Your message dated Tue, 20 Dec 2005 10:47:09 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#344134: fixed in cpio 2.6-10
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 20 Dec 2005 09:56:39 +0000
>From [EMAIL PROTECTED] Tue Dec 20 01:56:39 2005
Return-path: <[EMAIL PROTECTED]>
Received: from inutil.org ([193.22.164.111]
helo=vserver151.vserver151.serverflex.de)
by spohr.debian.org with esmtp (Exim 4.50)
id 1EoeEZ-0003AF-Ci
for [EMAIL PROTECTED]; Tue, 20 Dec 2005 01:56:39 -0800
Received: from wlan-client-269.informatik.uni-bremen.de ([134.102.117.19]
helo=localhost.localdomain)
by vserver151.vserver151.serverflex.de with esmtpsa
(TLS-1.0:RSA_AES_256_CBC_SHA:32)
(Exim 4.50)
id 1EoeEY-0004IL-8r
for [EMAIL PROTECTED]; Tue, 20 Dec 2005 10:56:38 +0100
Received: from jmm by localhost.localdomain with local (Exim 4.60)
(envelope-from <[EMAIL PROTECTED]>)
id 1EoeE9-0001n5-HN; Tue, 20 Dec 2005 10:56:13 +0100
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: CVE-2005-4268: Buffer overflow on 64 bit archs
Message-ID: <[EMAIL PROTECTED]>
X-Mailer: reportbug 3.18
Date: Tue, 20 Dec 2005 10:56:13 +0100
X-Debbugs-Cc: Debian Security Team <[EMAIL PROTECTED]>
X-SA-Exim-Connect-IP: 134.102.117.19
X-SA-Exim-Mail-From: [EMAIL PROTECTED]
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond
expanded to false
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02
Package: cpio
Version: 2.6-9
Severity: important
Tags: security
Justification: user security hole
For very large archives the ASCII representation of the file size
may exceed eight bytes and trigger a buffer overflow. Please see
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=172669 for
details and upstream's patch.
This affects oldstable and stable as well.
This is CVE-2005-4268, please mention it in the changelog when fixing
this.
Cheers,
Moritz
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-1-686
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
Versions of packages cpio depends on:
ii libc6 2.3.5-8.1 GNU C Library: Shared libraries an
cpio recommends no packages.
-- no debconf information
---------------------------------------
Received: (at 344134-close) by bugs.debian.org; 20 Dec 2005 18:53:12 +0000
>From [EMAIL PROTECTED] Tue Dec 20 10:53:12 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 4.50)
id 1EomVx-0005Qg-Iq; Tue, 20 Dec 2005 10:47:09 -0800
From: Clint Adams <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.65 $
Subject: Bug#344134: fixed in cpio 2.6-10
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Tue, 20 Dec 2005 10:47:09 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Source: cpio
Source-Version: 2.6-10
We believe that the bug you reported is fixed in the latest version of
cpio, which is due to be installed in the Debian FTP archive:
cpio_2.6-10.diff.gz
to pool/main/c/cpio/cpio_2.6-10.diff.gz
cpio_2.6-10.dsc
to pool/main/c/cpio/cpio_2.6-10.dsc
cpio_2.6-10_sparc.deb
to pool/main/c/cpio/cpio_2.6-10_sparc.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Clint Adams <[EMAIL PROTECTED]> (supplier of updated cpio package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 20 Dec 2005 12:44:50 -0500
Source: cpio
Binary: cpio
Architecture: source sparc
Version: 2.6-10
Distribution: unstable
Urgency: medium
Maintainer: Clint Adams <[EMAIL PROTECTED]>
Changed-By: Clint Adams <[EMAIL PROTECTED]>
Description:
cpio - GNU cpio -- a program to manage archives of files
Closes: 344134
Changes:
cpio (2.6-10) unstable; urgency=medium
.
* Fix potential buffer overflow on 64-bit architectures.
[CVE-2005-4268]. closes: #344134.
Files:
e616c3fdf09d92a237eb551236978fff 549 utils important cpio_2.6-10.dsc
227b2539e6eccb661cefe4ee07a71f40 408410 utils important cpio_2.6-10.diff.gz
b72e080d7e395d8cefbaf270b991526d 127170 utils important cpio_2.6-10_sparc.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Debian!
iD8DBQFDqE9d5m0u66uWM3ARAispAKCa2zCe4YiY8gHaw5lHMtu2KggC/ACgjZ+J
6MQ4Wu9c1Rk9OqLq3+2ZIlE=
=u+EF
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
