Your message dated Sat, 04 Nov 2006 22:02:27 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#397076: fixed in rpm 4.4.1-11
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: rpm
Version: 4.4.1-10
Severity: grave
Tags: security
Quoting http://www.ubuntu.com/usn/usn-378-1:
An error was found in the RPM library's handling of query reports. In
some locales, certain RPM packages would cause the library to crash. If
a user was tricked into querying a specially crafted RPM package, the
flaw could be exploited to execute arbitrary code with the user's
privileges.
--- End Message ---
--- Begin Message ---
Source: rpm
Source-Version: 4.4.1-11
We believe that the bug you reported is fixed in the latest version of
rpm, which is due to be installed in the Debian FTP archive:
librpm-dev_4.4.1-11_i386.deb
to pool/main/r/rpm/librpm-dev_4.4.1-11_i386.deb
librpm4_4.4.1-11_i386.deb
to pool/main/r/rpm/librpm4_4.4.1-11_i386.deb
lsb-rpm_4.4.1-11_i386.deb
to pool/main/r/rpm/lsb-rpm_4.4.1-11_i386.deb
python-rpm_4.4.1-11_i386.deb
to pool/main/r/rpm/python-rpm_4.4.1-11_i386.deb
rpm_4.4.1-11.diff.gz
to pool/main/r/rpm/rpm_4.4.1-11.diff.gz
rpm_4.4.1-11.dsc
to pool/main/r/rpm/rpm_4.4.1-11.dsc
rpm_4.4.1-11_i386.deb
to pool/main/r/rpm/rpm_4.4.1-11_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Anibal Monsalve Salazar <[EMAIL PROTECTED]> (supplier of updated rpm package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 05 Nov 2006 13:27:39 +1100
Source: rpm
Binary: python-rpm rpm librpm-dev lsb-rpm librpm4
Architecture: source i386
Version: 4.4.1-11
Distribution: unstable
Urgency: high
Maintainer: Anibal Monsalve Salazar <[EMAIL PROTECTED]>
Changed-By: Anibal Monsalve Salazar <[EMAIL PROTECTED]>
Description:
librpm-dev - RPM shared library, development kit
librpm4 - RPM shared library
lsb-rpm - Red Hat package manager for LSB package building
python-rpm - Python bindings for RPM
rpm - Red Hat package manager
Closes: 397076
Changes:
rpm (4.4.1-11) unstable; urgency=high
.
* Synchronized to Ubuntu
- SECURITY UPDATE: heap overflow in query report could lead to
arbitrary code execution.
- Add 'debian/patches/99_query_heap_protection.diff': validate
message length. Patch from upstream CVS, applied inline.
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212833
- CVE-2006-5466
- Closes: #397076.
* Updated debian/watch.
* Added debian/pycompat.
Files:
717f47386bef0c0a6ff5e0e05643a841 992 admin optional rpm_4.4.1-11.dsc
4a449c23ba10b3dea8da4b372956c871 241642 admin optional rpm_4.4.1-11.diff.gz
3d8b69b4a6fd99af40e89c8261e9f8ea 829518 admin optional rpm_4.4.1-11_i386.deb
11222fa2f0157a6e72867590128c146a 2462884 devel optional
lsb-rpm_4.4.1-11_i386.deb
a73301c64d7af388bbac9720fc4b91b8 977982 libs optional librpm4_4.4.1-11_i386.deb
ec386ce598cc1be148b7870f79dad231 1310190 libdevel extra
librpm-dev_4.4.1-11_i386.deb
75225253798d39faaf448617de261923 496756 python extra
python-rpm_4.4.1-11_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFFTXtCipBneRiAKDwRAmd8AJ9+I0oPJggH6cb0J3uM/fn21C3e4ACfVIuC
ivrPBqoc7/g+OkcLQqLkXKg=
=MuvE
-----END PGP SIGNATURE-----
--- End Message ---
