Your message dated Sun, 30 Nov 2014 23:17:12 +0000 with message-id <e1xvdjs-0007uo...@franck.debian.org> and subject line Bug#762789: fixed in ppp 2.4.5-5.1+deb7u1 has caused the Debian Bug report #762789, regarding ppp: CVE-2014-3158: Integer overflow in option parsing to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 762789: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762789 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: ppp Severity: grave Tags: security Hi, the following vulnerability was published for ppp. CVE-2014-3158[0]: Potential integer overflow in option parsing This is fixed in this commit https://github.com/paulusmack/ppp/commit/7658e8257183f062dc01f87969c140707c7e52cb and in the 2.4.7 upstream release. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3158 https://security-tracker.debian.org/tracker/CVE-2014-3158 http://marc.info/?l=linux-ppp&m=140764978420764 Please adjust the affected versions in the BTS as needed. Cheers, -- Raphaël Hertzog ◈ Debian Developer Discover the Debian Administrator's Handbook: → http://debian-handbook.info/get/
--- End Message ---
--- Begin Message ---Source: ppp Source-Version: 2.4.5-5.1+deb7u1 We believe that the bug you reported is fixed in the latest version of ppp, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 762...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sebastien Delafond <s...@debian.org> (supplier of updated ppp package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 28 Nov 2014 09:49:28 +0100 Source: ppp Binary: ppp ppp-udeb ppp-dev Architecture: source all amd64 Version: 2.4.5-5.1+deb7u1 Distribution: wheezy-security Urgency: medium Maintainer: Marco d'Itri <m...@linux.it> Changed-By: Sebastien Delafond <s...@debian.org> Description: ppp - Point-to-Point Protocol (PPP) - daemon ppp-dev - Point-to-Point Protocol (PPP) - development files ppp-udeb - Point-to-Point Protocol (PPP) - package for Debian Installer (udeb) Closes: 762789 Changes: ppp (2.4.5-5.1+deb7u1) wheezy-security; urgency=medium . * Non-maintainer upload by the Security Team (thanks to Pierre Schweitzer <pie...@reactos.org> for preparing the update). * Fix CVE-2014-3158: integer overflow which may allow overwrite security-relevant variables (Closes: #762789). Checksums-Sha1: fa8d9c42f20eead98fe3d9053a2e6ccd087b2911 1412 ppp_2.4.5-5.1+deb7u1.dsc cb977b31584e3488e08a643aaa672fdb229d2e78 684342 ppp_2.4.5.orig.tar.gz 3d3b79b36dcc967cb605c76ebcb3c393cc5878c3 96877 ppp_2.4.5-5.1+deb7u1.diff.gz 519f4b04df2cbf504bb9a70f7e50d216f49210df 57194 ppp-dev_2.4.5-5.1+deb7u1_all.deb 0c6f9fd2fa2dee685cff044944e332e8987db79a 380810 ppp_2.4.5-5.1+deb7u1_amd64.deb 468453bf2de8f0e2a30106f149e5d9aa47789c5e 112454 ppp-udeb_2.4.5-5.1+deb7u1_amd64.udeb Checksums-Sha256: eeb418bbbf42ce579bbc0984927c14ee8bfa6d68e39e5af52214b398237233ed 1412 ppp_2.4.5-5.1+deb7u1.dsc 43317afec9299f9920b96f840414c977f0385410202d48e56d2fdb8230003505 684342 ppp_2.4.5.orig.tar.gz e1e19cef43f235bd657b9fea68a17d8faa19f97bd32e0e8e1b69fa61a05fb449 96877 ppp_2.4.5-5.1+deb7u1.diff.gz c043b4eb11da765a11ff26500901388180685c51c310956b89b2b7738d7ee9be 57194 ppp-dev_2.4.5-5.1+deb7u1_all.deb 0c74caa1418019d8352a1750f1db32f0d6c9024191d28b17324c78642e5f6fe3 380810 ppp_2.4.5-5.1+deb7u1_amd64.deb b71dc1adc6f3e8fdbcf288e0f5c369b8ed20729b6f3e533717538548a1e97ef3 112454 ppp-udeb_2.4.5-5.1+deb7u1_amd64.udeb Files: 988620c88831781181eb2ad9e3edcc22 1412 admin optional ppp_2.4.5-5.1+deb7u1.dsc 4621bc56167b6953ec4071043fe0ec57 684342 admin optional ppp_2.4.5.orig.tar.gz d6069a42908e69d4ecb7df32af27cb3e 96877 admin optional ppp_2.4.5-5.1+deb7u1.diff.gz 4b46acb465c9d1d9700d8b4986e32df9 57194 devel extra ppp-dev_2.4.5-5.1+deb7u1_all.deb 59edd4b76fc05e2f953c232bcefd0297 380810 admin optional ppp_2.4.5-5.1+deb7u1_amd64.deb 4b0344e9bdda447caee49fe62ad13c02 112454 debian-installer optional ppp-udeb_2.4.5-5.1+deb7u1_amd64.udeb Package-Type: udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJUeDlLAAoJEBC+iYPz1Z1kjc4H/0Ise2jUZs5WGyghQj1PNeST C533QX3N4diZwhJ+InH5+NY4ZdZRKbEQsPj3Oce27Vv7dL0MBUcloBSITsT2/jwH AdYClnxIIrBch4UauQQqZsZsMp5YolA3v4wQrW6mKKq8cn6zuPVcn39X3Nwqv7V+ MLwx0d0rxi+IAb4yv85weyVzKdj2ZKhKp4ugAr+NGF1iMu8QDYpE3USckzXLriLz +Ue9d0+tUEgDgwUWrzmM91NZVoOtTXaq6KY7g1fLPuZ+aE4e+1yrQ9zmX3t3AoAT ixpcIYRmWgXjjVf2q1o6G5Ty5pJ0AwM8GtePvmwE3ZE/Y6F3WdpeQZHroEP656I= =5+9H -----END PGP SIGNATURE-----
--- End Message ---
