Your message dated Wed, 02 Apr 2008 05:47:04 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#454133: fixed in pwlib 1.10.10-2
has caused the Debian Bug report #454133,
regarding pwlib: CVE-2007-4897 remote denial of service
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
454133: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454133
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: pwlib
Version: 1.10.2-1
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for pwlib.
CVE-2007-4897[0]:
| pwlib, as used by Ekiga 2.0.5 and possibly other products, allows
| remote attackers to cause a denial of service (application crash) via
| a long argument to the PString::vsprintf function, related to a
| "memory management flaw". NOTE: this issue was originally reported as
| being in the SIPURL::GetHostAddress function in Ekiga (formerly
| GnomeMeeting).
If you fix this vulnerability please also include the CVE id
in your changelog entry.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4897
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpEJx2p9AXrX.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: pwlib
Source-Version: 1.10.10-2
We believe that the bug you reported is fixed in the latest version of
pwlib, which is due to be installed in the Debian FTP archive:
libpt-1.10.10-dbg_1.10.10-2_i386.deb
to pool/main/p/pwlib/libpt-1.10.10-dbg_1.10.10-2_i386.deb
libpt-1.10.10-plugins-alsa_1.10.10-2_i386.deb
to pool/main/p/pwlib/libpt-1.10.10-plugins-alsa_1.10.10-2_i386.deb
libpt-1.10.10-plugins-avc_1.10.10-2_i386.deb
to pool/main/p/pwlib/libpt-1.10.10-plugins-avc_1.10.10-2_i386.deb
libpt-1.10.10-plugins-dc_1.10.10-2_i386.deb
to pool/main/p/pwlib/libpt-1.10.10-plugins-dc_1.10.10-2_i386.deb
libpt-1.10.10-plugins-oss_1.10.10-2_i386.deb
to pool/main/p/pwlib/libpt-1.10.10-plugins-oss_1.10.10-2_i386.deb
libpt-1.10.10-plugins-v4l2_1.10.10-2_i386.deb
to pool/main/p/pwlib/libpt-1.10.10-plugins-v4l2_1.10.10-2_i386.deb
libpt-1.10.10-plugins-v4l_1.10.10-2_i386.deb
to pool/main/p/pwlib/libpt-1.10.10-plugins-v4l_1.10.10-2_i386.deb
libpt-1.10.10_1.10.10-2_i386.deb
to pool/main/p/pwlib/libpt-1.10.10_1.10.10-2_i386.deb
libpt-dev_1.10.10-2_i386.deb
to pool/main/p/pwlib/libpt-dev_1.10.10-2_i386.deb
libpt-doc_1.10.10-2_all.deb
to pool/main/p/pwlib/libpt-doc_1.10.10-2_all.deb
pwlib_1.10.10-2.diff.gz
to pool/main/p/pwlib/pwlib_1.10.10-2.diff.gz
pwlib_1.10.10-2.dsc
to pool/main/p/pwlib/pwlib_1.10.10-2.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Faidon Liambotis <[EMAIL PROTECTED]> (supplier of updated pwlib package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 02 Apr 2008 07:14:27 +0300
Source: pwlib
Binary: libpt-1.10.10 libpt-dev libpt-1.10.10-dbg libpt-doc
libpt-1.10.10-plugins-v4l libpt-1.10.10-plugins-v4l2 libpt-1.10.10-plugins-avc
libpt-1.10.10-plugins-dc libpt-1.10.10-plugins-oss libpt-1.10.10-plugins-alsa
Architecture: source i386 all
Version: 1.10.10-2
Distribution: unstable
Urgency: low
Maintainer: Debian VoIP Team <[EMAIL PROTECTED]>
Changed-By: Faidon Liambotis <[EMAIL PROTECTED]>
Description:
libpt-1.10.10 - Portable Windows Library
libpt-1.10.10-dbg - Portable Windows Library development debug files
libpt-1.10.10-plugins-alsa - Portable Windows Library Audio Plugin for the
ALSA Interface
libpt-1.10.10-plugins-avc - PWLib Video Plugin for IEEE1394 (FireWire) AVC
devices
libpt-1.10.10-plugins-dc - PWLib Video Plugin for IEEE1394 (Firewire) DC
Devices
libpt-1.10.10-plugins-oss - Portable Windows Library Audio Plugins for the OSS
Interface
libpt-1.10.10-plugins-v4l - Portable Windows Library Video Plugin for
Video4Linux
libpt-1.10.10-plugins-v4l2 - Portable Windows Library Video Plugin for
Video4Linux v2
libpt-dev - Portable Windows Library development files
libpt-doc - Portable Windows Library documentation & sample files
Closes: 453139 453539 453694 454133
Changes:
pwlib (1.10.10-2) unstable; urgency=low
.
