Your message dated Sun, 10 Mar 2013 12:32:53 +0000 with message-id <[email protected]> and subject line Bug#702252: fixed in telepathy-gabble 0.17.3-1 has caused the Debian Bug report #702252, regarding telepathy-gabble: CVE-2013-1769 remotely-triggerable DoS (crash) via weird data forms in caps to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 702252: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702252 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: telepathy-gabble Version: 0.9.15-1+squeeze1 Severity: important Tags: fixed-upstream pending telepathy-gabble is vulnerable to CVE-2013-1769, a remotely-triggerable DoS: other XMPP users can cause Gabble to crash with a NULL pointer dereference by sending malformed capabilities ("caps") data. In squeeze, telepathy-gabble itself is believed to be vulnerable. In wheezy, sid and experimental, the vulnerable code has moved into the Wocky submodule (which is shipped as part of the telepathy-gabble tarball - Wocky is not yet ABI-stable) so different patches are needed. An upload to sid will follow soon. Security team (in x-debbugs-cc), please let me know whether you want this to be a DSA or a stable update? I would suggest a stable update since it's only a DoS. S
--- End Message ---
--- Begin Message ---Source: telepathy-gabble Source-Version: 0.17.3-1 We believe that the bug you reported is fixed in the latest version of telepathy-gabble, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Laurent Bigonville <[email protected]> (supplier of updated telepathy-gabble package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 10 Mar 2013 13:10:28 +0100 Source: telepathy-gabble Binary: telepathy-gabble telepathy-gabble-dbg telepathy-gabble-tests Architecture: source amd64 Version: 0.17.3-1 Distribution: experimental Urgency: low Maintainer: Debian Telepathy maintainers <[email protected]> Changed-By: Laurent Bigonville <[email protected]> Description: telepathy-gabble - Jabber/XMPP connection manager telepathy-gabble-dbg - Jabber/XMPP connection manager (debug symbols) telepathy-gabble-tests - Jabber/XMPP connection manager (automated tests) Closes: 702252 Changes: telepathy-gabble (0.17.3-1) experimental; urgency=low . * New upstream release - drop all patches, applied upstream - fixes a remotely-triggerable DoS (CVE-2013-1769, Closes: #702252) - debian/shlibs.local: Bump version * debian/control: Fix duplicate package description Checksums-Sha1: 5aab5dfaa235bd1af74a6cb3c7cd18682852af4d 2240 telepathy-gabble_0.17.3-1.dsc d912c77465b64b249ac51c92c1ce67988b6976ca 2710882 telepathy-gabble_0.17.3.orig.tar.gz 9980171b81e6a620af1718d6666510945a30e3c4 13163 telepathy-gabble_0.17.3-1.debian.tar.gz 0a299f3d76c088c9fdc21358a4f0b8c666abfb44 835208 telepathy-gabble_0.17.3-1_amd64.deb 7b5a1e8f91047b36b3e4a671ced2be6ad60e9935 9589248 telepathy-gabble-dbg_0.17.3-1_amd64.deb adf4e5f25f6b2b52cf20739ed3826895eb2b012b 2787388 telepathy-gabble-tests_0.17.3-1_amd64.deb Checksums-Sha256: 561b44e18d05802d03482753038c3ddfc8783dc600f0ca871651863d0b6c8ed1 2240 telepathy-gabble_0.17.3-1.dsc b75f28d3645f2bd8046ad1a4754e3bc164fd44f62cf3b1cbe34c71d4542b94c9 2710882 telepathy-gabble_0.17.3.orig.tar.gz f5f42a9155de016ef12fd20c4d7f6c687b1b57ac41743ee3bd7c105d89f93406 13163 telepathy-gabble_0.17.3-1.debian.tar.gz 0fa54be24b5b9127f438840fae3e6d1f926f6df2a8170733b638af5bbbea9089 835208 telepathy-gabble_0.17.3-1_amd64.deb d711828c6d9aa1657068b633cd98dd87cf6292dee24d43d6c7531a9db777c01d 9589248 telepathy-gabble-dbg_0.17.3-1_amd64.deb 0c89ab0b1d779a40dd62a13276ac70331acd7fcff25fe01246f7dd9a40846c0a 2787388 telepathy-gabble-tests_0.17.3-1_amd64.deb Files: 51061c97e382d8c3ec26bc93f8b8c6a0 2240 net optional telepathy-gabble_0.17.3-1.dsc f190ac6244440601f616dd61846689ba 2710882 net optional telepathy-gabble_0.17.3.orig.tar.gz 81d5ba131d2c0b86d85b0b76b5119a58 13163 net optional telepathy-gabble_0.17.3-1.debian.tar.gz 7c1338cee51fc70dd91d5ff76fdc7ee8 835208 net optional telepathy-gabble_0.17.3-1_amd64.deb f839bf08e19f47a876e4dee9ef4fded4 9589248 debug extra telepathy-gabble-dbg_0.17.3-1_amd64.deb f1e70ad2a7872d3ae01b41a95984b82e 2787388 debug extra telepathy-gabble-tests_0.17.3-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBCAAGBQJRPHmTAAoJEB/FiR66sEPVmygIAJh6Ga1IV1aBnTjRVP5hgbxO BLJ4Wf8VzFUGpWDOBNbe6PdoeSgK1Rjb6EFCYj36HYL55ZD1MSda5MkplB+KLjy7 1gmbiltIKHeNWUHIInyug1n6eNrPSsxx4anCMjzjok9KINqQoq8qkodoAbPpX7oq YYKrZDLYgAVN7LR1jegHwy+97nl4B5AFT6nyM3FDW1ccRcRV7d5p9ZJJVz/dRmPK /Y+SoVCkBRlG4wRDIMCoAGr8CMTTbFyZ13MCcuQaYelxE9LMWvuW5Ru/YHdDzoPZ 1krS5YTaW5JwGw3wNeurSEB10BLgCo1oC9PSPs8PZZKbQ6b4VT0+vTPqpDVxnRU= =xE5r -----END PGP SIGNATURE-----
--- End Message ---
