Your message dated Wed, 15 Apr 2015 21:32:14 +0000 with message-id <e1yiuus-0007np...@franck.debian.org> and subject line Bug#781806: fixed in das-watchdog 0.9.0-2+deb7u1 has caused the Debian Bug report #781806, regarding das-watchdog: CVE-2015-2831: Buffer overflow in the handling of the XAUTHORITY env variable to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 781806: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781806 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: das-watchdog Severity: grave Tags: security Hi, this has been assigned CVE-2015-2831: http://www.openwall.com/lists/oss-security/2015/04/01/8 Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: das-watchdog Source-Version: 0.9.0-2+deb7u1 We believe that the bug you reported is fixed in the latest version of das-watchdog, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 781...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated das-watchdog package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 12 Apr 2015 11:02:08 +0200 Source: das-watchdog Binary: das-watchdog Architecture: source amd64 Version: 0.9.0-2+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Debian Multimedia Maintainers <pkg-multimedia-maintain...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: das-watchdog - solves system lock-ups by making all processes non-realtime Closes: 781806 Changes: das-watchdog (0.9.0-2+deb7u1) wheezy-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix buffer overflow in the handling of the XAUTHORITY env variable (CVE-2015-2831) (Closes: #781806) * Remove duplicate check for temp[i] == '\0' in das_watchdog.c * Fix infinite loop on platforms where char is unsigned * Add fix-memory-leak-on-realloc.patch patch. Fix potential memory leak on realloc and causing "NULL+i" (write) dereference afterwards. Thanks to Niels Thykier <ni...@thykier.net> Checksums-Sha1: 76e58c04ab59cf97a4ca4f375d2b0263561d88e9 1993 das-watchdog_0.9.0-2+deb7u1.dsc 3d4bb6f71963fe79144875340dd1864558b8a128 8796 das-watchdog_0.9.0.orig.tar.gz 1652a999aed6f3ca8a3c2e8baac283c80ed58e15 4965 das-watchdog_0.9.0-2+deb7u1.debian.tar.gz c3662226695499f6e7abef8b5575829441455d82 15226 das-watchdog_0.9.0-2+deb7u1_amd64.deb Checksums-Sha256: 9c90535f3b230608a916d8b2caf2d88cd3c7f828a1069e81bd0c6971b82abe78 1993 das-watchdog_0.9.0-2+deb7u1.dsc 118393ae83d47a6f6db91910593c17aa041bb51feee4519d00b90780f6093f18 8796 das-watchdog_0.9.0.orig.tar.gz 3c061d6ab42659135244f9b39101b14909d1e716e67e7546a6fe7403f27e7749 4965 das-watchdog_0.9.0-2+deb7u1.debian.tar.gz 99053c38f06de8b0139a47928c582f085a66d3f3123e76ed7313bb5123a7c26c 15226 das-watchdog_0.9.0-2+deb7u1_amd64.deb Files: ef2de85f7196ea1902983bc0716b81e5 1993 admin extra das-watchdog_0.9.0-2+deb7u1.dsc 1394e3457ca1599382fd821646c0e8e8 8796 admin extra das-watchdog_0.9.0.orig.tar.gz 9c884b5fa18c2bdf9d9132cb7340470b 4965 admin extra das-watchdog_0.9.0-2+deb7u1.debian.tar.gz cfdcc5678434d9430ac0925b5e81bab6 15226 admin extra das-watchdog_0.9.0-2+deb7u1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVKlGIAAoJEAVMuPMTQ89EzPMP/AjwF6fj1l7usNLuuIUVHxCB Mi/h/mC0Ceo5OY22rukvDqKV6VpOmc6BStNhTmHPLEWOculTzJqzXep3yyxeC15J pAHFMcbpXzs1Kc/KNj7sHO2mUWrlC+CvSqT6ydSDE5h9SoiI3I+iMsehdOc8UWoA J0H+6o/44wNqBetTd+8Db5UhEMNJsa6kGLFq30Gx8d2jSKKeEXztkvkZyotFNmnr zG/K7S8HqveheTtWKGmrxwDUnCZyI73FDkGpJPRduKdwwss++MzRi4XillMmcUeh d2RtFj4eZQjXe8CljXUn7meKHTPKjxaSwgHJcUfKBBixoQsQhREecbX8Zuib869y fPfeOvHGlETdshNKiGdH2Zgr+zkzrmSXdYqkn9tc81G9RSnZhvPGC7lo7rNKfArg iGnX/ljArgYLNQqGHOOGSZk5eCICXkqbjDc6D6Hedgef5y5tOGJ6M6fNKxDCQdNu TXB+7kAnMFoOK3ZfPaVdWZ6flR4z1O7z/LzHPBsxSD5GBQ14Lx9DYMjAxYSayT1F Xeo82r4DixENFDXczKVA7sP/CHw/k0fenKK9zVGpn/1jkdNfClt7mE80/eCGfRZj Jo19Am5nOLCMx2hvFkuspRRAgbIYwz/TBzIbl3dsTQ+4Buks8BER3nmoZw4gJpjJ VyPpjzPzoSgR7qn3NNSk =XNLt -----END PGP SIGNATURE-----
--- End Message ---
