Your message dated Mon, 28 Jul 2008 17:32:17 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#492742: fixed in newsx 1.6-3
has caused the Debian Bug report #492742,
regarding CVE-2008-3252: buffer overflow
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
492742: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492742
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: newsx
Severity: grave
Tags: security, patch
Justification: user security hole
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for newsx.
CVE-2008-3252[0]:
| Stack-based buffer overflow in the read_article function in
| getarticle.c in newsx 1.6 allows remote attackers to execute arbitrary
| code via a news article containing a large number of lines starting
| with a period.
There is a redhat bugreport[1] with more information and I've attached their
patch.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3252
http://security-tracker.debian.net/tracker/CVE-2008-3252
[1] https://bugzilla.redhat.com/show_bug.cgi?id=454483
diff -up newsx-1.6/src/getarticle.c.stack newsx-1.6/src/getarticle.c
--- newsx-1.6/src/getarticle.c.stack 2003-01-21 10:47:25.000000000 +0100
+++ newsx-1.6/src/getarticle.c 2008-07-12 23:02:35.000000000 +0200
@@ -143,12 +143,12 @@ read_article(long where,char *group)
long len;
long bytecount = 0L; /* BUG: */
- line=linebuf;
- line[MAX_HEADER_SIZE] = '\0'; /* better safe than sorry */
+ linebuf[MAX_HEADER_SIZE] = '\0'; /* better safe than sorry */
path_line[0] = '\0';
/* fetch the article, header and body */
for (;;) {
+ line=linebuf;
if (!get_server_msg(line, MAX_HEADER_SIZE)) {
/* timeout: simply give up */
return 0;
--- End Message ---
--- Begin Message ---
Source: newsx
Source-Version: 1.6-3
We believe that the bug you reported is fixed in the latest version of
newsx, which is due to be installed in the Debian FTP archive:
newsx_1.6-3.diff.gz
to pool/main/n/newsx/newsx_1.6-3.diff.gz
newsx_1.6-3.dsc
to pool/main/n/newsx/newsx_1.6-3.dsc
newsx_1.6-3_i386.deb
to pool/main/n/newsx/newsx_1.6-3_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Metzler <[EMAIL PROTECTED]> (supplier of updated newsx package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 28 Jul 2008 18:55:36 +0200
Source: newsx
Binary: newsx
Architecture: source i386
Version: 1.6-3
Distribution: unstable
Urgency: high
Maintainer: Andreas Metzler <[EMAIL PROTECTED]>
Changed-By: Andreas Metzler <[EMAIL PROTECTED]>
Description:
newsx - An NNTP client for posting and fetching news
Closes: 492742
Changes:
newsx (1.6-3) unstable; urgency=high
.
* Fix CVE-2008-3252 buffer overflow (Closes: #492742) using the (one-line)
patch from RedHat BZ#454483.
* Acknowledge NMU, Thank you, Chris.
Checksums-Sha1:
31afbef9c506cd1621c2d73b3a01b5cb4c2213c2 991 newsx_1.6-3.dsc
fe0fdc70f77898298bc752820c9cb6765857d4b2 105818 newsx_1.6-3.diff.gz
7b44f0093e8294d13b2c55620d65878103e67a06 149238 newsx_1.6-3_i386.deb
Checksums-Sha256:
160de0d7138229205a5c0ef99267eabedb7ad391645e6697b8b71c5c670c6835 991
newsx_1.6-3.dsc
35adbf99c4616d288641d9a24e94acc32389ac89e930ce0fc97bc922ce7c30e3 105818
newsx_1.6-3.diff.gz
c1b7ba2fe5d9977f29763b98c668cb6332240cc4caba91d9a78247750b0ada62 149238
newsx_1.6-3_i386.deb
Files:
df1dcdc8fba9eb02edb304b1fb257dea 991 news extra newsx_1.6-3.dsc
0d6afc8f148a6d352a1d2da3cc45f244 105818 news extra newsx_1.6-3.diff.gz
c7e25fd7a769f1e21f1b7afdcf812a76 149238 news extra newsx_1.6-3_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFIjf9yHTOcZYuNdmMRApVOAJ96zQ5l+lRelif6DEfqIuRrzOremwCfd+W5
nYXvSR2QBd9y+1YLeQ4hr1s=
=toWv
-----END PGP SIGNATURE-----
--- End Message ---
