Your message dated Fri, 07 Dec 2007 13:47:06 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#454133: fixed in pwlib 1.10.7~dfsg1-4+lenny1 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message ---Package: pwlib Version: 1.10.2-1 Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for pwlib. CVE-2007-4897[0]: | pwlib, as used by Ekiga 2.0.5 and possibly other products, allows | remote attackers to cause a denial of service (application crash) via | a long argument to the PString::vsprintf function, related to a | "memory management flaw". NOTE: this issue was originally reported as | being in the SIPURL::GetHostAddress function in Ekiga (formerly | GnomeMeeting). If you fix this vulnerability please also include the CVE id in your changelog entry. For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4897 Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.pgpC0lkC5nJzs.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---Source: pwlib Source-Version: 1.10.7~dfsg1-4+lenny1 We believe that the bug you reported is fixed in the latest version of pwlib, which is due to be installed in the Debian FTP archive: libpt-1.10.0-develop_1.10.7~dfsg1-4+lenny1_i386.deb to pool/main/p/pwlib/libpt-1.10.0-develop_1.10.7~dfsg1-4+lenny1_i386.deb libpt-1.10.0-ptrace_1.10.7~dfsg1-4+lenny1_i386.deb to pool/main/p/pwlib/libpt-1.10.0-ptrace_1.10.7~dfsg1-4+lenny1_i386.deb libpt-1.10.0_1.10.7~dfsg1-4+lenny1_i386.deb to pool/main/p/pwlib/libpt-1.10.0_1.10.7~dfsg1-4+lenny1_i386.deb libpt-dbg_1.10.7~dfsg1-4+lenny1_i386.deb to pool/main/p/pwlib/libpt-dbg_1.10.7~dfsg1-4+lenny1_i386.deb libpt-dev_1.10.7~dfsg1-4+lenny1_i386.deb to pool/main/p/pwlib/libpt-dev_1.10.7~dfsg1-4+lenny1_i386.deb libpt-doc_1.10.7~dfsg1-4+lenny1_all.deb to pool/main/p/pwlib/libpt-doc_1.10.7~dfsg1-4+lenny1_all.deb libpt-plugins-alsa_1.10.7~dfsg1-4+lenny1_i386.deb to pool/main/p/pwlib/libpt-plugins-alsa_1.10.7~dfsg1-4+lenny1_i386.deb libpt-plugins-avc_1.10.7~dfsg1-4+lenny1_i386.deb to pool/main/p/pwlib/libpt-plugins-avc_1.10.7~dfsg1-4+lenny1_i386.deb libpt-plugins-dc_1.10.7~dfsg1-4+lenny1_i386.deb to pool/main/p/pwlib/libpt-plugins-dc_1.10.7~dfsg1-4+lenny1_i386.deb libpt-plugins-oss_1.10.7~dfsg1-4+lenny1_i386.deb to pool/main/p/pwlib/libpt-plugins-oss_1.10.7~dfsg1-4+lenny1_i386.deb libpt-plugins-v4l2_1.10.7~dfsg1-4+lenny1_i386.deb to pool/main/p/pwlib/libpt-plugins-v4l2_1.10.7~dfsg1-4+lenny1_i386.deb libpt-plugins-v4l_1.10.7~dfsg1-4+lenny1_i386.deb to pool/main/p/pwlib/libpt-plugins-v4l_1.10.7~dfsg1-4+lenny1_i386.deb pwlib_1.10.7~dfsg1-4+lenny1.diff.gz to pool/main/p/pwlib/pwlib_1.10.7~dfsg1-4+lenny1.diff.gz pwlib_1.10.7~dfsg1-4+lenny1.dsc to pool/main/p/pwlib/pwlib_1.10.7~dfsg1-4+lenny1.dsc A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Kilian Krause <[EMAIL PROTECTED]> (supplier of updated pwlib package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Tue, 4 Dec 2007 12:20:23 +0100 Source: pwlib Binary: libpt-plugins-v4l2 libpt-plugins-oss libpt-plugins-alsa libpt-1.10.0 libpt-plugins-dc libpt-dev libpt-plugins-avc libpt-plugins-v4l