Your message dated Fri, 07 Dec 2007 13:47:24 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#454139: fixed in pwlib-titan 1.11.2-1+lenny1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: pwlib
Version: 1.10.2-1
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for pwlib.
CVE-2007-4897[0]:
| pwlib, as used by Ekiga 2.0.5 and possibly other products, allows
| remote attackers to cause a denial of service (application crash) via
| a long argument to the PString::vsprintf function, related to a
| "memory management flaw". NOTE: this issue was originally reported as
| being in the SIPURL::GetHostAddress function in Ekiga (formerly
| GnomeMeeting).
If you fix this vulnerability please also include the CVE id
in your changelog entry.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4897
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgp0RaXMqUDan.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: pwlib-titan
Source-Version: 1.11.2-1+lenny1
We believe that the bug you reported is fixed in the latest version of
pwlib-titan, which is due to be installed in the Debian FTP archive:
libpt-1.11.2-dbg_1.11.2-1+lenny1_i386.deb
to pool/main/p/pwlib-titan/libpt-1.11.2-dbg_1.11.2-1+lenny1_i386.deb
libpt-1.11.2-dev_1.11.2-1+lenny1_i386.deb
to pool/main/p/pwlib-titan/libpt-1.11.2-dev_1.11.2-1+lenny1_i386.deb
libpt-1.11.2-develop_1.11.2-1+lenny1_i386.deb
to pool/main/p/pwlib-titan/libpt-1.11.2-develop_1.11.2-1+lenny1_i386.deb
libpt-1.11.2-doc_1.11.2-1+lenny1_all.deb
to pool/main/p/pwlib-titan/libpt-1.11.2-doc_1.11.2-1+lenny1_all.deb
libpt-1.11.2-plugins-alsa_1.11.2-1+lenny1_i386.deb
to pool/main/p/pwlib-titan/libpt-1.11.2-plugins-alsa_1.11.2-1+lenny1_i386.deb
libpt-1.11.2-plugins-avc_1.11.2-1+lenny1_i386.deb
to pool/main/p/pwlib-titan/libpt-1.11.2-plugins-avc_1.11.2-1+lenny1_i386.deb
libpt-1.11.2-plugins-dc_1.11.2-1+lenny1_i386.deb
to pool/main/p/pwlib-titan/libpt-1.11.2-plugins-dc_1.11.2-1+lenny1_i386.deb
libpt-1.11.2-plugins-oss_1.11.2-1+lenny1_i386.deb
to pool/main/p/pwlib-titan/libpt-1.11.2-plugins-oss_1.11.2-1+lenny1_i386.deb
libpt-1.11.2-plugins-v4l2_1.11.2-1+lenny1_i386.deb
to pool/main/p/pwlib-titan/libpt-1.11.2-plugins-v4l2_1.11.2-1+lenny1_i386.deb
libpt-1.11.2-plugins-v4l_1.11.2-1+lenny1_i386.deb
to pool/main/p/pwlib-titan/libpt-1.11.2-plugins-v4l_1.11.2-1+lenny1_i386.deb
libpt-1.11.2-ptrace_1.11.2-1+lenny1_i386.deb
to pool/main/p/pwlib-titan/libpt-1.11.2-ptrace_1.11.2-1+lenny1_i386.deb
libpt-1.11.2_1.11.2-1+lenny1_i386.deb
to pool/main/p/pwlib-titan/libpt-1.11.2_1.11.2-1+lenny1_i386.deb
pwlib-titan_1.11.2-1+lenny1.diff.gz
to pool/main/p/pwlib-titan/pwlib-titan_1.11.2-1+lenny1.diff.gz
pwlib-titan_1.11.2-1+lenny1.dsc
to pool/main/p/pwlib-titan/pwlib-titan_1.11.2-1+lenny1.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Kilian Krause <[EMAIL PROTECTED]> (supplier of updated pwlib-titan package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 5 Dec 2007 09:24:52 +0100
Source: pwlib-titan
Binary: libpt-1.11.2-develop libpt-1.11.2-plugins-v4l2 libpt-1.11.2-doc
libpt-1.11.2 libpt-1.11.2-plugins-v4l libpt-1.11.2-plugins-avc libpt-1.11.2-dbg
