Processed: severity of 674823 is important
Processing commands for cont...@bugs.debian.org: > severity 674823 important Bug #674823 [analog] analog: FTBFS on hurd-i386. Severity set to 'important' from 'normal' > thanks Stopping processing here. Please contact me if you need assistance. -- 674823: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674823 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/handler.s.c.142030693112672.transcr...@bugs.debian.org
Bug#772008: CVE request: mpfr: buffer overflow in mpfr_strtofr
On Tue, 30 Dec 2014, Moritz Muehlenhoff wrote: On Mon, Dec 08, 2014 at 01:45:12PM +0100, Vasyl Kaigorodov wrote: Hello, A buffer overflow was reported [1] in mpfr. This is due to incorrect GMP documentation for mpn_set_str about the size of a buffer (discussion is at [1]; first fix in the GMP documentation is at [2]). This bug is present in the MPFR versions from 2.1.0 (adding mpfr_strtofr) to this one, and can be detected by running "make check" in a 32-bit ABI under GNU/Linux with alloca disabled (this is currently possible by using the --with-gmp-build configure option where alloca has been disabled in the GMP build). It is fixed by the strtofr patch [3]. Corresponding changeset in the 3.1 branch: 9110 [4]. [1]: https://gmplib.org/list-archives/gmp-bugs/2013-December/003267.html [2]: https://gmplib.org/repo/gmp-5.1/raw-rev/d19172622a74 [3]: http://www.mpfr.org/mpfr-3.1.2/patch11 [4]: https://gforge.inria.fr/scm/viewvc.php?view=rev&root=mpfr&revision=9110 References: - https://bugzilla.redhat.com/show_bug.cgi?id=1171701 - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772008 Can a CVE be assigned to this please? Use CVE-2014-9474. --- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/pine.lnx.4.64.1501031730070.1...@beijing.mitre.org
Bug#774527: arc: directory traversal
Package: arc Version: 5.21q-1 Tags: security arc is susceptible to directory traversal: $ pwd /home/jwilk $ arc x traversal.arc Extracting file: /tmp/moo $ ls -l /tmp/moo -rw-r--r-- 1 jwilk users 4 Jan 4 2015 /tmp/moo The script I used to create the test case is available at: https://bitbucket.org/jwilk/path-traversal-samples -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (990, 'unstable'), (500, 'experimental') Architecture: i386 (x86_64) Foreign Architectures: amd64 Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages arc depends on: ii libc6 2.19-13 -- Jakub Wilk traversal.arc Description: Binary data
Processing of lletters_0.1.95+gtk2-4_source.changes
lletters_0.1.95+gtk2-4_source.changes uploaded successfully to ftp-master.debian.org along with the files: lletters_0.1.95+gtk2-4.dsc lletters_0.1.95+gtk2-4.diff.gz Greetings, Your Debian queue daemon (running on host coccia.debian.org) -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/e1y7zit-0002ew...@coccia.debian.org
Processing of lletters_0.1.95+gtk2-4_source.changes
lletters_0.1.95+gtk2-4_source.changes uploaded successfully to localhost along with the files: lletters_0.1.95+gtk2-4.dsc lletters_0.1.95+gtk2-4.diff.gz Greetings, Your Debian queue daemon (running on host franck.debian.org) -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/e1y7zj9-0002gd...@franck.debian.org
lletters_0.1.95+gtk2-4_source.changes ACCEPTED into unstable
Accepted:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Tue, 23 Sep 2014 14:26:55 +0200
Source: lletters
Binary: lletters
Architecture: source
Version: 0.1.95+gtk2-4
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group
Changed-By: Markus Koschany
Description:
lletters - GTK letters-learning game for small children
Closes: 538667 701852 712845 727450 749360
Changes:
lletters (0.1.95+gtk2-4) unstable; urgency=medium
.
* QA upload.
* Set maintainer address to Debian QA Group .
* Add ${misc:Depends} substvar.
* Fix FTBFS because of missing separators in intl/Makefile.in.
