Your message dated Thu, 23 Jan 2014 23:19:12 +0000
with message-id <e1w6tyg-0002rl...@franck.debian.org>
and subject line Bug#729278: fixed in trueprint 5.3-4.1
has caused the Debian Bug report #729278,
regarding trueprint: buffer overflow
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
729278: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729278
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: trueprint
Version: 5.3-4
Severity: grave
Tags: security
Justification: user security hole
trueprint has a buffer overflow vulnerability. A PoC file is attached.
$ /usr/bin/trueprint foo
Program received signal SIGSEGV, Segmentation fault.
0xbfffff81 in ?? ()
(gdb)
-- System Information:
Debian Release: 7.1
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 3.2.0-3-686-pae (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages trueprint depends on:
ii libc6 2.13-38
Versions of packages trueprint recommends:
ii cups-bsd [lpr] 1.5.3-5
trueprint suggests no packages.
-- no debconf information
foo
Description: Binary data
--- End Message ---
--- Begin Message ---
Source: trueprint
Source-Version: 5.3-4.1
We believe that the bug you reported is fixed in the latest version of
trueprint, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 729...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Beckmann <a...@debian.org> (supplier of updated trueprint package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 18 Jan 2014 23:15:04 +0100
Source: trueprint
Binary: trueprint
Architecture: source amd64
Version: 5.3-4.1
Distribution: unstable
Urgency: medium
Maintainer: Henrique Haas <mede...@gnoia.org>
Changed-By: Andreas Beckmann <a...@debian.org>
Description:
trueprint - pretty printing of source code
Closes: 406654 615335 708500 729278
Changes:
trueprint (5.3-4.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Get rid of install-info calls in maintainer scripts. (Closes: #708500)
* Forcefully truncate lines exceeding MAXLINELENGTH. (Closes: #729278)
* Fix typo in description. (Closes: #406654)
* Use Homepage field. (Closes: #615335)
Checksums-Sha1:
b616ba394f3c10ef8870122b966b644659eb8673 1716 trueprint_5.3-4.1.dsc
0a4f3f5b9e50fdbbc5a9969da3100546b50eab99 5082 trueprint_5.3-4.1.diff.gz
3615b9e8d4eb8546a0a3bf48831fe61bc2aa256d 63654 trueprint_5.3-4.1_amd64.deb
Checksums-Sha256:
2820f1b4d4756ebe18c311711e60adfa1ab0c5eb978fbc83c09dbd90cde0728a 1716
trueprint_5.3-4.1.dsc
f402398251bf9cbfd4938e452e4025c89b3d0685db274e561e58d71c028b506b 5082
trueprint_5.3-4.1.diff.gz
2d019b91cf5c9bb230913bc7acb1a5f41f8a6b8e69f83c4753921a0f0e440469 63654
trueprint_5.3-4.1_amd64.deb
Files:
08814d21e64f845207448c07d142a60d 1716 text optional trueprint_5.3-4.1.dsc
8c5f06d30b964c0c82ac428ff5c95a98 5082 text optional trueprint_5.3-4.1.diff.gz
e7396ef3bfb52b9a285f7a11b5d8cdfb 63654 text optional
trueprint_5.3-4.1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJS2wMnAAoJEF+zP5NZ6e0IRdwP/0i47Z5bakUBeP1XBZ82jhFL
783jpoTSmgIk1y+jfiD65xoEbU3QeouiR/CThu4+kh/WchqAtfVJLKFHbArqiBS2
Uzj9+YUZ2o0WNlYCKpfs2RXdIeaod84QQvWEUICFxVYBqXGrDaRb+hvXsKFE7wdP
fn6oOODgML0r8fp7x+zBDo6QF1oCJXXeTBjYnRnCAIL56c/R/QQ3ElZHu6gaQxef
FOl3xkX1LtuScON87GLEEwpUSfG2/0nby11UTXFB5HRDVFUsXdYv0G8UrCEK5opa
y6jL60Bm+pxC/avpB5WrDxNIoNLULaj3WgIlJCSYH17eU5JnFCONHkq1CL0uVlQ6
a7ot78VgUHBbdG6OKy4uG6cYXcbCrSOanVRxwXs7UX/rD/0CtzTHKC9uVL9aQ2HQ
fX3FCPoaSyPtlVb++1ZPG982Ccb+2ba9qWXUws4Qb+gb6BPWNW3rCY0qqWt7WyNK
jUV/eI9Y4nOg/Rxi3VWFA1Sk681gFxyPEPQ1wCEEhCL3Io/RQvRxL2/R7G97qYd0
tocEVsJlWrljh+h37mnvfrRtXyNWh35iBFKfiNOClvlh1bX4duT1qcITP8XB0WiS
V6nqDPjR2dG5Ca+OlB24j/g2kxGUm0WbzTixJy2PbsaD+R9+CTaYCE7XEJDS9Xf3
L/yEJj+lTBKWX4+tIsA5
=hqiD
-----END PGP SIGNATURE-----
--- End Message ---
