgiLXH+mBoGo0h1FI4XslvkC1GH8G YntWJdCBddpNc0gbDtpnmy8ZmyidWNBT9zG9LwV8LTSSwNH67ioUahvcRE2+ZTuT H2X3Fqil/GXK0qEPbnYveVsfwzqbpXyuyUgkv0Jd3iT1iMtG/IM/8RJ6/slB30xT kNwwG07vBDBpWDEWQ/t7oH22p09VCzwRZ9H04gDlal3KOnPvANo6Kg== =DwUw -----END PGP SIGNATURE-----
--- End Message ---
