Your message dated Sun, 23 Feb 2014 15:21:48 +0000 with message-id <[email protected]> and subject line Bug#695181: fixed in netkit-telnet-ssl 0.17.24+0.1-24 has caused the Debian Bug report #695181, regarding telnet-ssl: segfaults with debug flag to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 695181: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695181 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: telnet-ssl Version: 0.17.24+0.1-23 Severity: normal Dear Maintainer, * What led up to the situation? I was trying to connect to our university system using old terminal access. * What exactly did you do (or not do) that was effective (or ineffective)? As I wasn't able to get in (didn't know, I need -8 flag at the moment), I decided to use debug flag to peek into the communication. * What was the outcome of this action? It segfaulted. * What outcome did you expect instead? To not segfault, I guess? Console output: $ telnet -z debug kos.cvut.cz 2223 Trying 147.32.3.36... SSL_DEBUG_FLAG on Connected to www.kos.cvut.cz. Escape character is '^]'. [SSL - attempting to switch on SSL] [SSL - handshake starting] ssl:client_verify_callback:depth=0 ok=0 err=20-unable to get local issuer certificate SSL: unable to get local issuer certificate (20) [SSL - OK] [SSL cipher=:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS -AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:PSK-AES128-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5] [SSL subject=/C=CZ/O=Czech Technical University in Prague/CN=www.kos.cvut.cz] [SSL issuer=/C=BE/O=Cybertrust/OU=Educational CA/CN=Cybertrust Educational CA] Segmentation fault syslog: Dec 5 01:52:04 machine-name kernel: [ 3272.117359] telnet[10288] general protection ip:412290 sp:7fff566c2158 error:0 in telnet-ssl[400000+1b000] I got in later, but the segfault is replicable using the original command. username/machinename was removed, but server and port are authentic, so you can test against them. the info is available on public internet anyway. -- System Information: Debian Release: wheezy/sid APT prefers testing-proposed-updates APT policy: (500, 'testing-proposed-updates'), (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages telnet-ssl depends on: ii libc6 2.13-37 ii libncurses5 5.9-10 ii libssl1.0.0 1.0.1c-4 ii libstdc++6 4.7.2-4 telnet-ssl recommends no packages. telnet-ssl suggests no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Source: netkit-telnet-ssl Source-Version: 0.17.24+0.1-24 We believe that the bug you reported is fixed in the latest version of netkit-telnet-ssl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Ian Beckwith <[email protected]> (supplier of updated netkit-telnet-ssl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sat, 22 Feb 2014 17:00:11 +0000 Source: netkit-telnet-ssl Binary: telnet-ssl telnetd-ssl Architecture: source amd64 Version: 0.17.24+0.1-24 Distribution: unstable Urgency: medium Maintainer: Ian Beckwith <[email protected]> Changed-By: Ian Beckwith <[email protected]> Description: telnet-ssl - telnet client with SSL encryption support telnetd-ssl - telnet server with SSL encryption support Closes: 695181 Changes: netkit-telnet-ssl (0.17.24+0.1-24) unstable; urgency=medium . * Fix buffer overflow (Closes: #695181). Checksums-Sha1: 68455a56729e7abe59a76436fe7a1bdc722f74f3 1288 netkit-telnet-ssl_0.17.24+0.1-24.dsc f3cee11494cd924447b48442710e3e5a42bddc13 35636 netkit-telnet-ssl_0.17.24+0.1-24.diff.gz 7a50127604530fe13b9b46b899239684ffe5c7f1 85414 telnet-ssl_0.17.24+0.1-24_amd64.deb cccacd694cde196504f3ada20815a9e7d1814894 57530 telnetd-ssl_0.17.24+0.1-24_amd64.deb Checksums-Sha256: 2c0eeb91920abcb00362101c6603de79d6085c7854a2f4daed4b4307c68cf668 1288 netkit-telnet-ssl_0.17.24+0.1-24.dsc 8c92c95d32972296b5beb8ac59cf23b1a030d49628d4675d2e46873306e2e468 35636 netkit-telnet-ssl_0.17.24+0.1-24.diff.gz ba3bf3f1daf3d6b4b80c08acf3fb0ec4e5d3bf07f7b114755959d65c5fe3e910 85414 telnet-ssl_0.17.24+0.1-24_amd64.deb de401823762391edb96c634a210611825c00fadbf639776ac469d2623f9bcff8 57530 telnetd-ssl_0.17.24+0.1-24_amd64.deb Files: 0756e43a6ffc78c191f3d76d9b62cfab 1288 net extra netkit-telnet-ssl_0.17.24+0.1-24.dsc c557bd9deb0e65e39ba1627ae44c13cb 35636 net extra netkit-telnet-ssl_0.17.24+0.1-24.diff.gz 1cd43ac8b9ea626b0b98c50547ceeadd 85414 net extra telnet-ssl_0.17.24+0.1-24_amd64.deb 646fc6910e13252cdfd4d7bc7e06f0d9 57530 net extra telnetd-ssl_0.17.24+0.1-24_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: http://erislabs.net/ianb/key/ iEYEARECAAYFAlMKDFUACgkQQOzBVKi6weovIgCdGAI0PKhA20s70BRoSDfuBXTd d9EAoK6DxX/eSdhSkgA9uHBZro8Pjmxx =xRhg -----END PGP SIGNATURE-----
--- End Message ---

