Bug#567193: marked as done (include patch from DSA to fix integer underflow)

Sun, 16 May 2010 15:51:24 -0700 

Your message dated Sun, 16 May 2010 22:47:27 +0000
with message-id <[email protected]>
and subject line Bug#567193: fixed in oftc-hybrid 1.6.3.dfsg-1.1
has caused the Debian Bug report #567193,
regarding include patch from DSA to fix integer underflow
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
567193: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567193
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: oftc-hybrid
Severity: grave
Tags: security patch

Hi

Please include the patch from DSA-1980-1, which fixes an integer
underflow (patch attached).

Cheers
Steffen

--- ircd-hybrid-7.2.2.dfsg.2.orig/src/irc_string.c
+++ ircd-hybrid-7.2.2.dfsg.2/src/irc_string.c
@@ -103,7 +103,9 @@
     }
     else
       *d++ = *src;
-    ++src, --len;
+    if (len > 0) {
+       ++src, --len;
+    }
   }
   *d = '\0';
   return dest;

--- End Message ---
--- Begin Message --- 
Source: oftc-hybrid
Source-Version: 1.6.3.dfsg-1.1

We believe that the bug you reported is fixed in the latest version of
oftc-hybrid, which is due to be installed in the Debian FTP archive:

oftc-hybrid-doc_1.6.3.dfsg-1.1_all.deb
  to main/o/oftc-hybrid/oftc-hybrid-doc_1.6.3.dfsg-1.1_all.deb
oftc-hybrid-respond_1.6.3.dfsg-1.1_i386.deb
  to main/o/oftc-hybrid/oftc-hybrid-respond_1.6.3.dfsg-1.1_i386.deb
oftc-hybrid_1.6.3.dfsg-1.1.diff.gz
  to main/o/oftc-hybrid/oftc-hybrid_1.6.3.dfsg-1.1.diff.gz
oftc-hybrid_1.6.3.dfsg-1.1.dsc
  to main/o/oftc-hybrid/oftc-hybrid_1.6.3.dfsg-1.1.dsc
oftc-hybrid_1.6.3.dfsg-1.1_i386.deb
  to main/o/oftc-hybrid/oftc-hybrid_1.6.3.dfsg-1.1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Martijn van Brummelen <[email protected]> (supplier of updated oftc-hybrid 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 11 May 2010 20:18:12 +0200
Source: oftc-hybrid
Binary: oftc-hybrid oftc-hybrid-doc oftc-hybrid-respond
Architecture: source all i386
Version: 1.6.3.dfsg-1.1
Distribution: unstable
Urgency: low
Maintainer: Christoph Berg <[email protected]>
Changed-By: Martijn van Brummelen <[email protected]>
Description: 
 oftc-hybrid - Hybrid 7 IRC daemon - OFTC branch
 oftc-hybrid-doc - Documentation for oftc-hybrid
 oftc-hybrid-respond - respond binary for oftc-hybrid challenge oper 
authentication
Closes: 567193
Changes: 
 oftc-hybrid (1.6.3.dfsg-1.1) unstable; urgency=low
 .
   * Non-maintainer upload.
   * Added int_underflow.patch(thanks to Steffen Joeris)
     Fixes (DSA-1980-1)/(CVE-2009-4016) (Closes: #567193).
Checksums-Sha1: 
 523e052e50c1441ea35e6d2f365a671c7e6122a8 1753 oftc-hybrid_1.6.3.dfsg-1.1.dsc
 dcaaba92a06b8b35eed682937e60559a92977d0a 12065 
oftc-hybrid_1.6.3.dfsg-1.1.diff.gz
 ef805ac111e882188d0639bee241e2f25fc0525a 61516 
oftc-hybrid-doc_1.6.3.dfsg-1.1_all.deb
 05935c3d36c08e2d88453d3dcdc881f85acb0775 472674 
oftc-hybrid_1.6.3.dfsg-1.1_i386.deb
 d9ae4fd90d2a2660b75daa214016004c3a2fcd45 13276 
oftc-hybrid-respond_1.6.3.dfsg-1.1_i386.deb
Checksums-Sha256: 
 db299d6b75876b89352b011158cd154880e0baf6c7903acf77d741d34e614aa5 1753 
oftc-hybrid_1.6.3.dfsg-1.1.dsc
 30bc0e2d1f80e9bef890f15ba97d492905d69fe0459d10f4500f12f87ac29aef 12065 
oftc-hybrid_1.6.3.dfsg-1.1.diff.gz
 514d67bb08f6bbfc63ca5b916598125e5abcd62e7c384973003a66ec6570563a 61516 
oftc-hybrid-doc_1.6.3.dfsg-1.1_all.deb
 54d3a4fb375b1342f50b6122a810d2a1e3fbd722bf832ba580cda22f6ac78869 472674 
oftc-hybrid_1.6.3.dfsg-1.1_i386.deb
 68b573074c89eab86a6ac9f1c6c4f326d2b425a82a0d53011d9a32b189bebc1e 13276 
oftc-hybrid-respond_1.6.3.dfsg-1.1_i386.deb
Files: 
 f8ddb0cb62d05e3aff016fd28454d286 1753 net extra oftc-hybrid_1.6.3.dfsg-1.1.dsc
 685ef9d9b8447cf32507fc192b5841cc 12065 net extra 
oftc-hybrid_1.6.3.dfsg-1.1.diff.gz
 86780b6ff182773beeb89587797a3ca0 61516 doc extra 
oftc-hybrid-doc_1.6.3.dfsg-1.1_all.deb
 57dbdfb60dbc55e2b24bf03bc555e396 472674 net extra 
oftc-hybrid_1.6.3.dfsg-1.1_i386.deb
 bf51bfb94f4c43085cf585590d2cfe50 13276 net extra 
oftc-hybrid-respond_1.6.3.dfsg-1.1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCgAGBQJL8HIcAAoJEKv/7bJACMb5iL8P+gIBE3LkyqULpCcWBJjH4cXe
tbOsbdnrcokZuBdV/dJ5Wuxk2KhY83O271VAozzPJDebw06gklFVqW5c5jYmQOBQ
/MobYOM/KtXRIsz4OhLW77ZZrLkSi34lQz2VC90t3ndwNWTS1Hvr5DvCDaVyCnm6
tbq0e+fHb4FvxEc1IB1BKuuUJm/Tue3r5LunyXTf0nbJhPCcHMi+ilD9dPQ8QFaH
rgKr8QETjTyfUq0z/tnOT4gRox2YfHTanOfHOZmAe9Hzwpo83cszRfd3O+dMLzkM
RgbjPQ9ypPt4PNBwCaSwAv/auVJ7LMniFWogfIRw0+TnjxGJlfMgjIh8u+0p7Zxm
B/Kpw4RabP7LkBrO07asC2Ua8ppIFt0zfj7S4snfqjIpK2QJg+AxxWMO81Jc2a5U
UBfyqpzjS5hyI90qRzK8JQEVXI9iHGIUdbcgFIn/fBbzY2T5z4OG5uBf1g3ssogW
Xv50atl1nl2L+ZAe8NtNLkfE65GDSwKrIyFz9gvNnvMZNN9Waw1kXkCP5RHh4JSg
82YsWS0eZxpPoT8NMZn4CMAeCzJFcKQe6xvyFZaZONFIbMhoDRQI3XWHhZ8KFIgW
k8kAadSLgU5F0GVdDoPbdOfZNGmjHtHZw7w8VcWwf5mw0yJ5SmMzS0/SfjS0dIqF
MM7w/DLUtyrqfYSbL6qj
=hw22
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to