Your message dated Sat, 27 Oct 2012 09:17:42 +0000
with message-id <e1ts2wu-0006sk...@franck.debian.org>
and subject line Bug#690376: fixed in libproxy 0.3.1-5.1
has caused the Debian Bug report #690376,
regarding libproxy: PAC handling insufficient content length check leading to
buffer overflow
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
690376: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690376
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libproxy
Severity: serious
Tags: security fixed-upstream patch
Hi,
A buffer overflow was discovered in the PAC handling which lacks a
sufficient content length check.
The following bug report describes the issue and a proposed fix for the
0.3 branch: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4505
This is CVE-2012-4505.
Note that a similar issue was discovered earlier in the 0.4 branch
(CVE-2012-4504) which does not affect the 0.3 branch (and thus Debian).
Can you please upload a fixed package to unstable and ensure transition to
wheezy? Are you able to provide an update for squeeze?
thanks,
Thijs
--- End Message ---
--- Begin Message ---
Source: libproxy
Source-Version: 0.3.1-5.1
We believe that the bug you reported is fixed in the latest version of
libproxy, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 690...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Gilbert <mgilb...@debian.org> (supplier of updated libproxy package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 27 Oct 2012 04:44:22 -0400
Source: libproxy
Binary: libproxy0 libproxy-dev libproxy-tools python-libproxy
Architecture: source all amd64
Version: 0.3.1-5.1
Distribution: unstable
Urgency: high
Maintainer: Emilio Pozuelo Monfort <po...@debian.org>
Changed-By: Michael Gilbert <mgilb...@debian.org>
Description:
libproxy-dev - automatic proxy configuration management library (devel)
libproxy-tools - automatic proxy configuration management library (tools)
libproxy0 - automatic proxy configuration management library (shared)
python-libproxy - automatic proxy configuration management library (python)
Closes: 690376
Changes:
libproxy (0.3.1-5.1) unstable; urgency=high
.
* Non-maintainer upload.
* Fix cve-2012-4505: buffer overflow in lib/pac.c (closes: #690376).
Checksums-Sha1:
89c6ff094de0780fa5f0d796a36a127b604988df 3106 libproxy_0.3.1-5.1.dsc
4c198dba56a23cc02eb15c763d75316eddedd20c 6899 libproxy_0.3.1-5.1.debian.tar.gz
1e8e8b14b6ee446c178c85cfafa0cff935ebefa2 10300
python-libproxy_0.3.1-5.1_all.deb
4670128133fd2ad1fc08f27b6ab3fe69b1399691 37006 libproxy0_0.3.1-5.1_amd64.deb
af68b90c5932963f21fc9d604dbb28240d1537fb 9990 libproxy-dev_0.3.1-5.1_amd64.deb
9bf1d519fc74c472a07ff38b7bfa4ed07323e55b 11158
