Your message dated Tue, 06 Oct 2009 16:39:00 +0000
with message-id <e1mvd40-0004jw...@ries.debian.org>
and subject line Bug#548198: fixed in newt 0.52.10-4.1
has caused the Debian Bug report #548198,
regarding CVE-2009-2905: buffer overflow
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
548198: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=548198
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: newt
Severity: grave
Tags: security patch
Hi
There is a buffer overflow in textbox.c. This issue is CVE-2009-2905.
In textbox.c the following patch has been applied.
- result = malloc(strlen(text) + (strlen(text) / width) + 2);
+ result = malloc(strlen(text) + (strlen(text) / (width - 1)) + 2);
Cheers
Steffen
--- End Message ---
--- Begin Message ---
Source: newt
Source-Version: 0.52.10-4.1
We believe that the bug you reported is fixed in the latest version of
newt, which is due to be installed in the Debian FTP archive:
libnewt-dev_0.52.10-4.1_i386.deb
to pool/main/n/newt/libnewt-dev_0.52.10-4.1_i386.deb
libnewt-pic_0.52.10-4.1_i386.deb
to pool/main/n/newt/libnewt-pic_0.52.10-4.1_i386.deb
libnewt0.52_0.52.10-4.1_i386.deb
to pool/main/n/newt/libnewt0.52_0.52.10-4.1_i386.deb
newt-tcl_0.52.10-4.1_i386.deb
to pool/main/n/newt/newt-tcl_0.52.10-4.1_i386.deb
newt_0.52.10-4.1.diff.gz
to pool/main/n/newt/newt_0.52.10-4.1.diff.gz
newt_0.52.10-4.1.dsc
to pool/main/n/newt/newt_0.52.10-4.1.dsc
python-newt-dbg_0.52.10-4.1_i386.deb
to pool/main/n/newt/python-newt-dbg_0.52.10-4.1_i386.deb
python-newt_0.52.10-4.1_i386.deb
to pool/main/n/newt/python-newt_0.52.10-4.1_i386.deb
whiptail_0.52.10-4.1_i386.deb
to pool/main/n/newt/whiptail_0.52.10-4.1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 548...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Giuseppe Iuculano <iucul...@debian.org> (supplier of updated newt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 06 Oct 2009 17:29:33 +0200
Source: newt
Binary: libnewt-dev libnewt-pic newt-tcl python-newt python-newt-dbg
libnewt0.52 whiptail
Architecture: source i386
Version: 0.52.10-4.1
Distribution: unstable
Urgency: high
Maintainer: Alastair McKinstry <mckins...@debian.org>
Changed-By: Giuseppe Iuculano <iucul...@debian.org>
Description:
libnewt-dev - Developer's toolkit for newt windowing library
libnewt-pic - Not Erik's Windowing Toolkit, shared library subset kit
libnewt0.52 - Not Erik's Windowing Toolkit - text mode windowing with slang
newt-tcl - A newt module for Tcl
python-newt - A NEWT module for Python
python-newt-dbg - A NEWT module for Python (debug extension)
whiptail - Displays user-friendly dialog boxes from shell scripts
Closes: 548198
Changes:
newt (0.52.10-4.1) unstable; urgency=high
.
* Non-maintainer upload by the testing Security Team.
* Include patch to fix buffer overflow in content processing code
Fixes: CVE-2009-2905 Closes: #548198
Checksums-Sha1:
fe4d1824c160366622d8fc8c6301c4d4ab22a9b0 1326 newt_0.52.10-4.1.dsc
92592aa43cd4286c7e523525cb5cb4c363ac9dd6 37058 newt_0.52.10-4.1.diff.gz
40b78d6fbc029a7c2bfa0e12f6a5b95db2087110 63854 libnewt0.52_0.52.10-4.1_i386.deb
f72c3fbb13524ff40b536d5079c4de2f912841c2 87454 libnewt-dev_0.52.10-4.1_i386.deb
6098bd74b7381d8d4a62faaed16d32d83dbf588e 70872 libnewt-pic_0.52.10-4.1_i386.deb
b2dfdc449ea9e203f59dcc6f2da06bdd2241f257 32604 newt-tcl_0.52.10-4.1_i386.deb
b7e112b49d462f3005d16972e1f2f14b4ec7aed1 44406 python-newt_0.52.10-4.1_i386.deb
7b5ca120e2cc2d094be13bbb0dcf8b3865d663ff 82470
python-newt-dbg_0.52.10-4.1_i386.deb
28e83eace0a591e7785aa74636bbba817b6ab4bf 38042 whiptail_0.52.10-4.1_i386.deb
Checksums-Sha256:
8af76e59524d19085e89cf8a134b1ea2455853dddd6e270c89da9cce95f09f84 1326
newt_0.52.10-4.1.dsc
b427ed1e100b09b91e586199df7b78848cc7f1479d64aa33d947c666ee297c9e 37058
newt_0.52.10-4.1.diff.gz
4d18a7803de5dd582bd923e56cfd9ae0f632c83789836ec294cadd3fc2a6d21f 63854
libnewt0.52_0.52.10-4.1_i386.deb
6705da00af9454e9fa8b3ed6c15bf13dd809673fc3bf95003d154b42d613e161 87454
libnewt-dev_0.52.10-4.1_i386.deb
652389c0b6a9fbb97833bc3fc824f66a85d289ddddbbf16171bdd35fabd5e003 70872
libnewt-pic_0.52.10-4.1_i386.deb
aad1ddfe1a19a88d6d240d532257bba2da91604f2d01a93caf05fbd573d6a12d 32604
newt-tcl_0.52.10-4.1_i386.deb
42c8e7428be4a8316e22c5e2f8f72d5895a0d7794fca872c9fbdd0c7cec80758 44406
python-newt_0.52.10-4.1_i386.deb
5ee72c56db94d41068c8059e5c1d4bb374fb77862d89c5f5b02a5782309b54ca 82470
python-newt-dbg_0.52.10-4.1_i386.deb
c8f1bf4510c1de809535d688b83b29ccb20f0470e7c7930f92d1623cbd822736 38042
whiptail_0.52.10-4.1_i386.deb
Files:
3227cea7041f9837455c72d5cd7ee1db 1326 devel optional newt_0.52.10-4.1.dsc
40d84bb8c5227df6bd1d5aa6aa87fa07 37058 devel optional newt_0.52.10-4.1.diff.gz
6fc067e79cfc5a8860e9749bd2c7cc2c 63854 libs important
libnewt0.52_0.52.10-4.1_i386.deb
779abf680e2b4d28fccecaab50dbdce3 87454 libdevel optional
libnewt-dev_0.52.10-4.1_i386.deb
f4956dbf27054eb57ab2ea6deb87a6b9 70872 libdevel extra
libnewt-pic_0.52.10-4.1_i386.deb
f0de2d3d1f78a7f2addc9a7cd84189b7 32604 interpreters extra
newt-tcl_0.52.10-4.1_i386.deb
04c22d27b94650cd5a803c4e18d6f1aa 44406 python optional
python-newt_0.52.10-4.1_i386.deb
21357f8127e8488c9f1e49e6488dc662 82470 debug extra
python-newt-dbg_0.52.10-4.1_i386.deb
a9a78609147c46631268ca86f2e4f17d 38042 utils important
whiptail_0.52.10-4.1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkrLZ0IACgkQNxpp46476aphJgCbBxbdDeqlUHeNp9HkFDqOvlNh
4FwAn03KUID82If1P0OYAxQ3IUpuIoz7
=BGKM
-----END PGP SIGNATURE-----
--- End Message ---
