Your message dated Fri, 07 Dec 2007 13:47:24 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#454139: fixed in pwlib-titan 1.11.2-1+lenny1 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message ---Package: pwlib Version: 1.10.2-1 Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for pwlib. CVE-2007-4897[0]: | pwlib, as used by Ekiga 2.0.5 and possibly other products, allows | remote attackers to cause a denial of service (application crash) via | a long argument to the PString::vsprintf function, related to a | "memory management flaw". NOTE: this issue was originally reported as | being in the SIPURL::GetHostAddress function in Ekiga (formerly | GnomeMeeting). If you fix this vulnerability please also include the CVE id in your changelog entry. For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4897 Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.pgp0RaXMqUDan.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---Source: pwlib-titan Source-Version: 1.11.2-1+lenny1 We believe that the bug you reported is fixed in the latest version of pwlib-titan, which is due to be installed in the Debian FTP archive: libpt-1.11.2-dbg_1.11.2-1+lenny1_i386.deb to pool/main/p/pwlib-titan/libpt-1.11.2-dbg_1.11.2-1+lenny1_i386.deb libpt-1.11.2-dev_1.11.2-1+lenny1_i386.deb to pool/main/p/pwlib-titan/libpt-1.11.2-dev_1.11.2-1+lenny1_i386.deb libpt-1.11.2-develop_1.11.2-1+lenny1_i386.deb to pool/main/p/pwlib-titan/libpt-1.11.2-develop_1.11.2-1+lenny1_i386.deb libpt-1.11.2-doc_1.11.2-1+lenny1_all.deb to pool/main/p/pwlib-titan/libpt-1.11.2-doc_1.11.2-1+lenny1_all.deb libpt-1.11.2-plugins-alsa_1.11.2-1+lenny1_i386.deb to pool/main/p/pwlib-titan/libpt-1.11.2-plugins-alsa_1.11.2-1+lenny1_i386.deb libpt-1.11.2-plugins-avc_1.11.2-1+lenny1_i386.deb to pool/main/p/pwlib-titan/libpt-1.11.2-plugins-avc_1.11.2-1+lenny1_i386.deb libpt-1.11.2-plugins-dc_1.11.2-1+lenny1_i386.deb to pool/main/p/pwlib-titan/libpt-1.11.2-plugins-dc_1.11.2-1+lenny1_i386.deb libpt-1.11.2-plugins-oss_1.11.2-1+lenny1_i386.deb to pool/main/p/pwlib-titan/libpt-1.11.2-plugins-oss_1.11.2-1+lenny1_i386.deb libpt-1.11.2-plugins-v4l2_1.11.2-1+lenny1_i386.deb to pool/main/p/pwlib-titan/libpt-1.11.2-plugins-v4l2_1.11.2-1+lenny1_i386.deb libpt-1.11.2-plugins-v4l_1.11.2-1+lenny1_i386.deb to pool/main/p/pwlib-titan/libpt-1.11.2-plugins-v4l_1.11.2-1+lenny1_i386.deb libpt-1.11.2-ptrace_1.11.2-1+lenny1_i386.deb to pool/main/p/pwlib-titan/libpt-1.11.2-ptrace_1.11.2-1+lenny1_i386.deb libpt-1.11.2_1.11.2-1+lenny1_i386.deb to pool/main/p/pwlib-titan/libpt-1.11.2_1.11.2-1+lenny1_i386.deb pwlib-titan_1.11.2-1+lenny1.diff.gz to pool/main/p/pwlib-titan/pwlib-titan_1.11.2-1+lenny1.diff.gz pwlib-titan_1.11.2-1+lenny1.dsc to pool/main/p/pwlib-titan/pwlib-titan_1.11.2-1+lenny1.dsc A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Kilian Krause <[EMAIL PROTECTED]> (supplier of updated pwlib-titan package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Wed, 5 Dec 2007 09:24:52 +0100 Source: pwlib-titan Binary: libpt-1.11.2-develop libpt-1.11.2-plugins-v4l2 libpt-1.11.2-doc libpt-1.11.2 libpt-1.11.2-plugins-v4l libpt-1.11.2-plugins-avc libpt-1.11.2-dbg