[ Kilian Krause ]
* Add Replaces/Conflicts/Provides for old versions of plugins packages.
* Add lintian overrides to document this is a transitional stage until
plugins are sorted into namespaces that provide for having *one* -dbg
package again.
* Fix debian/watch to use sf.net instead of voxgratia.org
(Closes: #453539, #453139)
* Remove compat symlinks in libpt-dev that are not used anyway.
(Closes: #453694)
* Remove entire -ptrace and -debug build and leave only opt build with
PTRACE code as new binary library. Discussion with Robert Jongbloed proved
that there's no point shipping any other configuration.
* Revert part of 04_names patch to not include OBJDIR_SUFFIX to plugins dir
anymore.
.
[ Faidon Liambotis ]
* Incorporate NMU by Nico Golde, thanks! (Closes: #454133)
* Fix bug where shlibs were very strict on binNMUed versions.
* Bump Standards-Version to 3.7.3, no changes needed.
* Remove doxygen from Build-Depends-Indep since it's present in
Build-Depends.
* Remove debian/backports/{sarge,dapper} since they are obsolete
distributions.
* Remove Jose Carlos Garcia Sogo and Santiago Garcia Mantinan from
Uploaders and add myself.
* Add all copyright holders to debian/copyright.
* Fix syntax error in the ptlib-config.1 manpage.
Files:
0123d358b768185c66bf4886eaf68352 1628 libs optional pwlib_1.10.10-2.dsc
6e8a8a2e9050dfa136745f62617caf6c 25532 libs optional pwlib_1.10.10-2.diff.gz
6efbf1a65f874ecb771353e7b987032c 1455824 libs optional
libpt-1.10.10_1.10.10-2_i386.deb
d274094ecaeeb4f017b0aab4d98651c7 3039510 libdevel optional
libpt-dev_1.10.10-2_i386.deb
a24cfb3ac9a3f3b0ccd3b4dba1b745ad 3959138 libdevel extra
libpt-1.10.10-dbg_1.10.10-2_i386.deb
3b6d01d2df3ce4eb91e70c3547270d1e 275064 libs optional
libpt-1.10.10-plugins-v4l_1.10.10-2_i386.deb
d5946cec65e4d0e449c47b6415bdb8e6 276914 libs optional
libpt-1.10.10-plugins-v4l2_1.10.10-2_i386.deb
5d45e53bc90d1343957d108bc9af6df4 275874 libs optional
libpt-1.10.10-plugins-avc_1.10.10-2_i386.deb
5ccf52a1e201bae39e272ede64d059c2 263832 libs optional
libpt-1.10.10-plugins-dc_1.10.10-2_i386.deb
2b73ffb2f1907d8f15145986f343de83 277412 libs optional
libpt-1.10.10-plugins-oss_1.10.10-2_i386.deb
9d22e03c6772aabc2bd5e3cf8c6e8da3 271606 libs optional
libpt-1.10.10-plugins-alsa_1.10.10-2_i386.deb
ea25bd3761cd2090c2a55f02a0603dbf 3393106 doc extra libpt-doc_1.10.10-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFH8xwTVty5d8XpUzMRAoClAKCBJveh57+1ZCqsPH9f2L4XYBsddgCfQo6k
R3eGQVNFFBffARARWtUBWrk=
=dKNE
-----END PGP SIGNATURE-----
--- End Message ---
