Your message dated Mon, 04 Mar 2013 16:03:47 +0000 with message-id <[email protected]> and subject line Bug#702252: fixed in telepathy-gabble 0.16.5-1 has caused the Debian Bug report #702252, regarding telepathy-gabble: CVE-2013-1769 remotely-triggerable DoS (crash) via weird data forms in caps to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 702252: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702252 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: telepathy-gabble Version: 0.9.15-1+squeeze1 Severity: important Tags: fixed-upstream pending telepathy-gabble is vulnerable to CVE-2013-1769, a remotely-triggerable DoS: other XMPP users can cause Gabble to crash with a NULL pointer dereference by sending malformed capabilities ("caps") data. In squeeze, telepathy-gabble itself is believed to be vulnerable. In wheezy, sid and experimental, the vulnerable code has moved into the Wocky submodule (which is shipped as part of the telepathy-gabble tarball - Wocky is not yet ABI-stable) so different patches are needed. An upload to sid will follow soon. Security team (in x-debbugs-cc), please let me know whether you want this to be a DSA or a stable update? I would suggest a stable update since it's only a DoS. S
--- End Message ---
--- Begin Message ---Source: telepathy-gabble Source-Version: 0.16.5-1 We believe that the bug you reported is fixed in the latest version of telepathy-gabble, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Simon McVittie <[email protected]> (supplier of updated telepathy-gabble package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 04 Mar 2013 15:10:21 +0000 Source: telepathy-gabble Binary: telepathy-gabble telepathy-gabble-dbg Architecture: source amd64 Version: 0.16.5-1 Distribution: unstable Urgency: medium Maintainer: Debian Telepathy maintainers <[email protected]> Changed-By: Simon McVittie <[email protected]> Description: telepathy-gabble - Jabber/XMPP connection manager telepathy-gabble-dbg - Jabber/XMPP connection manager (debug symbols) Closes: 702252 Changes: telepathy-gabble (0.16.5-1) unstable; urgency=medium . * New upstream stable release - drop all patches, applied upstream - fixes a remotely-triggerable DoS (CVE-2013-1769, Closes: #702252) Checksums-Sha1: bd3a8c37b7a56c213cc1b70cbc3b633089aeebd7 2479 telepathy-gabble_0.16.5-1.dsc 6553fe69ccaa9926458d282893ad3d94ac9180e0 2635272 telepathy-gabble_0.16.5.orig.tar.gz 7e80bbb812c1d76434a80b57be7b5b44cc98c582 12664 telepathy-gabble_0.16.5-1.debian.tar.gz 654be34169d9445c07b3a5166b422f120678d3f7 818104 telepathy-gabble_0.16.5-1_amd64.deb 7e97c2a1f7a8e639279ceb06139e3322f0584251 2128260 telepathy-gabble-dbg_0.16.5-1_amd64.deb Checksums-Sha256: dfeebd3eae40da25933d2ae54b1e0f71a974621dec74bf90b0df1365899074db 2479 telepathy-gabble_0.16.5-1.dsc fdadd2b61f2ed912af20df9766adb6ddafb156f174840c7a305e9f19efa16d33 2635272 telepathy-gabble_0.16.5.orig.tar.gz 5fb72135171c1a215ada8ae928a0a29ffa7ef09f54aef17028dbb0d512b223da 12664 telepathy-gabble_0.16.5-1.debian.tar.gz 594acc5757e9569beb543791210b185c5d24449385a8f63b0df28f944dc6b6c7 818104 telepathy-gabble_0.16.5-1_amd64.deb ba1d1a2e37a8fc1f6b846c40c0d3b198a7395ae95fc2712b5af001c6ddaa1264 2128260 telepathy-gabble-dbg_0.16.5-1_amd64.deb Files: 02340d4b582aecb03c0e9c351c14ef9e 2479 net optional telepathy-gabble_0.16.5-1.dsc 06eab928c1d147029ee33be53a03710c 2635272 net optional telepathy-gabble_0.16.5.orig.tar.gz 44c3ba4cee02aca78b69fd0d4959e2f3 12664 net optional telepathy-gabble_0.16.5-1.debian.tar.gz f165b27e56216e7ec93f59dc6a564e05 818104 net optional telepathy-gabble_0.16.5-1_amd64.deb 8f014e4d2d902df2b768165ef1b46da9 2128260 debug extra telepathy-gabble-dbg_0.16.5-1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIVAwUBUTTDIE3o/ypjx8yQAQjV+Q//b4KiRr5dGZKx0XcqPUwb6VHCHRtZLCIU 6ralOQZt6A6P5F496GuouxSV/KS4sQ8l9oX6WjBaEmQQT3Ktyr6mbjkflqkLSbcr 7VxB8fT2N98hbGe9bWmva55ncErkU9IJyVzHgHtSjFQ3nluHi7sy/3i3EI5wDeN3 0ZZX8Ccz7y/LzFrygIgUI/5QWE+PIqyOi7m4yda88tJzCFdNmORbxdmML1aivHhf OjJqJ0dwEopqOiUKxmmJiXymOgF3j1GHecLUJOO9+eeS7FcEzLd0rsTo0K96wsnd Za0hpKb4iKzRPAW/ZfZmfLpDxqTT3TnzBrx9JZP8tNB7KdlDPS4WiNNjeFzLlMrS lxlQoVXAZ/Z2YmTcpgcbPXItMxnb1VazQKahx+PtsIdcTyy1HdXewQ3bfhHAGaTe RiXq536iDblwcyKr3i5c0WXmhCWsGkpLuN+RJfk3uHTsqDF8PBzsAvfjBiVAtyoB MU149ZvMhdSBbR+XoADTLAsIp58IpithI2uXbM3T5Os+/RJNzIkhTd3lyzWK57uC fF0CXP6PWB5H2skbucN3VOz8y8LttMqV/Xc74eNvbr+DuUpNkG/PLV2EjCZo6Zuc Ly33TSqlNh5heCvDSWvRAh5VeLjQBkmqmipvihgNHXHs6K2Q0jFyYx3qY549KRnv x4zOrd3BUvY= =YVq8 -----END PGP SIGNATURE-----
--- End Message ---
