Your message dated Sat, 04 Jul 2009 13:54:28 +0000
with message-id <e1mn5he-0002lw...@ries.debian.org>
and subject line Bug#528778: fixed in eggdrop 1.6.19-1.1+lenny1
has caused the Debian Bug report #528778,
regarding eggdrop: incomplete patch for CVE-2007-2807
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
528778: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528778
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: eggdrop
Severity: grave
Tags: security
Justification: user security hole
Hi,
turns out my patch has a bug in it which opens this up for a
buffer overflow again in case strlen(ctcpbuf) returns 0:
http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/68341
Too bad noone noticed that before.
I am going to upload a 0-day NMU now to fix this.
debdiff available on:
http://people.debian.org/~nion/nmu-diff/eggdrop-1.6.19-1.1_1.6.19-1.2.patch
(includes the wrong bug number to close as I tried to reopen it fist but it
failed because it was already archived).
Cheers
Nico
--- End Message ---
--- Begin Message ---
Source: eggdrop
Source-Version: 1.6.19-1.1+lenny1
We believe that the bug you reported is fixed in the latest version of
eggdrop, which is due to be installed in the Debian FTP archive:
eggdrop-data_1.6.19-1.1+lenny1_all.deb
to pool/main/e/eggdrop/eggdrop-data_1.6.19-1.1+lenny1_all.deb
eggdrop_1.6.19-1.1+lenny1.diff.gz
to pool/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1.diff.gz
eggdrop_1.6.19-1.1+lenny1.dsc
to pool/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1.dsc
eggdrop_1.6.19-1.1+lenny1_i386.deb
to pool/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 528...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sebastien Delafond <s...@debian.org> (supplier of updated eggdrop package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 22 Jun 2009 12:54:48 +0200
Source: eggdrop
Binary: eggdrop eggdrop-data
Architecture: source all i386
Version: 1.6.19-1.1+lenny1
Distribution: stable-security
Urgency: medium
Maintainer: Guilherme de S. Pastore <gpast...@debian.org>
Changed-By: Sebastien Delafond <s...@debian.org>
Description:
eggdrop - Advanced IRC Robot
eggdrop-data - Architecture independent files for eggdrop
Closes: 528778
Changes:
eggdrop (1.6.19-1.1+lenny1) stable-security; urgency=medium
.
* Security: fix buffer overflow in case strlen(ctcpbuf) returns zero
(Closes: #528778).
Fixes: CVE-2007-2807
Checksums-Sha1:
708fb1b00bcd15562a9a854215f95ef7430996b8 1083 eggdrop_1.6.19-1.1+lenny1.dsc
74132ca6212a687457cb28c39fa111ae15032203 1033152 eggdrop_1.6.19.orig.tar.gz
4abb94aed90ab59a345292ffc9d88dd471a5dff8 17603
eggdrop_1.6.19-1.1+lenny1.diff.gz
e319d710b5fbfd6c4d1f2b3184fed0cfd4fdef8c 412066
eggdrop-data_1.6.19-1.1+lenny1_all.deb
30785a0a7b6a4dceb9f864d1c8c3da881d07149b 468618
eggdrop_1.6.19-1.1+lenny1_i386.deb
Checksums-Sha256:
7f5d92230ddbbc37d084b46133e34bd88916dab47b482d7029ef0b25be763a3b 1083
eggdrop_1.6.19-1.1+lenny1.dsc
868ff02cd9af2973f202f1abedcc7c88a936be645d3fe19fee64e0d02c6d2e6e 1033152
eggdrop_1.6.19.orig.tar.gz
84540808a69f47a0507bdf944704445e2a90d37b96927b1949b2746c83d6fe88 17603
eggdrop_1.6.19-1.1+lenny1.diff.gz
b61c2657060ae7082164897c8f162b15928ce924942da699ab09b4d27c560b5b 412066
eggdrop-data_1.6.19-1.1+lenny1_all.deb
758c57b93f6bdd24c0097dbe509f16c1bccdaba5c400281ce786741c8a7b25fd 468618
eggdrop_1.6.19-1.1+lenny1_i386.deb
Files:
0fbb3a99c0027705fd9459ff03fce710 1083 net extra eggdrop_1.6.19-1.1+lenny1.dsc
4d89a901e95f0f9937f4ffac783d55d8 1033152 net extra eggdrop_1.6.19.orig.tar.gz
73742e8b01487405d815296f5fb91a58 17603 net extra
eggdrop_1.6.19-1.1+lenny1.diff.gz
7e5a850e026fe53cfade4e6dd43948af 412066 net extra
eggdrop-data_1.6.19-1.1+lenny1_all.deb
1231dad4cd3f847298efd9c453ec7a67 468618 net extra
eggdrop_1.6.19-1.1+lenny1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkpHZBUACgkQiZgNKcDdyD+U+gCghm6MNv80BHHa2/QwrOvdUvVH
FIgAnRcMRq4JVXDhtR+rf3Uv3AX7RDEf
=oWCT
-----END PGP SIGNATURE-----
--- End Message ---
