Your message dated Mon, 03 Nov 2008 19:52:28 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#501443: fixed in dbus 1.0.2-1+etch2
has caused the Debian Bug report #501443,
regarding dbus: CVE-2008-3834, possible DoS
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
501443: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501443
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: dbus
Version: 1.2.1-3
Severity: important
Tags: security, patch
Hi
There is a potential DoS in dbus. Please see the upstream bug for
more explanations[0]. The patch is attached[1] to the bug and there is
also a Red Hat bug[2] about it. I am still unsure about the severity
and want to figure out, how common the vulnerability would be, but
I wanted to let you know, so you can work on updated packages for
sid and lenny already.
Please mention the CVE id in your changelog, when you fix this issue.
Cheers
Steffen
[0]: https://bugs.freedesktop.org/show_bug.cgi?id=17803
[1]: https://bugs.freedesktop.org/attachment.cgi?id=19288
[2]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4434
--- End Message ---
--- Begin Message ---
Source: dbus
Source-Version: 1.0.2-1+etch2
We believe that the bug you reported is fixed in the latest version of
dbus, which is due to be installed in the Debian FTP archive:
dbus-1-doc_1.0.2-1+etch2_all.deb
to pool/main/d/dbus/dbus-1-doc_1.0.2-1+etch2_all.deb
dbus-1-utils_1.0.2-1+etch2_i386.deb
to pool/main/d/dbus/dbus-1-utils_1.0.2-1+etch2_i386.deb
dbus_1.0.2-1+etch2.diff.gz
to pool/main/d/dbus/dbus_1.0.2-1+etch2.diff.gz
dbus_1.0.2-1+etch2.dsc
to pool/main/d/dbus/dbus_1.0.2-1+etch2.dsc
dbus_1.0.2-1+etch2_i386.deb
to pool/main/d/dbus/dbus_1.0.2-1+etch2_i386.deb
libdbus-1-3_1.0.2-1+etch2_i386.deb
to pool/main/d/dbus/libdbus-1-3_1.0.2-1+etch2_i386.deb
libdbus-1-dev_1.0.2-1+etch2_i386.deb
to pool/main/d/dbus/libdbus-1-dev_1.0.2-1+etch2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steffen Joeris <[EMAIL PROTECTED]> (supplier of updated dbus package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 21 Oct 2008 10:25:43 +0000
Source: dbus
Binary: dbus-1-doc libdbus-1-dev libdbus-1-3 dbus dbus-1-utils
Architecture: source all i386
Version: 1.0.2-1+etch2
Distribution: stable-security
Urgency: high
Maintainer: Utopia Maintenance Team <[EMAIL PROTECTED]>
Changed-By: Steffen Joeris <[EMAIL PROTECTED]>
Description:
dbus - simple interprocess messaging system
dbus-1-doc - simple interprocess messaging system (documentation)
dbus-1-utils - simple interprocess messaging system (utilities)
libdbus-1-3 - simple interprocess messaging system
libdbus-1-dev - simple interprocess messaging system (development headers)
Closes: 501443
Changes:
dbus (1.0.2-1+etch2) stable-security; urgency=high
.
* Non-maintainer upload by the security team
* The dbus_signature_validate function does not validate properly,
which could be used to perform a DoS (Closes: #501443)
Fixes: CVE-2008-3834
Files:
476bb3df500c50f67b4088317482e0ef 824 devel optional dbus_1.0.2-1+etch2.dsc
27df2fd0bc5cb93069d6c10d89e0214a 19909 devel optional
dbus_1.0.2-1+etch2.diff.gz
68e4e1787515928f95af670ec2677663 1623126 doc optional
dbus-1-doc_1.0.2-1+etch2_all.deb
cfa20eea1e6e8be195d520199e8415c6 349844 devel optional
dbus_1.0.2-1+etch2_i386.deb
ebf1993ab8d40f4d10becd43324c3fb7 269032 libs optional
libdbus-1-3_1.0.2-1+etch2_i386.deb
98c8270b762a20bffc194124562c2a68 184284 utils optional
dbus-1-utils_1.0.2-1+etch2_i386.deb
116b0084af4713242092e2b07a64734f 335874 libdevel optional
libdbus-1-dev_1.0.2-1+etch2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkj9t8sACgkQ62zWxYk/rQdFVACcCAdNfJeB+vAT6vyHFXNcxX3+
tlwAoL5t1EEXce7Z/s0jl43aq53UzFLp
=q7OK
-----END PGP SIGNATURE-----
--- End Message ---
