Your message dated Thu, 27 Jan 2005 09:17:13 -0500 with message-id <[EMAIL PROTECTED]> and subject line Bug#292347: fixed in gpsd 2.7-4 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 26 Jan 2005 14:07:54 +0000 >From [EMAIL PROTECTED] Wed Jan 26 06:07:54 2005 Return-path: <[EMAIL PROTECTED]> Received: from pernis.its.uu.se [130.238.4.153] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1Ctnpp-0002Sr-00; Wed, 26 Jan 2005 06:07:54 -0800 Received: by pernis.its.uu.se (Postfix, from userid 205) id 4CBD416D; Wed, 26 Jan 2005 15:07:52 +0100 (MEZ) Received: from pernis.its.uu.se(127.0.0.1) by pernis.its.uu.se via virus-scan id s311; Wed, 26 Jan 05 15:06:48 +0100 Received: from tyto.its.uu.se (tyto.its.uu.se [130.238.4.190]) by pernis.its.uu.se (Postfix) with ESMTP id 454CA1B1 for <[EMAIL PROTECTED]>; Wed, 26 Jan 2005 15:06:48 +0100 (MEZ) Received: from localhost ([127.0.0.1]) by tyto.its.uu.se with esmtp (Exim 3.35 #1 (Debian)) id 1Ctnom-0002h7-00 for <[EMAIL PROTECTED]>; Wed, 26 Jan 2005 15:06:48 +0100 Received: from h173n2fls31o1123.telia.com (h173n2fls31o1123.telia.com [81.224.172.173]) by webmail.uu.se (IMP) with HTTP for <[EMAIL PROTECTED]>; Wed, 26 Jan 2005 15:06:48 +0100 Message-ID: <[EMAIL PROTECTED]> Date: Wed, 26 Jan 2005 15:06:48 +0100 From: Ulf =?iso-8859-1?b?SORybmhhbW1hcg==?= <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: gpsd: remote security problem with format strings MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Internet Messaging Program (IMP) 3.2.7 Content-Transfer-Encoding: quoted-printable Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-6.8 required=4.0 tests=BAYES_00,FROM_ENDS_IN_NUMS, HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Subject: gpsd: remote security problem with format strings Package: gpsd Severity: grave Justification: user security hole Tags: security Hello, a remote security problem with format strings has been reported: http://seclists.org/lists/fulldisclosure/2005/Jan/0843.html The patch is changing all instances of: syslog(BLAH, str); to: syslog(BLAH, "%s", str); // Ulf Harnhammar -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.8-2-686 Locale: LANG=3Den_US, LC_CTYPE=3Den_US (charmap=3DISO-8859-1) --------------------------------------- Received: (at 292347-close) by bugs.debian.org; 27 Jan 2005 14:23:04 +0000 >From [EMAIL PROTECTED] Thu Jan 27 06:23:04 2005 Return-path: <[EMAIL PROTECTED]> Received: from newraff.debian.org [208.185.25.31] (mail) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1CuAY4-0008VD-00; Thu, 27 Jan 2005 06:23:04 -0800 Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian)) id 1CuASP-0001Wj-00; Thu, 27 Jan 2005 09:17:13 -0500 From: Tilman Koschnick <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] X-Katie: $Revision: 1.55 $ Subject: Bug#292347: fixed in gpsd 2.7-4 Message-Id: <[EMAIL PROTECTED]> Sender: Archive Administrator <[EMAIL PROTECTED]> Date: Thu, 27 Jan 2005 09:17:13 -0500 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Source: gpsd Source-Version: 2.7-4 We believe that the bug you reported is fixed in the latest version of gpsd, which is due to be installed in the Debian FTP archive: gpsd-clients_2.7-4_i386.deb to pool/main/g/gpsd/gpsd-clients_2.7-4_i386.deb gpsd_2.7-4.diff.gz to pool/main/g/gpsd/gpsd_2.7-4.diff.gz gpsd_2.7-4.dsc to pool/main/g/gpsd/gpsd_2.7-4.dsc gpsd_2.7-4_i386.deb to pool/main/g/gpsd/gpsd_2.7-4_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Tilman Koschnick <[EMAIL PROTECTED]> (supplier of updated gpsd package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Thu, 27 Jan 2005 13:31:03 +0100 Source: gpsd Binary: gpsd gpsd-clients Architecture: source i386 Version: 2.7-4 Distribution: unstable Urgency: high Maintainer: Tilman Koschnick <[EMAIL PROTECTED]> Changed-By: Tilman Koschnick <[EMAIL PROTECTED]> Description: gpsd - GPS (Global Positioning System) service daemon gpsd-clients - clients for the GPS service daemon Closes: 292347 292370 Changes: gpsd (2.7-4) unstable; urgency=high . * setting urgency=high because of RC bugfix * bugfix: remote security problem with format strings - add debian/patches/09_syslog_formatstring.dpatch - thanks to Ulf Harnhammar, KF, Petter Reinholdtsen (closes: #292347, #292370) * fix lintian warnings - change description of gpsd-clients - add /usr/share/lintian/overrides/gpsd (ignoring non-dev-pkg-with-shlib-symlink, description-synopsis-starts-with-a-capital-letter) Files: 0872be11bc3a8eadc831d71604f413f4 673 misc optional gpsd_2.7-4.dsc a889c560a24cf6269834461c64e9c476 22493 misc optional gpsd_2.7-4.diff.gz 6c4ee7e643a8a71e61fec2ecb5037219 70142 misc optional gpsd_2.7-4_i386.deb 88a2eb535ae935f264342be66b61c4d6 24754 misc optional gpsd-clients_2.7-4_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFB+POu20zMSyow1ykRApmHAKDWVdyTOc7W9omqs+/CVhfy2370QwCdG/fs syHtdq73b7aYaGmRtN09ki0= =No/h -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]