Bug#575785: marked as done (CVE-2010-1100: Integer overflow)

Tue, 06 Apr 2010 15:56:26 -0700 

Your message dated Tue, 6 Apr 2010 23:52:52 +0200
with message-id <20100406215252.ga13...@inutil.org>
and subject line Re: CVE-2010-1100: Integer overflow
has caused the Debian Bug report #575785,
regarding CVE-2010-1100: Integer overflow
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
575785: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575785
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: arora
Severity: serious
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for arora.

CVE-2010-1100[0]:
| Integer overflow in Arora allows remote attackers to bypass intended
| port restrictions on outbound TCP connections via a port number
| outside the range of the unsigned short data type, as demonstrated by
| a value of 65561 for TCP port 25.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1100
    http://security-tracker.debian.org/tracker/CVE-2010-1100


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkuwbKQACgkQNxpp46476arUYQCdHKwA4FyjQPdFOtam5iVjLmTi
5l0AnjFHG8wMJ4gRSbzGPuSNwTNeYBJF
=KsZy
-----END PGP SIGNATURE-----

--- End Message ---
--- Begin Message --- 
Giuseppe Iuculano wrote:
> Package: arora
> Severity: serious
> Tags: security
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi,
> the following CVE (Common Vulnerabilities & Exposures) id was
> published for arora.
> 
> CVE-2010-1100[0]:
> | Integer overflow in Arora allows remote attackers to bypass intended
> | port restrictions on outbound TCP connections via a port number
> | outside the range of the unsigned short data type, as demonstrated by
> | a value of 65561 for TCP port 25.

Arora is not affected, if you specify a port larger than 65535 QUrl::setPort
throws an "Out of range" exception.

Cheers,
        Moritz

--- End Message ---

Reply via email to