Bug#645325: marked as done (CVE-2011-3378: Malformed Header parsing)

Debian Bug Tracking System Sat, 24 Dec 2011 12:00:19 -0800

Your message dated Sat, 24 Dec 2011 19:56:31 +0000
with message-id <[email protected]>
and subject line Bug#645325: fixed in rpm 4.8.1-6+squeeze1
has caused the Debian Bug report #645325,
regarding CVE-2011-3378: Malformed Header parsing
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
645325: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=645325
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: rpm
Severity: important
Tags: security

Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3378 and links 
to patches.

Thanks to dpkg the attack vectors to a Debian system are rather limited, so I 
don't think
this warrants a DSA. It could be fixed through a point update, though (see
http://www.debian.org/doc/manuals/developers-reference/pkgs.html#upload-stable )

Please contact [email protected] if you disgree with the severity.

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

Source: rpm
Source-Version: 4.8.1-6+squeeze1

We believe that the bug you reported is fixed in the latest version of
rpm, which is due to be installed in the Debian FTP archive:

librpm-dbg_4.8.1-6+squeeze1_amd64.deb
  to main/r/rpm/librpm-dbg_4.8.1-6+squeeze1_amd64.deb
librpm-dev_4.8.1-6+squeeze1_amd64.deb
  to main/r/rpm/librpm-dev_4.8.1-6+squeeze1_amd64.deb
librpm1_4.8.1-6+squeeze1_amd64.deb
  to main/r/rpm/librpm1_4.8.1-6+squeeze1_amd64.deb
librpmbuild1_4.8.1-6+squeeze1_amd64.deb
  to main/r/rpm/librpmbuild1_4.8.1-6+squeeze1_amd64.deb
librpmio1_4.8.1-6+squeeze1_amd64.deb
  to main/r/rpm/librpmio1_4.8.1-6+squeeze1_amd64.deb
lsb-rpm_4.8.1-6+squeeze1_amd64.deb
  to main/r/rpm/lsb-rpm_4.8.1-6+squeeze1_amd64.deb
python-rpm_4.8.1-6+squeeze1_amd64.deb
  to main/r/rpm/python-rpm_4.8.1-6+squeeze1_amd64.deb
rpm-common_4.8.1-6+squeeze1_amd64.deb
  to main/r/rpm/rpm-common_4.8.1-6+squeeze1_amd64.deb
rpm-i18n_4.8.1-6+squeeze1_all.deb
  to main/r/rpm/rpm-i18n_4.8.1-6+squeeze1_all.deb
rpm2cpio_4.8.1-6+squeeze1_amd64.deb
  to main/r/rpm/rpm2cpio_4.8.1-6+squeeze1_amd64.deb
rpm_4.8.1-6+squeeze1.debian.tar.gz
  to main/r/rpm/rpm_4.8.1-6+squeeze1.debian.tar.gz
rpm_4.8.1-6+squeeze1.dsc
  to main/r/rpm/rpm_4.8.1-6+squeeze1.dsc
rpm_4.8.1-6+squeeze1_amd64.deb
  to main/r/rpm/rpm_4.8.1-6+squeeze1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Moritz Muehlenhoff <[email protected]> (supplier of updated rpm package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 21 Dec 2011 17:59:47 +0000
Source: rpm
Binary: rpm rpm2cpio rpm-common rpm-i18n lsb-rpm librpm-dbg librpm1 librpmio1 
librpmbuild1 librpm-dev python-rpm
Architecture: source all amd64
Version: 4.8.1-6+squeeze1
Distribution: stable
Urgency: low
Maintainer: Michal Čihař <[email protected]>
Changed-By: Moritz Muehlenhoff <[email protected]>
Description: 
 librpm-dbg - debugging symbols for RPM
 librpm-dev - RPM shared library, development kit
 librpm1    - RPM shared library
 librpmbuild1 - RPM build shared library
 librpmio1  - RPM IO shared library
 lsb-rpm    - RPM Package Manager for LSB package building
 python-rpm - Python bindings for RPM
 rpm        - package manager for RPM
 rpm-common - common files for RPM
 rpm-i18n   - localization and localized man pages for rpm
 rpm2cpio   - tool to convert RPM package to CPIO archive
Closes: 645325
Changes: 
 rpm (4.8.1-6+squeeze1) stable; urgency=low
 .
   * Non-maintainer upload by the Security Team
   * Fix CVE-2011-3378 (Closes: #645325)
Checksums-Sha1: 
 e5ca210e42e7f035da004486605b604a9a6560a1 1785 rpm_4.8.1-6+squeeze1.dsc
 ea219f8463e4bee916dad578587c99683b0f5453 70619 
rpm_4.8.1-6+squeeze1.debian.tar.gz
 d0692a0e2c7f2b3574669d9875a93032a1ecc697 1185214 
rpm-i18n_4.8.1-6+squeeze1_all.deb
