Your message dated Sun, 20 Nov 2005 03:47:05 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#334089: fixed in centericq 4.21.0-4
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 15 Oct 2005 13:13:56 +0000
>From [EMAIL PROTECTED] Sat Oct 15 06:13:56 2005
Return-path: <[EMAIL PROTECTED]>
Received: from natsmtp00.rzone.de [81.169.145.165]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1EQlrH-0003wB-00; Sat, 15 Oct 2005 06:13:55 -0700
Received: from ngolde.de (e178086029.adsl.alicedsl.de [85.178.86.29])
by post.webmailer.de (8.13.1/8.13.1) with ESMTP id j9FDDqkE011941;
Sat, 15 Oct 2005 15:13:52 +0200 (MEST)
Received: by ngolde.de (Postfix, from userid 1000)
id E0F3C530005; Sat, 15 Oct 2005 15:14:09 +0200 (CEST)
Date: Sat, 15 Oct 2005 15:14:09 +0200
From: Nico Golde <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: remotely segfaultable, DOS
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="cWoXeonUoKmBZSoM"
Content-Disposition: inline
X-Reportbug-Version: 3.17
X-Debbugs-Cc: Debian Security Team <[EMAIL PROTECTED]>
X-Editor: Vim 6.3 http://www.vim.org/
X-Operating-System: Debian GNU/Linux 2.6.13 http://www.debian.org/
X-My-Homepage: http://www.ngolde.de
User-Agent: Mutt/1.5.11
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02
--cWoXeonUoKmBZSoM
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Package: centericq
Version: 4.21.0-3
Severity: grave
Tags: security
Hi,
Yesterday I discovered the same bug as described on:
https://bugs.gentoo.org/show_bug.cgi?id=3D100519
All versions of centericq in Debian are vulnerable.
You can find a backtrace, coredump and strace on:
http://nion.modprobe.de/centericq-bug/
Regards Nico
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.13
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=3DISO-8859-15) (i=
gnored: LC_ALL set to [EMAIL PROTECTED])
Versions of packages centericq depends on:
ii centericq-common 4.21.0-3 A text-mode multi-protocol ins=
tant
ii libc6 2.3.5-6 GNU C Library: Shared librarie=
s an
ii libcurl3 7.14.1-5 Multi-protocol file transfer l=
ibra
ii libgcc1 1:4.0.2-2 GCC support library
ii libgnutls12 1.2.6-1 the GNU TLS library - runtime =
libr
ii libgpg-error0 1.1-4 library for common error value=
s an
ii libgpgme11 1.1.0-1 GPGME - GnuPG Made Easy
ii libidn11 0.5.18-1 GNU libidn library, implementa=
tion
ii libjpeg62 6b-10 The Independent JPEG Group's J=
PEG=20
ii libncurses5 5.4-9 Shared libraries for terminal =
hand
ii libssl0.9.7 0.9.7g-4 SSL shared libraries
ii libstdc++6 4.0.2-2 The GNU Standard C++ Library v3
ii zlib1g 1:1.2.3-4 compression library - runtime
Versions of packages centericq recommends:
ii dillo [www-browser] 0.8.5-1 GTK-based web browser
ii elinks [www-browser] 0.10.6-1 advanced text-mode WWW browser
ii links2 [www-browser] 2.1pre18-2 Web browser running in both gr=
aphi
ii lynx [www-browser] 2.8.5-2 Text-mode WWW Browser
ii mozilla-firefox [www-browser] 1.0.7-1 lightweight web browser based =
on M
ii sox 12.17.8-1 A universal sound sample trans=
lato
ii w3m [www-browser] 0.5.1-4 WWW browsable pager with excel=
lent
-- no debconf information
--=20
Nico Golde - JAB: [EMAIL PROTECTED] | GPG: 0x73647CFF
http://www.ngolde.de | http://www.muttng.org | http://grml.org=20
$ route add default roma.it
--cWoXeonUoKmBZSoM
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDUQChHYflSXNkfP8RAm/aAJ9u1R+puRZGg8O2Jrad79D+znOFXgCdFylD
ij539x0Ev8vY+SDme1xZ0K0=
=P9gM
-----END PGP SIGNATURE-----
--cWoXeonUoKmBZSoM--
---------------------------------------
Received: (at 334089-close) by bugs.debian.org; 20 Nov 2005 11:51:22 +0000
>From [EMAIL PROTECTED] Sun Nov 20 03:51:22 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 4.50)
id 1Ednez-0008TX-7S; Sun, 20 Nov 2005 03:47:05 -0800
From: Julien Lemoine <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#334089: fixed in centericq 4.21.0-4
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Sun, 20 Nov 2005 03:47:05 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Source: centericq
Source-Version: 4.21.0-4
We believe that the bug you reported is fixed in the latest version of
centericq, which is due to be installed in the Debian FTP archive:
centericq-common_4.21.0-4_i386.deb
to pool/main/c/centericq/centericq-common_4.21.0-4_i386.deb
centericq-fribidi_4.21.0-4_i386.deb
to pool/main/c/centericq/centericq-fribidi_4.21.0-4_i386.deb
centericq-utf8_4.21.0-4_i386.deb
to pool/main/c/centericq/centericq-utf8_4.21.0-4_i386.deb
centericq_4.21.0-4.diff.gz
to pool/main/c/centericq/centericq_4.21.0-4.diff.gz
centericq_4.21.0-4.dsc
to pool/main/c/centericq/centericq_4.21.0-4.dsc
centericq_4.21.0-4_i386.deb
to pool/main/c/centericq/centericq_4.21.0-4_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Julien Lemoine <[EMAIL PROTECTED]> (supplier of updated centericq package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 20 Nov 2005 12:02:52 +0100
Source: centericq
Binary: centericq-common centericq-utf8 centericq-fribidi centericq
Architecture: source i386
Version: 4.21.0-4
Distribution: unstable
Urgency: high
Maintainer: Julien LEMOINE <[EMAIL PROTECTED]>
Changed-By: Julien Lemoine <[EMAIL PROTECTED]>
Description:
centericq - A text-mode multi-protocol instant messenger client
centericq-common - A text-mode multi-protocol instant messenger client (data
files)
centericq-fribidi - A text-mode multi-protocol instant messenger client
(Hebrew)
centericq-utf8 - A text-mode multi-protocol instant messenger client
Closes: 334089
Changes:
centericq (4.21.0-4) unstable; urgency=high
.
* Applied two patchs from Steve Langasek <[EMAIL PROTECTED]> :
* Fix for ICQ direct client handler, which fails to handle undersized
requests from remote hosts, leading to a segfault (closes: #334089).
* Miscellaneous other memory handling clean-ups
Files:
4da2b95c792765ec2892f7f9390435ca 861 net optional centericq_4.21.0-4.dsc
895d80f87ad599f8b76c3194e62b14b5 116931 net optional centericq_4.21.0-4.diff.gz
2eaf827b41a8faa85b69d1a5e0a716cd 345430 net optional
centericq-common_4.21.0-4_i386.deb
89947cd7e8b712ed07a20168412fbee6 1258572 net optional
centericq_4.21.0-4_i386.deb
bc7cd1e30bfe125954262f212c032e6e 1258624 net optional
centericq-utf8_4.21.0-4_i386.deb
de329e00c31f168dc1df8650f741bd6a 1259144 net optional
centericq-fribidi_4.21.0-4_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDgGDoc29c8N2YKnURAgI1AJwLTJLe7D5MCqsHzlf8hTav7e7PsACfadzn
G0/FiJ8wrpQ6cWzSveNYCcw=
=rRYq
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
