Your message dated Thu, 03 Jun 2010 14:10:56 +0300
with message-id <[email protected]>
and subject line Re: Bug#584402: CVE-2010-1457: allows local users to read
arbitrary files
has caused the Debian Bug report #584401,
regarding CVE-2010-1620: Integer overflow
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
584401: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584401
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: gnustep-base
Version: 1.19.3-3
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for gnustep-base.
CVE-2010-1620[0]:
| Integer overflow in the load_iface function in Tools/gdomap.c in
| gdomap in GNUstep Base before 1.20.0 might allow context-dependent
| attackers to execute arbitrary code via a (1) file or (2) socket that
| provides configuration data with many entries, leading to a heap-based
| buffer overflow.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1620
http://security-tracker.debian.org/tracker/CVE-2010-1620
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkwHhwoACgkQNxpp46476apFvQCePP+7hUwuYaOJmTnF6vHE9VBS
dBwAnj2OWTbudmv2cee0NuFPGe5u2FxC
=uNR0
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Version: 1.19.3-2
Both security issues are fixed in the above version. I added the CVE
IDs retroactively, which is probably why the security team still counts
them as unfixed.
--- End Message ---