libpt-1.11.2-plugins-oss libpt-1.11.2-ptrace libpt-1.11.2-plugins-dc libpt-1.11.2-dev libpt-1.11.2-plugins-alsa Architecture: source i386 all Version: 1.11.2-1+lenny1 Distribution: testing-security Urgency: high Maintainer: Debian VoIP Team <[EMAIL PROTECTED]> Changed-By: Kilian Krause <[EMAIL PROTECTED]> Description: libpt-1.11.2 - Portable Windows Library libpt-1.11.2-dbg - Portable Windows Library development debug files libpt-1.11.2-dev - Portable Windows Library development files libpt-1.11.2-develop - Portable Windows Library - binary developer version libpt-1.11.2-doc - Portable Windows Library documentation & sample files libpt-1.11.2-plugins-alsa - Portable Windows Library Audio Plugin for the ALSA Interface libpt-1.11.2-plugins-avc - PWLib Video Plugin for IEEE1394 (FireWire) AVC devices libpt-1.11.2-plugins-dc - PWLib Video Plugin for IEEE1394 (Firewire) DC Devices libpt-1.11.2-plugins-oss - Portable Windows Library Audio Plugins for the OSS Interface libpt-1.11.2-plugins-v4l - Portable Windows Library Video Plugin for Video4Linux libpt-1.11.2-plugins-v4l2 - Portable Windows Library Video Plugin for Video4Linux v2 libpt-1.11.2-ptrace - Portable Windows Library - optimized version with extra ptrace co Closes: 454139 Changes: pwlib-titan (1.11.2-1+lenny1) testing-security; urgency=high . * Fix remote denial of service vulnerability caused by a call to PString::vsprintf if the used object already contained more than 1000 characters (CVE-2007-4897; Closes: #454139). Files: 3ce1b3fef1f62e1928653ee99502a169 1755 libs optional pwlib-titan_1.11.2-1+lenny1.dsc 3941b1ec5573f7fa3f4b818e7a8255a9 2916765 libs optional pwlib-titan_1.11.2.orig.tar.gz c7c8938e5cbfd4e3dc6c4b0e909385b0 26763 libs optional pwlib-titan_1.11.2-1+lenny1.diff.gz 7a11b0c4778d4c1a4abd28431c8f17e5 1480550 libs optional libpt-1.11.2_1.11.2-1+lenny1_i386.deb 47bfe372fe53775770bf1c74b33e004d 5644820 libs optional libpt-1.11.2-ptrace_1.11.2-1+lenny1_i386.deb b26d60a133583ebae986b5b1015379e6 8805676 libs optional libpt-1.11.2-develop_1.11.2-1+lenny1_i386.deb 1038aec99a14d0635067f71cf26dbc80 7924168 libdevel optional libpt-1.11.2-dev_1.11.2-1+lenny1_i386.deb 2d1bd96bd3482e18ec641bf8f0d560d2 4105508 libdevel extra libpt-1.11.2-dbg_1.11.2-1+lenny1_i386.deb 9acfe3d6c2ed68db1d35539c8c8dafce 273594 libs optional libpt-1.11.2-plugins-v4l_1.11.2-1+lenny1_i386.deb 1d082ebfc3219ec51822f2ae50614ff6 274792 libs optional libpt-1.11.2-plugins-v4l2_1.11.2-1+lenny1_i386.deb 1c22c6a77919b403a3d6873eb07fb312 277004 libs optional libpt-1.11.2-plugins-avc_1.11.2-1+lenny1_i386.deb a314d990600cd098f5580cafcc1bb32d 264226 libs optional libpt-1.11.2-plugins-dc_1.11.2-1+lenny1_i386.deb 2a75ac9caeaab6d3da1b457005bf1693 278042 libs optional libpt-1.11.2-plugins-oss_1.11.2-1+lenny1_i386.deb ea1ccb1753e768afd935e5b028b10871 272054 libs optional libpt-1.11.2-plugins-alsa_1.11.2-1+lenny1_i386.deb 6e6a6e3912427590f1c892aa26dbbf9b 3522416 doc extra libpt-1.11.2-doc_1.11.2-1+lenny1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHVsG0vdkzt4X+wX8RAtGlAJ0UofwrKf4SbTSr1WN9qNJfgrO+jwCfasee XU2wxusMWq/hP2sIheczy+4= =QlTF -----END PGP SIGNATURE-----
--- End Message ---