Your message dated Tue, 27 Oct 2015 21:23:08 +0000 with message-id <e1zrbi0-0007tz...@franck.debian.org> and subject line Bug#802650: fixed in miniupnpc 1.5-2+deb7u1 has caused the Debian Bug report #802650, regarding miniupnpc: CVE-2015-6031: Buffer overflow vulnerability in XML parser functionality to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 802650: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802650 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: miniupnpc Version: 1.5-2 Severity: grave Tags: security patch upstream fixed-upstream Justification: user security hole Hi, the following vulnerability was published for miniupnpc. CVE-2015-6031[0]: Buffer overflow vulnerability in XML parser functionality If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-6031 [1] https://github.com/miniupnp/miniupnp/commit/79cca974a4c2ab1199786732a67ff6d898051b78 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: miniupnpc Source-Version: 1.5-2+deb7u1 We believe that the bug you reported is fixed in the latest version of miniupnpc, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 802...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated miniupnpc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 25 Oct 2015 07:35:29 +0100 Source: miniupnpc Binary: miniupnpc libminiupnpc5 libminiupnpc-dev Architecture: source amd64 Version: 1.5-2+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Thomas Goirand <z...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: libminiupnpc-dev - UPnP IGD client lightweight library development files libminiupnpc5 - UPnP IGD client lightweight library miniupnpc - UPnP IGD client lightweight library client Closes: 802650 Changes: miniupnpc (1.5-2+deb7u1) wheezy-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2015-6031: Buffer overflow vulnerability in XML parser functionality (Closes: #802650) Checksums-Sha1: 6901fbb4fd914d756f75b8a6e5374a035755a0e2 1905 miniupnpc_1.5-2+deb7u1.dsc 53ceae5515a547fed28b93bd5abba517586b0b3e 53309 miniupnpc_1.5.orig.tar.gz b8256818cdf1f1bbd2a13a453631b879fa0e95c1 3520 miniupnpc_1.5-2+deb7u1.diff.gz 405c0d4a4365761a766ea9580f576fde1e66d939 14216 miniupnpc_1.5-2+deb7u1_amd64.deb 3377cb5b10a70ef0b7de014cdd4981675a8aeba5 35140 libminiupnpc5_1.5-2+deb7u1_amd64.deb 4b71a78893ddf787b04ac24e09641924902708de 12014 libminiupnpc-dev_1.5-2+deb7u1_amd64.deb Checksums-Sha256: 6a977d6110a13670e09cf6ef19538ccfc1a07e4e8ad101372cc8a3de30f58367 1905 miniupnpc_1.5-2+deb7u1.dsc 440f0e64e92c92c6624f49d21cf8279b9c05afe99261e4add357b2ee2828a957 53309 miniupnpc_1.5.orig.tar.gz e873c1133f45bead520cba0caa177e9b935363bf8980aea9e73413975c4a94f3 3520 miniupnpc_1.5-2+deb7u1.diff.gz 7a32f87df6b503da0a7132fa1faabeb020ef1d0f49ed6747bea3039e6890521c 14216 miniupnpc_1.5-2+deb7u1_amd64.deb 439729b5278eebc8f09a41ad6bdea4633f575fa8f52eaa35c64e01aaa97c64ea 35140 libminiupnpc5_1.5-2+deb7u1_amd64.deb 800415d2c93765bbbac3dfb4585d1bc9dc0f66f8bc5ca917b34d0093d15680a8 12014 libminiupnpc-dev_1.5-2+deb7u1_amd64.deb Files: eec432c1f539b5a62756a25e04da227d 1905 net optional miniupnpc_1.5-2+deb7u1.dsc 0efa7498d27c82a56a0300b0c05c4f58 53309 net optional miniupnpc_1.5.orig.tar.gz cc7a80528bb15e5485e10e30ebb322d8 3520 net optional miniupnpc_1.5-2+deb7u1.diff.gz dc0967a0db949a57d398811233666c0b 14216 net optional miniupnpc_1.5-2+deb7u1_amd64.deb 211e5c79641e78c05535acb9bc25bde9 35140 net optional libminiupnpc5_1.5-2+deb7u1_amd64.deb 8644a2e50f2ed83b013f0f2e9a92b1a3 12014 libdevel optional libminiupnpc-dev_1.5-2+deb7u1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJWLH9qAAoJEAVMuPMTQ89EG5AP/3ztHuFVgPjiZmvwnaT84ckm Z4g+ARcVm31cIU0zHh9MfVaygE98jM6ZBS+Hpc50eQMdxG27n7GoBf1r5flxFQJ7 NJuMEQYwsol3lK7RAy/snP2Wjfz8F/75ij1Tgqquu/hSqOyV1ex4JBDz5W9YSf7G rCNlt0J2mDUhCJy1JWE2lZXwRTkhpNNTnojudyAgbFeZHIs1Do9/My2Tt59ARCG8 NFsuyTKgPGjDXxen6fKtK9AEjppINMsJHA89lEOar1eZxnwsZcHxLSlU4o0tgj/R 6jJ4sCysnLxavoAXJbxXCzfX+CWZFoBndkKqM6dznOi6On1XCkSuEIzwtBChWsMH JLXIsEAALU0y6YXd/i6vTsDV1HxIbJdHMiQZvZnhTqatEFzH/Dn4zfYPE/D36/+l 4IUPmLe35zsC7uNg7hPafuVvqDQMeJNs1WAqFE5lkytwpcJt+fMQgWQka3c+126A fTUP7gk26ZG7M8maJtbInjTZWB9Nd1uT1ngaOi5oZAYvHTsny8Txqnr6JkdfFF8C 4ouTrwXI11+BDoZHgliixbcZarh2m7lwxrl2q0VdTAgM6Do1Cvia7tEjVQ1Ayg9g Oy+QFxomJuMBtY9vSIqEIFbxmg0V+qO3gl5uLwCmiS5vlQ/6R2f0k5uGYYSq1U/a Ib4hfKZHMQKdQ2xoOBmj =4aeq -----END PGP SIGNATURE-----
--- End Message ---