libpt-1.11.2-plugins-oss libpt-1.11.2-ptrace libpt-1.11.2-plugins-dc
libpt-1.11.2-dev libpt-1.11.2-plugins-alsa
Architecture: source i386 all
Version: 1.11.2-1+lenny1
Distribution: testing-security
Urgency: high
Maintainer: Debian VoIP Team <[EMAIL PROTECTED]>
Changed-By: Kilian Krause <[EMAIL PROTECTED]>
Description:
libpt-1.11.2 - Portable Windows Library
libpt-1.11.2-dbg - Portable Windows Library development debug files
libpt-1.11.2-dev - Portable Windows Library development files
libpt-1.11.2-develop - Portable Windows Library - binary developer version
libpt-1.11.2-doc - Portable Windows Library documentation & sample files
libpt-1.11.2-plugins-alsa - Portable Windows Library Audio Plugin for the ALSA
Interface
libpt-1.11.2-plugins-avc - PWLib Video Plugin for IEEE1394 (FireWire) AVC
devices
libpt-1.11.2-plugins-dc - PWLib Video Plugin for IEEE1394 (Firewire) DC Devices
libpt-1.11.2-plugins-oss - Portable Windows Library Audio Plugins for the OSS
Interface
libpt-1.11.2-plugins-v4l - Portable Windows Library Video Plugin for
Video4Linux
libpt-1.11.2-plugins-v4l2 - Portable Windows Library Video Plugin for
Video4Linux v2
libpt-1.11.2-ptrace - Portable Windows Library - optimized version with extra
ptrace co
Closes: 454139
Changes:
pwlib-titan (1.11.2-1+lenny1) testing-security; urgency=high
.
* Fix remote denial of service vulnerability caused
by a call to PString::vsprintf if the used object already
contained more than 1000 characters (CVE-2007-4897; Closes: #454139).
Files:
3ce1b3fef1f62e1928653ee99502a169 1755 libs optional
pwlib-titan_1.11.2-1+lenny1.dsc
3941b1ec5573f7fa3f4b818e7a8255a9 2916765 libs optional
pwlib-titan_1.11.2.orig.tar.gz
c7c8938e5cbfd4e3dc6c4b0e909385b0 26763 libs optional
pwlib-titan_1.11.2-1+lenny1.diff.gz
7a11b0c4778d4c1a4abd28431c8f17e5 1480550 libs optional
libpt-1.11.2_1.11.2-1+lenny1_i386.deb
47bfe372fe53775770bf1c74b33e004d 5644820 libs optional
libpt-1.11.2-ptrace_1.11.2-1+lenny1_i386.deb
b26d60a133583ebae986b5b1015379e6 8805676 libs optional
libpt-1.11.2-develop_1.11.2-1+lenny1_i386.deb
1038aec99a14d0635067f71cf26dbc80 7924168 libdevel optional
libpt-1.11.2-dev_1.11.2-1+lenny1_i386.deb
2d1bd96bd3482e18ec641bf8f0d560d2 4105508 libdevel extra
libpt-1.11.2-dbg_1.11.2-1+lenny1_i386.deb
9acfe3d6c2ed68db1d35539c8c8dafce 273594 libs optional
libpt-1.11.2-plugins-v4l_1.11.2-1+lenny1_i386.deb
1d082ebfc3219ec51822f2ae50614ff6 274792 libs optional
libpt-1.11.2-plugins-v4l2_1.11.2-1+lenny1_i386.deb
1c22c6a77919b403a3d6873eb07fb312 277004 libs optional
libpt-1.11.2-plugins-avc_1.11.2-1+lenny1_i386.deb
a314d990600cd098f5580cafcc1bb32d 264226 libs optional
libpt-1.11.2-plugins-dc_1.11.2-1+lenny1_i386.deb
2a75ac9caeaab6d3da1b457005bf1693 278042 libs optional
libpt-1.11.2-plugins-oss_1.11.2-1+lenny1_i386.deb
ea1ccb1753e768afd935e5b028b10871 272054 libs optional
libpt-1.11.2-plugins-alsa_1.11.2-1+lenny1_i386.deb
6e6a6e3912427590f1c892aa26dbbf9b 3522416 doc extra
libpt-1.11.2-doc_1.11.2-1+lenny1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHVsG0vdkzt4X+wX8RAtGlAJ0UofwrKf4SbTSr1WN9qNJfgrO+jwCfasee
XU2wxusMWq/hP2sIheczy+4=
=QlTF
-----END PGP SIGNATURE-----
--- End Message ---
