Your message dated Fri, 07 Dec 2007 13:47:06 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#454133: fixed in pwlib 1.10.7~dfsg1-4+lenny1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: pwlib
Version: 1.10.2-1
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for pwlib.
CVE-2007-4897[0]:
| pwlib, as used by Ekiga 2.0.5 and possibly other products, allows
| remote attackers to cause a denial of service (application crash) via
| a long argument to the PString::vsprintf function, related to a
| "memory management flaw". NOTE: this issue was originally reported as
| being in the SIPURL::GetHostAddress function in Ekiga (formerly
| GnomeMeeting).
If you fix this vulnerability please also include the CVE id
in your changelog entry.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4897
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpC0lkC5nJzs.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: pwlib
Source-Version: 1.10.7~dfsg1-4+lenny1
We believe that the bug you reported is fixed in the latest version of
pwlib, which is due to be installed in the Debian FTP archive:
libpt-1.10.0-develop_1.10.7~dfsg1-4+lenny1_i386.deb
to pool/main/p/pwlib/libpt-1.10.0-develop_1.10.7~dfsg1-4+lenny1_i386.deb
libpt-1.10.0-ptrace_1.10.7~dfsg1-4+lenny1_i386.deb
to pool/main/p/pwlib/libpt-1.10.0-ptrace_1.10.7~dfsg1-4+lenny1_i386.deb
libpt-1.10.0_1.10.7~dfsg1-4+lenny1_i386.deb
to pool/main/p/pwlib/libpt-1.10.0_1.10.7~dfsg1-4+lenny1_i386.deb
libpt-dbg_1.10.7~dfsg1-4+lenny1_i386.deb
to pool/main/p/pwlib/libpt-dbg_1.10.7~dfsg1-4+lenny1_i386.deb
libpt-dev_1.10.7~dfsg1-4+lenny1_i386.deb
to pool/main/p/pwlib/libpt-dev_1.10.7~dfsg1-4+lenny1_i386.deb
libpt-doc_1.10.7~dfsg1-4+lenny1_all.deb
to pool/main/p/pwlib/libpt-doc_1.10.7~dfsg1-4+lenny1_all.deb
libpt-plugins-alsa_1.10.7~dfsg1-4+lenny1_i386.deb
to pool/main/p/pwlib/libpt-plugins-alsa_1.10.7~dfsg1-4+lenny1_i386.deb
libpt-plugins-avc_1.10.7~dfsg1-4+lenny1_i386.deb
to pool/main/p/pwlib/libpt-plugins-avc_1.10.7~dfsg1-4+lenny1_i386.deb
libpt-plugins-dc_1.10.7~dfsg1-4+lenny1_i386.deb
to pool/main/p/pwlib/libpt-plugins-dc_1.10.7~dfsg1-4+lenny1_i386.deb
libpt-plugins-oss_1.10.7~dfsg1-4+lenny1_i386.deb
to pool/main/p/pwlib/libpt-plugins-oss_1.10.7~dfsg1-4+lenny1_i386.deb
libpt-plugins-v4l2_1.10.7~dfsg1-4+lenny1_i386.deb
to pool/main/p/pwlib/libpt-plugins-v4l2_1.10.7~dfsg1-4+lenny1_i386.deb
libpt-plugins-v4l_1.10.7~dfsg1-4+lenny1_i386.deb
to pool/main/p/pwlib/libpt-plugins-v4l_1.10.7~dfsg1-4+lenny1_i386.deb
pwlib_1.10.7~dfsg1-4+lenny1.diff.gz
to pool/main/p/pwlib/pwlib_1.10.7~dfsg1-4+lenny1.diff.gz
pwlib_1.10.7~dfsg1-4+lenny1.dsc
to pool/main/p/pwlib/pwlib_1.10.7~dfsg1-4+lenny1.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Kilian Krause <[EMAIL PROTECTED]> (supplier of updated pwlib package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 4 Dec 2007 12:20:23 +0100
Source: pwlib
Binary: libpt-plugins-v4l2 libpt-plugins-oss libpt-plugins-alsa libpt-1.10.0
libpt-plugins-dc libpt-dev libpt-plugins-avc libpt-plugins-v4l
