Your message dated Tue, 28 Aug 2012 13:47:40 +0000 with message-id <e1t6m8q-0005fj...@franck.debian.org> and subject line Bug#684078: fixed in wv2 0.4.2.dfsg.1-9.1 has caused the Debian Bug report #684078, regarding calligra: Buffer overflow to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 684078: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684078 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: calligra Severity: grave Tags: security Justification: user security hole Please see: https://projects.kde.org/projects/calligra/repository/diff?rev=7d72f7dd8d28d18c59a08a7d43bd4e0654043103&rev_to=7a9fa21b1f812b74b3e1501480dd14d10aeb347b Reported here: http://media.blackhat.com/bh-us-12/Briefings/C_Miller/BH_US_12_Miller_NFC_attack_surface_WP.pdf (page 39ff) There's no CVE ID yet. Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: wv2 Source-Version: 0.4.2.dfsg.1-9.1 We believe that the bug you reported is fixed in the latest version of wv2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 684...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. gregor herrmann <gre...@debian.org> (supplier of updated wv2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 26 Aug 2012 15:20:51 +0200 Source: wv2 Binary: libwv2-4 libwv2-dev Architecture: source amd64 Version: 0.4.2.dfsg.1-9.1 Distribution: unstable Urgency: low Maintainer: Olly Betts <o...@survex.com> Changed-By: gregor herrmann <gre...@debian.org> Description: libwv2-4 - library for accessing Microsoft Word documents libwv2-dev - development files for Microsoft Word access library Closes: 684078 Changes: wv2 (0.4.2.dfsg.1-9.1) unstable; urgency=low . * Non-maintainer upload. * [SECURITY] Fix "Buffer overflow": add patch buffer-overflow.patch, taken from calligra git. (Closes: #684078) Checksums-Sha1: eeb2019e3c8ee7bdefefdcda54b25bc870b773cc 1862 wv2_0.4.2.dfsg.1-9.1.dsc 16450a48089ca332e8fbd049c638927e15173f1b 13128 wv2_0.4.2.dfsg.1-9.1.debian.tar.gz d9d0bd695e922777cfcd87f608845444fa31b98e 268270 libwv2-4_0.4.2.dfsg.1-9.1_amd64.deb 09506b457292a7beead5e9a01cf14d2cbbddd23b 102774 libwv2-dev_0.4.2.dfsg.1-9.1_amd64.deb Checksums-Sha256: 7a6a82230adc21c7f30287c8b4126c05e89c69c38e9beebacd44c201db14c701 1862 wv2_0.4.2.dfsg.1-9.1.dsc 483496f881d25b1558507d07ca2e3814916e405be51c00e0f645a15b9283eb80 13128 wv2_0.4.2.dfsg.1-9.1.debian.tar.gz 82f52b8e9f095a7049aebd0d7f109fd7f57fe81d2382823430ee58bfbb985067 268270 libwv2-4_0.4.2.dfsg.1-9.1_amd64.deb ea037b73c6be9021660c64df0da90446f7be7f66405b0d4fe47782fdf22187bc 102774 libwv2-dev_0.4.2.dfsg.1-9.1_amd64.deb Files: 0e0b54e1010af941f1d468964926675b 1862 libs optional wv2_0.4.2.dfsg.1-9.1.dsc be77e63cfff235a9ce8b975ce4be45c7 13128 libs optional wv2_0.4.2.dfsg.1-9.1.debian.tar.gz ad8f159528b66f526b9a69dfac6cf881 268270 libs optional libwv2-4_0.4.2.dfsg.1-9.1_amd64.deb c11de79cbfeab328056fc2e167290d97 102774 libdevel optional libwv2-dev_0.4.2.dfsg.1-9.1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJQOiReAAoJELs6aAGGSaoGyDwP/RzbuNJjkNMtWqGKEDX2Pixi L00WMVvSLKjv/2qFiP3dRrTqDHU95rgzIVMuH9U9gNA2FXB6icyBNMTbPnhFRkUW DFfz866Ct/ixsDtrclEKY4vVZCpRKbHDeHUXwvmtQzOFosGhMwEhBs6ezcuTBgmk X2EMylytUuazKDuddD5Tl4PGmBO/PxM474rHVwJ+uYIR7LE30SANyJChewSxaJqg xqjgHZt6GTpm7P6y1AAbFIQNbwfQu2nTxW+qaqP8kPYMDOGOQn3FUS3rKcdzhc6u zDkfEQIYDGA6wqdOZc3YLETbTHTc+95BHFKLgeHHerEVwJSv3uHjnedhoRXK0WAb wMF4TEyJjvDr9m3phDjwpz9BWoNDXnu5P0CIyyofMpnlYBtQh8GkgT9kXKh3L8Du +cSvNA0zBNywjOHYJ1y5QfQGWGf2Co8cqFvnR0dcVdHU8pfuMt8NTMfbD4ipA5oG g+4Ogt3QlnKT1I37Uzj9LWfmbMRGLZYsETuMTVt3j5GFiy3XVZBYuLKCUW6N122+ HEp2Kee0NbAqBxKEiPfdjAxCkEXf0veo0agKOx0gx5KCLsnPac/ugNYmskRZHXNc 5/g2CTTd4dlo70zbbd8LUcJZY/yp7B1nbbwwPpGr4xmI6y+d+b9r/cjLUXSBu4GR R/KJ2COMz1+ErN5k3LpL =QEey -----END PGP SIGNATURE-----
--- End Message ---
