Your message dated Sat, 26 Sep 2015 15:42:48 +0000 with message-id <e1zfrce-000198...@franck.debian.org> and subject line Bug#799307: fixed in rpcbind 0.2.1-6.1 has caused the Debian Bug report #799307, regarding rpcbind: CVE-2015-7236: remote triggerable use-after-free in rpcbind to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 799307: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799307 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: rpcbind Version: 0.2.0-4.1 Severity: grave Tags: security upstream patch Justification: user security hole Hi, the following vulnerability was published for rpcbind. CVE-2015-7236[0]: remote triggerable use-after-free in rpcbind If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-7236 [1] http://www.spinics.net/lists/linux-nfs/msg53045.html [2] https://bugzilla.suse.com/show_bug.cgi?id=946204 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: rpcbind Source-Version: 0.2.1-6.1 We believe that the bug you reported is fixed in the latest version of rpcbind, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 799...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated rpcbind package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 23 Sep 2015 16:33:12 +0200 Source: rpcbind Binary: rpcbind Architecture: source Version: 0.2.1-6.1 Distribution: unstable Urgency: high Maintainer: Anibal Monsalve Salazar <ani...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 799307 Description: rpcbind - converts RPC program numbers into universal addresses Changes: rpcbind (0.2.1-6.1) unstable; urgency=high . * Non-maintainer upload. * Add CVE-2015-7236.patch patch. CVE-2015-7236: Memory corruption in PMAP_CALLIT code leading to denial of service. (Closes: #799307) Checksums-Sha1: 26059be5f6a4fbcbafeacf2841095a9afd9aedea 1801 rpcbind_0.2.1-6.1.dsc ec1a70b83b01fc35bb23992cd45f379685b9bd2d 9636 rpcbind_0.2.1-6.1.debian.tar.xz Checksums-Sha256: 20909b310ebc9c7c00bde7f0ffab305874338cce115861ec5e02d311a3ed08e4 1801 rpcbind_0.2.1-6.1.dsc bef3f44fec69768e6e6f512a36a2ad3acee3e070912377af0409ff7cf4d50fb2 9636 rpcbind_0.2.1-6.1.debian.tar.xz Files: eb445c40bce55d80ab7ac09b6f70c4d8 1801 net standard rpcbind_0.2.1-6.1.dsc b812be7a409ff847d9497df49ce6534d 9636 net standard rpcbind_0.2.1-6.1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJWBBNvAAoJEAVMuPMTQ89ETMoP/iDUA6Q9PXPheE/icrCINS0o YDq9M/i4et41VZY48CobT8Z0UbZG79jyQYSgJyr9YQ/Usl8aetQeAMkm1IT1Zmo1 vYmtwgl74vA5ApicoIHjRDzZgkJK7Yr97QfWlqMPEH9NnWJ/d/Pq89uQiFJhUGE2 WwIyPDzqZUAVcd+SkgZHo8o3yI7rHxjbJ8PWUbL4IflsSwjVLyVWfu8CSdvk8bfG uBtbEjO8/PRCCy0DULTeVCp/HpgSpmQttzomy6+0IufQ525nf7dHnCoZP8d4ftYH iXFdeb3TaEjqE0O52yNWm7Y/NK7SwXlZuqw30zCmpLiavoXmKSon0he+5niPQa7a IZo0RHAfzeeDXEs4bl7URABVUvjUE52W5SfqY45YobSjUHbV8NCCcm0s7TEb/ujP pHfOc4F8D1S8cdYnMM11Jh1sJrPTRcQkL5Ps6jW28tfOxtszI0n4sgU3U+8JYGv7 0Nqr6aEAP7JYHaW6bubidIuRyOAwGnZP19CwX+c8u0/xbT7DBnUefJJqwG51ZQLl QGJPHb5l1onu3kLcbPmQNIepiLbbxqe1flR3XbULjb3BrRj+TFoW0SbcwwvtXw8o +G0hkdD69LX8DyvspVyrVQfji2TdF/KwjlK+8DTZy80zfu1EVnsJuFdIE7BkUfqo 2vIIHQ7c0fb0GIm/kJC4 =fx2L -----END PGP SIGNATURE-----
--- End Message ---
