Your message dated Sat, 01 Feb 2014 09:50:16 +0000
with message-id <[email protected]>
and subject line Bug#736993: fixed in socat 1.7.2.3-1
has caused the Debian Bug report #736993,
regarding socat: CVE-2014-0019: PROXY-CONNECT address overflow
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
736993: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736993
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: socat
Severity: important
Tags: security upstream fixed-upstream
Hi,
the following vulnerability was published for socat.
CVE-2014-0019[0,1]:
PROXY-CONNECT address overflow
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0019
http://security-tracker.debian.org/tracker/CVE-2014-0019
[1] http://www.dest-unreach.org/socat/contrib/socat-secadv5.txt
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: socat
Source-Version: 1.7.2.3-1
We believe that the bug you reported is fixed in the latest version of
socat, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <[email protected]> (supplier of updated socat package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 01 Feb 2014 09:48:00 +0100
Source: socat
Binary: socat
Architecture: source amd64
Version: 1.7.2.3-1
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <[email protected]>
Changed-By: Laszlo Boszormenyi (GCS) <[email protected]>
Description:
socat - multipurpose relay for bidirectional data transfer
Closes: 736993
Changes:
socat (1.7.2.3-1) unstable; urgency=high
.
* New upstream release, fixing CVE-2014-0019 (closes: #736993).
* Update to Standards-Version 3.9.5 .
.
[ Bart Martens <[email protected]> ]
* Update watch file.
Checksums-Sha1:
e14054591f76124f1b612995556b82bfe15526b2 1714 socat_1.7.2.3-1.dsc
ff51cd13b672e67b630cf82aa52c83f829f31121 424461 socat_1.7.2.3.orig.tar.bz2
f1848ea0eb7c86c54c133dd62ffe881c1720f232 8820 socat_1.7.2.3-1.debian.tar.xz
8f6b0b9256deb0de7c649b5d5639b1f2c67df355 319592 socat_1.7.2.3-1_amd64.deb
Checksums-Sha256:
80c52d0fc21d44dd1810d83223ab8ee7b0e5f7de13d87184ab291b7500df002b 1714
socat_1.7.2.3-1.dsc
0598ac54af7b138cda9e3c141bcf0cc63eeb2ab31f468a772dc3f7eb3896aad0 424461
socat_1.7.2.3.orig.tar.bz2
860f64521f2dfe0a5baff2404cdaad92581aabe07d6885701daab675aeedef5f 8820
socat_1.7.2.3-1.debian.tar.xz
a9c9640ac2afc0fb1e3a8026b645a701c80e143092d2567a3ed8b7f3ac15199e 319592
socat_1.7.2.3-1_amd64.deb
Files:
34569244a44c31fe091b0d38e68f6cd8 1714 net extra socat_1.7.2.3-1.dsc
75008d8baf7c6c9e27aa7afb34a622de 424461 net extra socat_1.7.2.3.orig.tar.bz2
70e09c6bd9fb2a35370997ac1cd18a17 8820 net extra socat_1.7.2.3-1.debian.tar.xz
8088bed836a750a1c859eed175dec26b 319592 net extra socat_1.7.2.3-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJS7LszAAoJENzjEOeGTMi/jCUP/RXuGVmd849Uv0EiG0gNH4zP
0+ZA7mRt0EpWHnfmm43fmxpjjSclNFt+3Hexcy3zLnDL0Y0KbN1pQIogmoMGkRuP
F7BgEAxwic4Og6pDjzMblqO4dxN3fNcKHE83AMBF/5msnDvLNfBpC060D3snwfIS
u2Rt/6slpvgNjuilCNvC3MX1d6yB4guwe35H5iHhhikyU/M7L+HBsEYZIbulVP4d
WRk3pO9/tVIAKoq3GLD57DRNzSaMZxaXT8eYHPXGlQcj7TZYFke+g/EaSgzr/zwj
3spRSbgFh/I07jIT9ljTmdGbGj4VNx3X2/3TUiNT7KmhLiJU+RLGraVhRbu/OzzZ
VyosvOdyH3JkYNkZmHylaI5i3v6CdNFairZXaUhii3TQDlpyfsroga+c8OOnlq5s
qEEZebuubpJjblMbLd6D/mHf86miuY+EBuNMkwY6FTAlyLTTCJiRS49SB4uU7fbm
qW1vHKpJ7TULE9pE9F/uKDI/J+9AKuGzevBzcdh1bul9G25VGcW6QOCk19Q29LS5
cfxtGOnkKz/Jf/2wyj3KNlY5KulOHY/dGUg2TDIQdBZrfwp8aE16NGY21F/jdT0o
W1quaO4m8hKDa9L4WGQYFirKbgOmhV7y5dBnc3jBpJhdI/qcAW0EcDJkHsraUs0f
ZoqiTH4WsiUInSDkBFDU
=FgNB
-----END PGP SIGNATURE-----
--- End Message ---
