Bug#334443: marked as done (CAN-2005-3183: DoS through incorrect bounds checking in HTBoundary_put_block())

Sun, 23 Oct 2005 14:03:47 -0700 

Your message dated Sun, 23 Oct 2005 13:49:38 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#334443: fixed in w3c-libwww 5.4.0-11
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 17 Oct 2005 22:06:21 +0000
>From [EMAIL PROTECTED] Mon Oct 17 15:06:21 2005
Return-path: <[EMAIL PROTECTED]>
Received: from (vserver151.vserver151.serverflex.de) [193.22.164.111] 
        by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
        id 1ERd7d-0007UV-00; Mon, 17 Oct 2005 15:06:21 -0700
Received: from dslb-082-083-217-161.pools.arcor-ip.net ([82.83.217.161] 
helo=localhost.localdomain)
        by vserver151.vserver151.serverflex.de with esmtpsa 
(TLS-1.0:RSA_AES_256_CBC_SHA:32)
        (Exim 4.50)
        id 1ERd7Z-0001UB-3s
        for [EMAIL PROTECTED]; Tue, 18 Oct 2005 00:06:17 +0200
Received: from jmm by localhost.localdomain with local (Exim 4.54)
        id 1ERd8M-0001ja-IX; Tue, 18 Oct 2005 00:07:06 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: CAN-2005-3183: DoS through incorrect bounds checking in
 HTBoundary_put_block()
X-Mailer: reportbug 3.17
Date: Tue, 18 Oct 2005 00:07:06 +0200
X-Debbugs-Cc: Debian Security Team <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
X-SA-Exim-Connect-IP: 82.83.217.161
X-SA-Exim-Mail-From: [EMAIL PROTECTED]
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond 
expanded to false
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-9.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
        RCVD_IN_SBLXBL,RCVD_IN_SBLXBL_CBL,X_DEBBUGS_CC autolearn=ham 
        version=2.60-bugs.debian.org_2005_01_02

Package: w3m-libwww
Version: 5.4.0-10
Severity: important
Tags: security

It has been discovered that remote servers can crash libwww-using applications.
Please see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=159597 for
more details and a proposed fix.

Cheers,
        Moritz

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-rc1
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)

---------------------------------------
Received: (at 334443-close) by bugs.debian.org; 23 Oct 2005 21:02:35 +0000
>From [EMAIL PROTECTED] Sun Oct 23 14:02:35 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
        id 1ETmmg-0002Nb-00; Sun, 23 Oct 2005 13:49:38 -0700
From: Richard Atterer <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#334443: fixed in w3c-libwww 5.4.0-11
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Sun, 23 Oct 2005 13:49:38 -0700
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02

Source: w3c-libwww
Source-Version: 5.4.0-11

We believe that the bug you reported is fixed in the latest version of
w3c-libwww, which is due to be installed in the Debian FTP archive:

libwww-dev_5.4.0-11_i386.deb
  to pool/main/w/w3c-libwww/libwww-dev_5.4.0-11_i386.deb
libwww-ssl-dev_5.4.0-11_i386.deb
  to pool/main/w/w3c-libwww/libwww-ssl-dev_5.4.0-11_i386.deb
libwww-ssl0_5.4.0-11_i386.deb
  to pool/main/w/w3c-libwww/libwww-ssl0_5.4.0-11_i386.deb
libwww0_5.4.0-11_i386.deb
  to pool/main/w/w3c-libwww/libwww0_5.4.0-11_i386.deb
w3c-libwww_5.4.0-11.diff.gz
  to pool/main/w/w3c-libwww/w3c-libwww_5.4.0-11.diff.gz
w3c-libwww_5.4.0-11.dsc
  to pool/main/w/w3c-libwww/w3c-libwww_5.4.0-11.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Richard Atterer <[EMAIL PROTECTED]> (supplier of updated w3c-libwww package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 22 Oct 2005 23:26:11 +0200
Source: w3c-libwww
Binary: libwww-dev libwww-ssl0 libwww-ssl-dev libwww0
Architecture: source i386
Version: 5.4.0-11
Distribution: unstable
Urgency: high
Maintainer: Richard Atterer <[EMAIL PROTECTED]>
Changed-By: Richard Atterer <[EMAIL PROTECTED]>
Description: 
 libwww-dev - The W3C WWW library - development files
 libwww-ssl-dev - The W3C WWW library - development files (SSL support)
 libwww-ssl0 - The W3C-WWW library (SSL support)
 libwww0    - The W3C WWW library
Closes: 334443
Changes: 
 w3c-libwww (5.4.0-11) unstable; urgency=high
 .
   * Security fix for Library/src/HTBound.c, patch taken from Redhat's
     w3c-libwww-5.4.0-10.0.FC3.1.src.rpm, Redhat bug #159597
     Closes: #334443: CAN-2005-3183: DoS through incorrect bounds checking
     in HTBoundary_put_block()
Files: 
 3116cbd1214b9cbf2077bde53c55db5d 692 libs optional w3c-libwww_5.4.0-11.dsc
 35e58941dbc3bf91ebbe2a4bd049c808 556804 libs optional 
w3c-libwww_5.4.0-11.diff.gz
 86ae090547637c0ec729912042654104 446358 libs optional libwww0_5.4.0-11_i386.deb
 784ef394760bddfe81108a8369853a8b 453490 libs optional 
libwww-ssl0_5.4.0-11_i386.deb
 2ba1ef97852af5018dee7a9a3cd1ca96 633382 libdevel optional 
libwww-dev_5.4.0-11_i386.deb
 3ca94616d5c525186cd48672ce8b3ea3 639870 libdevel optional 
libwww-ssl-dev_5.4.0-11_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDWrYBeeb23IiDVPcRAofEAJoDN/lWqgOHfZa05U4xMXOU7gWDngCdGWsj
JW5pSoXZWn9MGwcjcZLH2Ok=
=+1Eo
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to