 1864d4a2a14fbbd205925d6b9d7b89448ed30412 843194 rpm_4.8.1-6+squeeze1_amd64.deb
 03b87809b6ba916daf037cef29548e2a9c4de2c3 699506 
rpm2cpio_4.8.1-6+squeeze1_amd64.deb
 36696904746ba02dedb0f0f0029c315a6b7de408 714898 
rpm-common_4.8.1-6+squeeze1_amd64.deb
 3472b9d91eef72080866d84feb237cf061de6b80 1254048 
lsb-rpm_4.8.1-6+squeeze1_amd64.deb
 b35075ac49f7649abdb8263c87a7d29e8686af8e 2667270 
librpm-dbg_4.8.1-6+squeeze1_amd64.deb
 df3028140a8b8bd49276a28ebf045f60fda78320 891226 
librpm1_4.8.1-6+squeeze1_amd64.deb
 753f66ae0c1437fe5fc0818bc5a6df43e81fab01 779210 
librpmio1_4.8.1-6+squeeze1_amd64.deb
 53e8575108b341e9fd3a817248c252d1069f8562 764600 
librpmbuild1_4.8.1-6+squeeze1_amd64.deb
 65d56f1e6296f0fcbf13c10dd61e704856d87a1a 762120 
librpm-dev_4.8.1-6+squeeze1_amd64.deb
 6be4ec95da652e5aed58828f80b4b667ae1ce716 733904 
python-rpm_4.8.1-6+squeeze1_amd64.deb
Checksums-Sha256: 
 0f31c4df7185b4f5900310a3fd88f47cdf4f56c3b94f8515df041f75087d010c 1785 
rpm_4.8.1-6+squeeze1.dsc
 45ad8976607507154bcbce4b3c426adc50f4a43bb72ae2a09783f1c355e506c9 70619 
rpm_4.8.1-6+squeeze1.debian.tar.gz
 b4729d2dc748b6b0da722cabf73ce5c6ef644c7045d9b6df47480ca43d0dd65c 1185214 
rpm-i18n_4.8.1-6+squeeze1_all.deb
 c2b9e0a33e4f300621b8b673479ec4cd154e61e6047e5f0962dd1c2c871c1290 843194 
rpm_4.8.1-6+squeeze1_amd64.deb
 f41bd7c37b1bfbdab31176d8934f2f54fee1b0d6d3cef37557cd5aeec054b970 699506 
rpm2cpio_4.8.1-6+squeeze1_amd64.deb
 5f9a8b0bc522a0a385b2015e96b3da5bd1d728169ee3b4c47bc5779ce64e996e 714898 
rpm-common_4.8.1-6+squeeze1_amd64.deb
 7615ce3e880ca23b63bca2846167a5005e24dd8dbce67cb4bb978937244ac477 1254048 
lsb-rpm_4.8.1-6+squeeze1_amd64.deb
 b268829b805b6b0cd3fb0acced6d3a599319c209917dcca40b61fdf50101e44f 2667270 
librpm-dbg_4.8.1-6+squeeze1_amd64.deb
 734fb958f17a839be1ecd7d22c426571a7fcf031f86e1655d0b0e02371a6515a 891226 
librpm1_4.8.1-6+squeeze1_amd64.deb
 9986275339a0d7a226e6e5c62bf0ae26e068c3fc8024ac8a72404fc2d3505072 779210 
librpmio1_4.8.1-6+squeeze1_amd64.deb
 96f6dfa552028ae3ea4cfa1aac3bc77d442aa20998d0a63e2301ab0f3b7d0ed8 764600 
librpmbuild1_4.8.1-6+squeeze1_amd64.deb
 83cdead633edcd92cd9eb14e7d7c823d0b58db4b8cd8e51268efe00fbdc37878 762120 
librpm-dev_4.8.1-6+squeeze1_amd64.deb
 7e1541e329526a713291efeb6ae6befdb6a1940424d18d909b834c2f89e17f58 733904 
python-rpm_4.8.1-6+squeeze1_amd64.deb
Files: 
 021cfb63de7e5325267736128b0d1e59 1785 admin optional rpm_4.8.1-6+squeeze1.dsc
 bde4335352e0fee58d9ad4cb42a6d245 70619 admin optional 
rpm_4.8.1-6+squeeze1.debian.tar.gz
 09ad3d755195c0e5ad11ce08800bb931 1185214 localization optional 
rpm-i18n_4.8.1-6+squeeze1_all.deb
 e1e9000bbac6031f626d0ddc03979378 843194 admin optional 
rpm_4.8.1-6+squeeze1_amd64.deb
 20eddf04f9a77aed223e058b7cd09089 699506 admin optional 
rpm2cpio_4.8.1-6+squeeze1_amd64.deb
 1780921f3f24b9be591baf6d947a93b2 714898 admin optional 
rpm-common_4.8.1-6+squeeze1_amd64.deb
 6ceebd2769bbce0e77c580926ffe1e65 1254048 devel optional 
lsb-rpm_4.8.1-6+squeeze1_amd64.deb
 c5b6fd54597d13934ee09ad040e62c25 2667270 debug extra 
librpm-dbg_4.8.1-6+squeeze1_amd64.deb
 c1ccf7f3f62b36af7b7c441de0e9785d 891226 libs optional 
librpm1_4.8.1-6+squeeze1_amd64.deb
 a4f8189712af0d3b86c42dd143e4ee7a 779210 libs optional 
librpmio1_4.8.1-6+squeeze1_amd64.deb
 3c3d0d3d9f0b349116c02392a836d4a7 764600 libs optional 
librpmbuild1_4.8.1-6+squeeze1_amd64.deb
 f3c22015a7e64c056fcff2d477d63533 762120 libdevel extra 
librpm-dev_4.8.1-6+squeeze1_amd64.deb
 689f9501325ba6a6a4f9f553927b4578 733904 python extra 
python-rpm_4.8.1-6+squeeze1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk704DUACgkQXm3vHE4uylq2hwCgsMDsRj9vGQCRktGWqqVfnPTr
mlQAniKFOl9TD/o8rAA+InMacum0RyjY
=YIUu
-----END PGP SIGNATURE-----

--- End Message ---

Bug#645325: marked as done (CVE-2011-3378: Malformed Header parsing)

Reply via email to