libpt-1.10.0-develop libpt-doc libpt-dbg libpt-1.10.0-ptrace Architecture: source i386 all Version: 1.10.7~dfsg1-4+lenny1 Distribution: testing-security Urgency: high Maintainer: Debian VoIP Team <[EMAIL PROTECTED]> Changed-By: Kilian Krause <[EMAIL PROTECTED]> Description: libpt-1.10.0 - Portable Windows Library libpt-1.10.0-develop - Portable Windows Library - binary developer version libpt-1.10.0-ptrace - Portable Windows Library - optimized version with extra ptrace co libpt-dbg - Portable Windows Library development debug files libpt-dev - Portable Windows Library development files libpt-doc - Portable Windows Library documentation & sample files libpt-plugins-alsa - Portable Windows Library Audio Plugin for the ALSA Interface libpt-plugins-avc - PWLib Video Plugin for IEEE1394 (FireWire) AVC devices libpt-plugins-dc - PWLib Video Plugin for IEEE1394 (Firewire) DC Devices libpt-plugins-oss - Portable Windows Library Audio Plugins for the OSS Interface libpt-plugins-v4l - Portable Windows Library Video Plugin for Video4Linux libpt-plugins-v4l2 - Portable Windows Library Video Plugin for Video4Linux v2 Closes: 454133 Changes: pwlib (1.10.7~dfsg1-4+lenny1) testing-security; urgency=high . * Fix remote denial of service vulnerability caused by a call to PString::vsprintf if the used object already contained more than 1000 characters (CVE-2007-4897; Closes: #454133). Files: 9b132a18026aec2b4c2b2d4bcf415a04 1539 libs optional pwlib_1.10.7~dfsg1-4+lenny1.dsc 3c9ef48f8a7005436a2e24eb55331e12 2209344 libs optional pwlib_1.10.7~dfsg1.orig.tar.gz 012b780e7fcfeb9c6288de0025594b8d 26207 libs optional pwlib_1.10.7~dfsg1-4+lenny1.diff.gz 7170e5ea8a4bbcdca29d9c93506f6edb 1426992 libs optional libpt-1.10.0_1.10.7~dfsg1-4+lenny1_i386.deb 52e562ac7cd37b9f6a101d5206072c00 5420968 libs optional libpt-1.10.0-ptrace_1.10.7~dfsg1-4+lenny1_i386.deb ac5ddbf7f5df1426b9bc540b4251dadf 4983900 libs optional libpt-1.10.0-develop_1.10.7~dfsg1-4+lenny1_i386.deb 09f0aef02869f083b5fa0e89705b3b01 7096306 libdevel optional libpt-dev_1.10.7~dfsg1-4+lenny1_i386.deb cfcdc587e428ab4ab9d27fa7fdb6f873 3927266 libdevel extra libpt-dbg_1.10.7~dfsg1-4+lenny1_i386.deb a41ce186d7869c37ac19dadba78bbcd4 264186 libs optional libpt-plugins-v4l_1.10.7~dfsg1-4+lenny1_i386.deb 1edc299601587abbb04e49a727681211 264748 libs optional libpt-plugins-v4l2_1.10.7~dfsg1-4+lenny1_i386.deb 2d43cd9e5ce4afefc4a50425767d9cc5 266946 libs optional libpt-plugins-avc_1.10.7~dfsg1-4+lenny1_i386.deb 5754894ad2bb35980a33340d2c3a3b18 254110 libs optional libpt-plugins-dc_1.10.7~dfsg1-4+lenny1_i386.deb d40635c9d59f9bf89648ab8ebfd4cecf 267936 libs optional libpt-plugins-oss_1.10.7~dfsg1-4+lenny1_i386.deb af6907516e341e8650d057651ee5b5c6 262082 libs optional libpt-plugins-alsa_1.10.7~dfsg1-4+lenny1_i386.deb 126b8d2cfa4769d2ea1319203b3db135 3356902 doc extra libpt-doc_1.10.7~dfsg1-4+lenny1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHVq0Xvdkzt4X+wX8RAri6AJ9IE0PGLqJyKrhiRKFB+yuoeqayFQCeJBYC NLqh/TmqcArVeWgjZdkuxis= =H3cH -----END PGP SIGNATURE-----
--- End Message ---