libproxy-tools_0.3.1-5.1_amd64.deb
Checksums-Sha256:
30243da4400e7cc1247038a27153b5e705799db8476f15cb30323fb74fe63668 3106
libproxy_0.3.1-5.1.dsc
c33d18837a560f952f95a0254180b197a899f1ac38f2529505c1a363fd414b02 6899
libproxy_0.3.1-5.1.debian.tar.gz
cbd4305e7c46165a2165a7d0c8547f690d6e90028279fb9c61e67f4b39d8e3f3 10300
python-libproxy_0.3.1-5.1_all.deb
b144c23417bafbae2174ce39dc301e3fb6bd926dfe364a0fa9ce67528fb1ccc4 37006
libproxy0_0.3.1-5.1_amd64.deb
6baa844d618f79fbab03e9d20f2a93b3a46b7153f45625f05d88c201a737f957 9990
libproxy-dev_0.3.1-5.1_amd64.deb
944ca61bf47d23573cc19c3e8a5faa27321e144028877b2303759c45458d575b 11158
libproxy-tools_0.3.1-5.1_amd64.deb
Files:
838d487c81d4cc90005707e62eb00235 3106 libs optional libproxy_0.3.1-5.1.dsc
a44520d9bcf3b07934277120643ac409 6899 libs optional
libproxy_0.3.1-5.1.debian.tar.gz
1ad488d80aa80a437b024a7b791146c4 10300 python optional
python-libproxy_0.3.1-5.1_all.deb
d43e68c54d4da50cbcda65f8ae7cbd1f 37006 libs optional
libproxy0_0.3.1-5.1_amd64.deb
97910cba06e775a307a9fc1fac38dc24 9990 libdevel optional
libproxy-dev_0.3.1-5.1_amd64.deb
5d002fdde2f38ba4c10eb1476f7e76c2 11158 utils optional
libproxy-tools_0.3.1-5.1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQQcBAEBCAAGBQJQi6FbAAoJELjWss0C1vRz8k0f/1ikV4Q3BF1lG88HjNtRbrkb
/35SW7a/+31BONRuUYqPRRzZ0gS1R9xDpSd0UCWqf6QW7+05fLfzQaS870pNtlk6
vszskwXfPrjluDIwUxc/sMAiZqZWtgc75kBihgmssWi0SLu+fcyFQTyW9mZebUJD
E/bnstah5nbg6dFxzRcY5f6XPk+SZ15iPoGucB2MQDY1HfolLFy/JY74Xz3QD7Wh
+gDfl3dM/S6fXcOjxvk3lujwSOI1/7LCaC4CQeOdymdKHxBGXvZbBv5zywHaExfd
X2T9iFC7npG90gB2zDm5KQkdccYJ2kXqBvi8W+YJqvubqvR2s5vZFGmN6uhNLDu6
Y72dkURFUEZMgAmD640gtkh4cnKBxrOxgWhK0sa0Gdz2ZmzNHq+wI2LB5BJsnbko
nAokSY7VRWLIPdS1CyvOkflivLxSytcBa+bFCFikfROOoKJgP52oNx5W2jQMH3Pb
c29WBCSqfnumzfKesnwHWnrCEVwIb81Ik1o3YCVEKBZ0Tsv0obzGeIY3d6TYF48n
N863cwY8JHQMQXwA5Gph5ZzTep8E8mFKAbaM5gHMcyEWF0UBMllDTTwkrxMwyGcN
K9LBsEsEUkgVL1N5smGGLXYaQwHew2+9XQByT3WXho9curcJy6QH6rLZ5YIYEnjb
xjfiyXecte6wGyceOi1+x7OrOQCWxfO1SZFD2yVj1Cj3tvaZrHBXdO1TQoUvIX5i
JKT22vRPcQwnBlhMmg9JgFhBeB5Jx5nwMVBdaK3siQmt6Gz7yl81mEivOMCqT4f0
GAZ1O/ZyzWT9WCAO4olKk0DnsRBlqrbGgVSE/29ky+scnfb2wVzT4H0kkkk3jLIY
v6GAovKNn1gvLeRuSPak6LMHqzgC1Jm00vnB5yIC5MV2U2GL9Tr1ZJ2071a8QLIv
hBDT4Z8zG0eOTiUsIAjN/1/A1Ktz2qskqRg8eHQEmFnKYgbjPdqW9eMsHJSlxGGQ
4+36N1avYI93isNj8W9RHP5fMNGqNsmc3Qr0C34hNlwfM9a7eB3ESq+vMFd/cU2x
AaRRpFOHD0kUdkKQ8Rikb7AchHukxtzqP5mgWh1MyPQfI+w9Jv5pvC+xDEvQGhwP
fLgU9cgpgJqxm91IGC0d/d5hua6Gx44CHeQFbnyxvBf4RvNtwggZD9O3KypyzQuY
bDZ++FXGLKd3/jy4P65z8L/lWKS0mNlVk0m6lO5fRehgJBACNDQSe/1Y0pN47NN9
bcecyyQa+5yBRtJw+qX3QvrWegwRf83MpgbTDEbjyGidXjMEDAhmtfk8pTlPvacG
GmAGG5+614gGkPmOo5t0GnvP8Gm3jxwCvVFLCX6GRtACG9YDqKnhJjCQCCaaRrk=
=FbIE
-----END PGP SIGNATURE-----
--- End Message ---