libpt-1.10.0-develop libpt-doc libpt-dbg libpt-1.10.0-ptrace
Architecture: source i386 all
Version: 1.10.7~dfsg1-4+lenny1
Distribution: testing-security
Urgency: high
Maintainer: Debian VoIP Team <[EMAIL PROTECTED]>
Changed-By: Kilian Krause <[EMAIL PROTECTED]>
Description:
libpt-1.10.0 - Portable Windows Library
libpt-1.10.0-develop - Portable Windows Library - binary developer version
libpt-1.10.0-ptrace - Portable Windows Library - optimized version with extra
ptrace co
libpt-dbg - Portable Windows Library development debug files
libpt-dev - Portable Windows Library development files
libpt-doc - Portable Windows Library documentation & sample files
libpt-plugins-alsa - Portable Windows Library Audio Plugin for the ALSA
Interface
libpt-plugins-avc - PWLib Video Plugin for IEEE1394 (FireWire) AVC devices
libpt-plugins-dc - PWLib Video Plugin for IEEE1394 (Firewire) DC Devices
libpt-plugins-oss - Portable Windows Library Audio Plugins for the OSS
Interface
libpt-plugins-v4l - Portable Windows Library Video Plugin for Video4Linux
libpt-plugins-v4l2 - Portable Windows Library Video Plugin for Video4Linux v2
Closes: 454133
Changes:
pwlib (1.10.7~dfsg1-4+lenny1) testing-security; urgency=high
.
* Fix remote denial of service vulnerability caused
by a call to PString::vsprintf if the used object already
contained more than 1000 characters (CVE-2007-4897; Closes: #454133).
Files:
9b132a18026aec2b4c2b2d4bcf415a04 1539 libs optional
pwlib_1.10.7~dfsg1-4+lenny1.dsc
3c9ef48f8a7005436a2e24eb55331e12 2209344 libs optional
pwlib_1.10.7~dfsg1.orig.tar.gz
012b780e7fcfeb9c6288de0025594b8d 26207 libs optional
pwlib_1.10.7~dfsg1-4+lenny1.diff.gz
7170e5ea8a4bbcdca29d9c93506f6edb 1426992 libs optional
libpt-1.10.0_1.10.7~dfsg1-4+lenny1_i386.deb
52e562ac7cd37b9f6a101d5206072c00 5420968 libs optional
libpt-1.10.0-ptrace_1.10.7~dfsg1-4+lenny1_i386.deb
ac5ddbf7f5df1426b9bc540b4251dadf 4983900 libs optional
libpt-1.10.0-develop_1.10.7~dfsg1-4+lenny1_i386.deb
09f0aef02869f083b5fa0e89705b3b01 7096306 libdevel optional
libpt-dev_1.10.7~dfsg1-4+lenny1_i386.deb
cfcdc587e428ab4ab9d27fa7fdb6f873 3927266 libdevel extra
libpt-dbg_1.10.7~dfsg1-4+lenny1_i386.deb
a41ce186d7869c37ac19dadba78bbcd4 264186 libs optional
libpt-plugins-v4l_1.10.7~dfsg1-4+lenny1_i386.deb
1edc299601587abbb04e49a727681211 264748 libs optional
libpt-plugins-v4l2_1.10.7~dfsg1-4+lenny1_i386.deb
2d43cd9e5ce4afefc4a50425767d9cc5 266946 libs optional
libpt-plugins-avc_1.10.7~dfsg1-4+lenny1_i386.deb
5754894ad2bb35980a33340d2c3a3b18 254110 libs optional
libpt-plugins-dc_1.10.7~dfsg1-4+lenny1_i386.deb
d40635c9d59f9bf89648ab8ebfd4cecf 267936 libs optional
libpt-plugins-oss_1.10.7~dfsg1-4+lenny1_i386.deb
af6907516e341e8650d057651ee5b5c6 262082 libs optional
libpt-plugins-alsa_1.10.7~dfsg1-4+lenny1_i386.deb
126b8d2cfa4769d2ea1319203b3db135 3356902 doc extra
libpt-doc_1.10.7~dfsg1-4+lenny1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHVq0Xvdkzt4X+wX8RAri6AJ9IE0PGLqJyKrhiRKFB+yuoeqayFQCeJBYC
NLqh/TmqcArVeWgjZdkuxis=
=H3cH
-----END PGP SIGNATURE-----
--- End Message ---
