Bug#591443: marked as done (CVE-2010-2799: Stack overflow by lexical scanning of nested character patterns)

Debian Bug Tracking System Sat, 07 Aug 2010 01:00:21 -0700

Your message dated Sat, 07 Aug 2010 07:57:04 +0000
with message-id <[email protected]>
and subject line Bug#591443: fixed in socat 1.6.0.1-1+lenny1
has caused the Debian Bug report #591443,
regarding CVE-2010-2799: Stack overflow by lexical scanning of nested character 
patterns
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
591443: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=591443
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: socat
Severity: grave
Tags: security

This is CVE-2010-2799:
http://www.dest-unreach.org/socat/contrib/socat-secadv2.html

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages socat depends on:
ii  libc6                         2.11.2-2   Embedded GNU C Library: Shared lib
ii  libreadline5                  5.2-7      GNU readline and history libraries
ii  libssl0.9.8                   0.9.8o-1   SSL shared libraries
ii  libwrap0                      7.6.q-19   Wietse Venema's TCP wrappers libra

socat recommends no packages.

socat suggests no packages.

--- End Message ---

--- Begin Message ---

Source: socat
Source-Version: 1.6.0.1-1+lenny1

We believe that the bug you reported is fixed in the latest version of
socat, which is due to be installed in the Debian FTP archive:

socat_1.6.0.1-1+lenny1.diff.gz
  to main/s/socat/socat_1.6.0.1-1+lenny1.diff.gz
socat_1.6.0.1-1+lenny1.dsc
  to main/s/socat/socat_1.6.0.1-1+lenny1.dsc
socat_1.6.0.1-1+lenny1_i386.deb
  to main/s/socat/socat_1.6.0.1-1+lenny1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Luciano Bello <[email protected]> (supplier of updated socat package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 03 Aug 2010 18:21:01 -0300
Source: socat
Binary: socat
Architecture: source i386
Version: 1.6.0.1-1+lenny1
Distribution: stable-security
Urgency: high
Maintainer: Thomas Seyrat <[email protected]>
Changed-By: Luciano Bello <[email protected]>
Description: 
 socat      - multipurpose relay for bidirectional data transfer
Closes: 591443
Changes: 
 socat (1.6.0.1-1+lenny1) stable-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * CVE-2010-2799: Stack overflow by lexical scanning of nested character
     patterns (closes: #591443)
Checksums-Sha1: 
 2fbed43b190735379ea147c7aead89805d9974f5 1013 socat_1.6.0.1-1+lenny1.dsc
 39ed55df397cdf7d8adaa26a60c22ebe3a6c0f0e 489105 socat_1.6.0.1.orig.tar.gz
 4b239e6937a6e94a21eaa45bbf2d1a7bd08bf08e 4381 socat_1.6.0.1-1+lenny1.diff.gz
 ed24386ba2e603e55d132b8a2b0a39129f0dbe44 316594 socat_1.6.0.1-1+lenny1_i386.deb
Checksums-Sha256: 
 a80e3f0b1e8d64516e38455a90c7cda7cf9987b94770664348eb03401a3c5b05 1013 
socat_1.6.0.1-1+lenny1.dsc
 11b65ea9ac211a996ac9fd32f039a0e51390e9771d14e421bae17d9c3b634458 489105 
socat_1.6.0.1.orig.tar.gz
 876f2373480b171bb724964d607bb923b1b1b01f9ce17c98b420fffc11a00908 4381 
socat_1.6.0.1-1+lenny1.diff.gz
 60b04309bba8c150be42f69b3f7504e0116ffec1f30f2fb3e4c73f0be480cfa9 316594 
socat_1.6.0.1-1+lenny1_i386.deb
Files: 
 157ca774934ca80c6a94c1b741a9093b 1013 net extra socat_1.6.0.1-1+lenny1.dsc
 5a6a1d1e398d5c4d32fa6515baf477af 489105 net extra socat_1.6.0.1.orig.tar.gz
 7e52b5124379d307c379b6ecf70284f0 4381 net extra socat_1.6.0.1-1+lenny1.diff.gz
 24c9775f51968d945266e7a28b9d103a 316594 net extra 
socat_1.6.0.1-1+lenny1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkxYrVAACgkQQWTRs4lLtHnr+wCgrELK4YGaippsTO4zHQhIX6xu
ZtIAoJ1JOVpEgSHKlBPSZL5hzVpUb2Oz
=W0B5
-----END PGP SIGNATURE-----

--- End Message ---

Bug#591443: marked as done (CVE-2010-2799: Stack overflow by lexical scanning of nested character patterns)

Reply via email to