Your message dated Tue, 09 Jun 2009 12:17:10 +0000
with message-id <[email protected]>
and subject line Bug#528510: fixed in cscope 15.7a-1
has caused the Debian Bug report #528510,
regarding cscope: CVE-2009-0148 multiple buffer overflows
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
528510: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528510
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: cscope
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for cscope.
CVE-2009-0148[0]:
| Multiple buffer overflows in Cscope before 15.7a allow remote
| attackers to execute arbitrary code via long strings in input such as
| (1) source-code tokens and (2) pathnames, related to integer overflows
| in some cases. NOTE: this issue exists because of an incomplete fix
| for CVE-2004-2541.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0148
http://security-tracker.debian.net/tracker/CVE-2009-0148
--
Nico Golde - http://www.ngolde.de - [email protected] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpKxpQa7PpD8.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: cscope
Source-Version: 15.7a-1
We believe that the bug you reported is fixed in the latest version of
cscope, which is due to be installed in the Debian FTP archive:
cscope_15.7a-1.diff.gz
to pool/main/c/cscope/cscope_15.7a-1.diff.gz
cscope_15.7a-1.dsc
to pool/main/c/cscope/cscope_15.7a-1.dsc
cscope_15.7a-1_i386.deb
to pool/main/c/cscope/cscope_15.7a-1_i386.deb
cscope_15.7a.orig.tar.gz
to pool/main/c/cscope/cscope_15.7a.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Tobias Klauser <[email protected]> (supplier of updated cscope package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 24 May 2009 12:13:47 +0200
Source: cscope
Binary: cscope
Architecture: source i386
Version: 15.7a-1
Distribution: unstable
Urgency: high
Maintainer: Tobias Klauser <[email protected]>
Changed-By: Tobias Klauser <[email protected]>
Description:
cscope - Interactively examine a C program source
Closes: 515164 528510
Changes:
cscope (15.7a-1) unstable; urgency=high
.
* New upstream release.
- Security update for CVE-2009-0148 to fix multiple buffer overflows
(Closes: #528510).
- Drop 01-fix-resize-crash-inside-vim.dpatch, merged upstream.
* Correctly install xcscope.el via dh_installemacsen (Closes: #515164).
* Update to Standards-Version 3.8.1, no changes needed.
Checksums-Sha1:
c8639b506d3ee332858005d17cbf95ad9d3093ed 1149 cscope_15.7a-1.dsc
33d3dd36dcca95ce199d2ad07d7fa9fce2e9a6f9 429251 cscope_15.7a.orig.tar.gz
e008766343ea64ddb0edd621281b86fe7494c1ac 16951 cscope_15.7a-1.diff.gz
11ad2a03d3b35c444d0f8fa3a4cc83d1128fcd6a 153178 cscope_15.7a-1_i386.deb
Checksums-Sha256:
2804ca570f12af4637a6db2356e34b4ccc07f26dd1f5cfc8a8d171ba86fafd6f 1149
cscope_15.7a-1.dsc
1f04362e865b9ab2b470f0845531111881e76b55f68d7892b15ddbc38641fe26 429251
cscope_15.7a.orig.tar.gz
e25fd9c86fe8dc464b8409aa76a0bb5cfba534f1599409aa8bd71e2dcb156376 16951
cscope_15.7a-1.diff.gz
d5157e663cba6ca965c47dd868cdab591a365853b7311f52eec6060320652204 153178
cscope_15.7a-1_i386.deb
Files:
4896c50a763f012c3a4bb72c2812742e 1149 devel optional cscope_15.7a-1.dsc
90d1b66dafa355307195c7153cec6d5c 429251 devel optional cscope_15.7a.orig.tar.gz
018a295298250bec6cc09e717a90a7f9 16951 devel optional cscope_15.7a-1.diff.gz
652128d8315683ee56849da1248bb426 153178 devel optional cscope_15.7a-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkouT6kACgkQ+C5cwEsrK54pPgCfW8EtWsiZ6nxhS4lHWw0c4Y5+
JJsAn0x3wzSWxAG9GS0NFSxQFLdV52On
=8vJx
-----END PGP SIGNATURE-----
--- End Message ---
