Bug#638758: marked as done (stunnel4: [CVE-2011-2940] heap corruption vulnerability in 4.40 and 4.41)

Sat, 27 Aug 2011 19:51:17 -0700 

Your message dated Sun, 28 Aug 2011 02:48:42 +0000
with message-id <e1qxvqq-00008x...@franck.debian.org>
and subject line Bug#638758: fixed in stunnel4 3:4.42-1
has caused the Debian Bug report #638758,
regarding stunnel4: [CVE-2011-2940] heap corruption vulnerability in 4.40 and 
4.41
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
638758: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=638758
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: stunnel4
Version: 3:4.40-1
Severity: grave
Tags: security fixed-upstream

>From http://stunnel.org/?page=sdf_ChangeLog :

 Version 4.42, 2011.08.18, urgency: HIGH:
 [...]
 Bugfixes
    Fixed a heap corruption vulnerability in versions 4.40 and 4.41. It
    may possibly be leveraged to perform DoS or remote code execution
    attacks.

This has been assigned CVE-2011-2940, see
 http://www.openwall.com/lists/oss-security/2011/08/19/18

-- 
Niko Tyni   nt...@debian.org

--- End Message ---
--- Begin Message --- 
Source: stunnel4
Source-Version: 3:4.42-1

We believe that the bug you reported is fixed in the latest version of
stunnel4, which is due to be installed in the Debian FTP archive:

stunnel4_4.42-1.debian.tar.gz
  to main/s/stunnel4/stunnel4_4.42-1.debian.tar.gz
stunnel4_4.42-1.dsc
  to main/s/stunnel4/stunnel4_4.42-1.dsc
stunnel4_4.42-1_amd64.deb
  to main/s/stunnel4/stunnel4_4.42-1_amd64.deb
stunnel4_4.42.orig.tar.gz
  to main/s/stunnel4/stunnel4_4.42.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 638...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Luis Rodrigo Gallardo Cruz <rodr...@debian.org> (supplier of updated stunnel4 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 27 Aug 2011 08:34:43 -0700
Source: stunnel4
Binary: stunnel4
Architecture: source amd64
Version: 3:4.42-1
Distribution: unstable
Urgency: low
Maintainer: Luis Rodrigo Gallardo Cruz <rodr...@debian.org>
Changed-By: Luis Rodrigo Gallardo Cruz <rodr...@debian.org>
Description: 
 stunnel4   - Universal SSL tunnel for network daemons
Closes: 638758
Changes: 
 stunnel4 (3:4.42-1) unstable; urgency=low
 .
   * New Upstream Release.
    - Fixed a heap corruption vulnerability in versions 4.40 and 4.41.  It may
      possibly be leveraged to perform DoS or remote code execution attacks.
      (Closes: #638758)
    - New verify level 0 to request and ignore peer certificate.
Checksums-Sha1: 
 ac0d270bca717c5ade48823784723df483cabd2d 1221 stunnel4_4.42-1.dsc
 2bfe693f95d79e964c51fd5e9bf0762663338c9d 558391 stunnel4_4.42.orig.tar.gz
 59b4f5b3272f6866ce9979a8e8ba717259bed2aa 30086 stunnel4_4.42-1.debian.tar.gz
 4fa96ff0b6c3bcfc56d624bc68ecefbe1a4c16f1 167914 stunnel4_4.42-1_amd64.deb
Checksums-Sha256: 
 d3af10f7304d92c90a354b9b22cf454293652ebc0357efb3b38715f25e01c5d6 1221 
stunnel4_4.42-1.dsc
 d33c407bfc4f58070e818081bd082c38f91cab7691ccbb794da63143c535de3b 558391 
stunnel4_4.42.orig.tar.gz
 9445bae37d411ac4d018c8a35fb9cb303c53e774a7658de9d7b6fac11fe1b5b3 30086 
stunnel4_4.42-1.debian.tar.gz
 6ca8e107a562cb98322753bbf20c3870d9820b17ed8f8414b3b74c311daca605 167914 
stunnel4_4.42-1_amd64.deb
Files: 
 5732581562103952efccb08a3e3e626c 1221 net optional stunnel4_4.42-1.dsc
 f64a7426166d397dd826deef33bb6aa0 558391 net optional stunnel4_4.42.orig.tar.gz
 10caedb5c23757df20661eeff8e20ea8 30086 net optional 
stunnel4_4.42-1.debian.tar.gz
 2028bd2c3ca4a05e52ef81360acb4841 167914 net optional stunnel4_4.42-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk5ZEpAACgkQAZmDGK3JvCiNSACfer1B2LAG/IxAnifu2/ruW9Fi
wzgAn2KfAzLgak8BhYTwxcRUHjMsQZBw
=UziP
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to