Bug#677594: marked as done (CVE-2012-3291: Heap-based buffer overflow in OpenConnect)

Wed, 20 Jun 2012 17:39:16 -0700 

Your message dated Wed, 20 Jun 2012 20:36:03 -0400
with message-id 
<cad6ldllnak145kn9mak1f4hlq67j2rhjqfb748k0n8wq3ms...@mail.gmail.com>
and subject line Re: Bug#677594: CVE-2012-3291: Heap-based buffer overflow in 
OpenConnect
has caused the Debian Bug report #677594,
regarding CVE-2012-3291: Heap-based buffer overflow in OpenConnect
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
677594: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677594
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: openconnect
Version: 2.25-0.1
Severity: important
Tags: security

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3291 "Heap-based buffer 
overflow in OpenConnect 3.18 allows remote servers to cause a denial of service 
via a crafted greeting banner."

squeeze has 2.25-0.1, which seems to be vulnerable
wheezy has 3.20-1, which should be fine
sid has 3.20-2, which should be fine

References:
http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/14cae65318d3ef1f7d449e463b72b6934e82f1c2
http://www.infradead.org/openconnect/changelog.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079747.html

-- System Information:
Debian Release: 6.0.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.4.1 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash

--- End Message ---
--- Begin Message --- 
Version: 2.25-0.1+squeeze1

This vulnerability was fixed in this security update to squeeze.

http://www.debian.org/security/2012/dsa-2495

-- 
mike

--- End Message ---

Reply via email to