Your message dated Sun, 05 Nov 2006 03:41:04 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#396256: fixed in wv 1.2.4-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
package: wv
severity: grave
tags: security
Some vulnerabilities have been found in wvware and are fixed in 1.2.3
See
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=434
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=433
for details.
Please mention the CVE id in the changelog.
--- End Message ---
--- Begin Message ---
Source: wv
Source-Version: 1.2.4-1
We believe that the bug you reported is fixed in the latest version of
wv, which is due to be installed in the Debian FTP archive:
libwv-1.2-3_1.2.4-1_i386.deb
to pool/main/w/wv/libwv-1.2-3_1.2.4-1_i386.deb
libwv-dev_1.2.4-1_i386.deb
to pool/main/w/wv/libwv-dev_1.2.4-1_i386.deb
wv_1.2.4-1.diff.gz
to pool/main/w/wv/wv_1.2.4-1.diff.gz
wv_1.2.4-1.dsc
to pool/main/w/wv/wv_1.2.4-1.dsc
wv_1.2.4-1_i386.deb
to pool/main/w/wv/wv_1.2.4-1_i386.deb
wv_1.2.4.orig.tar.gz
to pool/main/w/wv/wv_1.2.4.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Matej Vela <[EMAIL PROTECTED]> (supplier of updated wv package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 31 Oct 2006 08:00:15 +0100
Source: wv
Binary: libwv-dev wv libwv-1.2-3
Architecture: source i386
Version: 1.2.4-1
Distribution: unstable
Urgency: high
Maintainer: Debian QA Group <[EMAIL PROTECTED]>
Changed-By: Matej Vela <[EMAIL PROTECTED]>
Description:
libwv-1.2-3 - Library for accessing Microsoft Word documents
libwv-dev - Development files for the wvWare library
wv - Programs for accessing Microsoft Word documents
Closes: 396256
Changes:
wv (1.2.4-1) unstable; urgency=high
.
* QA upload.
* New upstream release.
- Version 1.2.3 fixes multiple integer overflows. [CVE-2006-4513]
Closes: #396256.
- Version 1.2.4 fixes unfiltered input in wvHandleCommandField(), and
potential segfaults in wvBeginDocument() and wvEndDocument().
There's no CVE, and no mention of security implications, but this
still might be worth backporting to stable.
- SONAME changed to libwv-1.2-3, though there have been no changes to
the ABI. Dumbass upstream.
Files:
6627be7ec32a3e9111317997bdf88427 698 text optional wv_1.2.4-1.dsc
c1861c560491f121e12917fa76970ac5 629554 text optional wv_1.2.4.orig.tar.gz
b961cbf57db4f9fa73769529d1b1813f 10930 text optional wv_1.2.4-1.diff.gz
c9c7dadce2a42f718694336f6392458f 88136 text optional wv_1.2.4-1_i386.deb
ec557afe69e96f854a9a38297482f7c8 138874 libs optional
libwv-1.2-3_1.2.4-1_i386.deb
067e609d22da24d57158369a5dc07e1b 181498 libdevel optional
libwv-dev_1.2.4-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFRvTwxBYivKllgY8RAioPAJ4/E8uEdYM0t1jG5epx3oiITZTpMgCgk69h
3PbObRUApy1NvIziPB0p+aA=
=iecF
-----END PGP SIGNATURE-----
--- End Message ---
