Your message dated Thu, 12 Dec 2013 13:37:49 +0000 with message-id <e1vr6sb-0006a4...@franck.debian.org> and subject line Bug#729276: fixed in staden-io-lib 1.13.3-2 has caused the Debian Bug report #729276, regarding staden-io-lib-utils: bufferoverflow in index_tar to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 729276: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729276 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: staden-io-lib-utils Version: 1.12.4-1 Severity: grave Tags: security Justification: user security hole index_tar has a buffer overflow vulnerability. A PoC file is attached. $ gdb --args /usr/bin/index_tar foo Program received signal SIGSEGV, Segmentation 0x41414141 in ?? () (gdb) -- System Information: Debian Release: 7.1 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 3.2.0-3-686-pae (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages staden-io-lib-utils depends on: ii libc6 2.13-38 ii libstaden-read1 1.12.4-1 staden-io-lib-utils recommends no packages. staden-io-lib-utils suggests no packages. -- no debconf informationfoo
Description: Binary data
--- End Message ---
--- Begin Message ---Source: staden-io-lib Source-Version: 1.13.3-2 We believe that the bug you reported is fixed in the latest version of staden-io-lib, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 729...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Tille <ti...@debian.org> (supplier of updated staden-io-lib package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Thu, 12 Dec 2013 13:42:21 +0100 Source: staden-io-lib Binary: staden-io-lib-utils libstaden-read-dev libstaden-read1 Architecture: source amd64 Version: 1.13.3-2 Distribution: unstable Urgency: medium Maintainer: Debian Med Packaging Team <debian-med-packag...@lists.alioth.debian.org> Changed-By: Andreas Tille <ti...@debian.org> Description: libstaden-read-dev - development files for libstaden-read libstaden-read1 - Staden library for reading and writing DNA sequencing results staden-io-lib-utils - programs for maniuplating DNA sequencing files Closes: 729276 Changes: staden-io-lib (1.13.3-2) unstable; urgency=medium . * debian/patches/fix_bufferoverflow.patch: Fix buffer overflow Thanks to James Bonfield <j...@sanger.ac.uk> (upstream) for the patch. Closes: #729276 Checksums-Sha1: 0e4313bdbaddd5006f5247ad3f261b526543d192 1657 staden-io-lib_1.13.3-2.dsc 57614c512879c549f8f213fac056a2f0f007006e 11352 staden-io-lib_1.13.3-2.debian.tar.gz 27bdcc684f89a1de99fde2ef706edf4a1626e616 198278 staden-io-lib-utils_1.13.3-2_amd64.deb 61b5e04831505d20a0a9660d78ecf40fa16dd2f2 292364 libstaden-read-dev_1.13.3-2_amd64.deb 8f0853320a21b4e98609978b27c37069e36e92e0 230884 libstaden-read1_1.13.3-2_amd64.deb Checksums-Sha256: b9a2378f8cabefa93723acb6ce9be4a7d28f1ee9013be371e8b19f35ca96b0bd 1657 staden-io-lib_1.13.3-2.dsc 637e53ffafc2a4e2bebf4170b20c1439ccb4b0e77a73c8ba89a77d00bbca51a8 11352 staden-io-lib_1.13.3-2.debian.tar.gz 617d38453ef397839cf749540af332c90550f175980861091de0ea3784af7606 198278 staden-io-lib-utils_1.13.3-2_amd64.deb 02590c5902e29c3408da939368fc4a759f74c34297ab9e522076d42d395a4c40 292364 libstaden-read-dev_1.13.3-2_amd64.deb b11bd4ac15eef25110b04dd76336c8117cc48e778c3d8c65adf81e3ddf3e38e7 230884 libstaden-read1_1.13.3-2_amd64.deb Files: 53d5202a654650800bc60d992ff6a522 1657 science optional staden-io-lib_1.13.3-2.dsc 7f6694c9c8057474934c81390189b45f 11352 science optional staden-io-lib_1.13.3-2.debian.tar.gz 43168257527bef10b9930705f13a65dd 198278 science optional staden-io-lib-utils_1.13.3-2_amd64.deb 8276037f586b225ac7dc08062327199f 292364 libdevel optional libstaden-read-dev_1.13.3-2_amd64.deb 92e240a01251d90181dae0648209d06d 230884 libs optional libstaden-read1_1.13.3-2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iEYEARECAAYFAlKps80ACgkQYDBbMcCf01qWUwCffRN5j72QfCZLvIR8WhtOuIKa 14sAnRfq0MaMRrLh0jxfO127pl+3NGS/ =WVuE -----END PGP SIGNATURE-----
--- End Message ---