(Closes: #749360)
* Build with autotools-dev and fix FTBFS on newer architectures due to
outdated config.sub and config.guess files. (Closes: #727450, #538667)
* Fix program stops responding while playing sound by replacing type long
with uint32_t. Thanks q1we...@i.com.ua for the patch. (Closes: #701852)
* Fix application terminates when clicking A, B or H. Thanks to Prathibha B
for the report and patch. (Closes: #712845)
* Use compat level 9 and require debhelper >= 9.
* Use source format 1.0 explicitly by adding a source directory and format
file to the debian directory.
* Remove superfluous postrm.debhelper and postinst.debhelper file.
* Create a valid desktop file and add a comment in German.
Checksums-Sha1:
5c34d4caaecbf8bd8e17254e5a43f377ad91fc85 1722 lletters_0.1.95+gtk2-4.dsc
3df1f2a410cd2a219426e9fdd84ff51649e72cf5 471155 lletters_0.1.95+gtk2-4.diff.gz
Checksums-Sha256:
df244b1f8de99528fb730587bd17bcb89854af73bde647976e50ad849e56aa8f 1722
lletters_0.1.95+gtk2-4.dsc
984eba195e52ca90f061683aa8469068b1e2f645693777bf9e3037af8db2103c 471155
lletters_0.1.95+gtk2-4.diff.gz
Files:
e513991ed276dde0787a9fbd9468cd33 1722 games extra lletters_0.1.95+gtk2-4.dsc
32c7452b70b98a4edd0e0c6767a05ed8 471155 games extra
lletters_0.1.95+gtk2-4.diff.gz
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQIcBAEBCAAGBQJUqJHyAAoJEI7tzBuqHzL//6oP/304ifWLbjZd2tcHo+Ip9L3n
I53/VsCqzHikcsUbdf9aXra7ecXX79SjwihyFQeYtJQkxh/65w8EjqPqgyDjAcsL
tgxJuCClH6Kng9B8/ZmuEpLy1Wg8i9JuRGiF7VknZBvSgTDTUent+RIimLEHu5Fp
Bt8yVpg92nCC1w5WCjJoP8kAoqRVRCohDZjbfzqyuLyIZjYX8jJB4Bo7OVR6tV1z
C6ty5xgf5E1ARSALFMzuhEsZD4Y8M6x06wlKC970SW4lU6R7IokIrr/TH7eIBQ7a
C5WJkEuv1FY7a0pczsxWqE6HkvqJKeNBTQsJGHj/jP4JnYuSVRS4F29LuVDYyiJu
CU9KN51VqSfqDMVrMpTntZraALI18OZcdfSG6ey1vPj40XFeE76PGmk3UDBQZvFX
BEnVuTEa2JTFOzHM8+4FElBW6tpg5FHq4wD0BXEy/WDwtUlskP5GBpQA5hQOJFVf
Dqymk9AKMtZOeTeFzqRCQQAEIA4PVXML1zhTrYqrDQkfNexGLwLY31Rt/Mdh1fKN
W/nv2KtSvJbQ3VduqntEahgxfgDej++JHJ0WpxMC1E2T5yYDni5WXs9ZYtOyc/ww
9iagemzEdNJpKeGXcw+qi8OebPtYTfCG1nrqeQryxFMaGsVgXnmMBCd5lTBSZsxi
MUyYbhPamwUT8aalVtFa
=b7bp
-END PGP SIGNATURE-
Thank you for your contribution to Debian.
--
To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/e1y7zq0-0002ss...@franck.debian.org
Processed: user debian-secur...@lists.debian.org, usertagging 772008 ...
Processing commands for cont...@bugs.debian.org:
> user debian-secur...@lists.debian.org
Setting user to debian-secur...@lists.debian.org (was car...@debian.org).
> usertags 772008 + tracked
Usertags were: tracked.
Usertags are now: tracked.
> retitle 772008 libmpfr4: CVE-2014-9474: buffer overflow in mpfr_strtofr
Bug #772008 {Done: Matthias Klose } [libmpfr4] libmpfr4:
buffer overflow in mpfr_strtofr
Changed Bug title to 'libmpfr4: CVE-2014-9474: buffer overflow in mpfr_strtofr'
from 'libmpfr4: buffer overflow in mpfr_strtofr'
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
772008: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772008
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--
To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
https://lists.debian.org/handler.s.c.14203453894966.transcr...@bugs.debian.org
