Your message dated Sat, 1 Oct 2016 18:01:58 -0400
with message-id
<cang8-dddl4kegxkf5biw7gkq3cfmx3ocr9wbnm6zfh_oxym...@mail.gmail.com>
and subject line Security bug is not-for-us
has caused the Debian Bug report #773624,
regarding cgminer: CVE-2014-6251
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
773624: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773624
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: cgminer
Severity: important
Tags: security
Hi,
the following vulnerability was published for cgminer.
CVE-2014-6251[0]:
| Stack-based buffer overflow in CPUMiner before 2.4.1 allows remote
| attackers to have an unspecified impact by sending a mining.subscribe
| response with a large nonce2 length, then triggering the overflow with
| a mining.notify request.
Details are sparse, and note that the report is about cpuminer rather
than cgminer, but since the two share a lot of code, I couldn't easily
rule out cgminer being affected, so some research needs to be done.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2014-6251
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Thanks - it's been updated as "not-for-us" at:
https://security-tracker.debian.org/tracker/CVE-2014-6251
--- End Message ---