Your message dated Sun, 12 Apr 2015 15:34:50 +0000 with message-id <e1yhjum-0007lt...@franck.debian.org> and subject line Bug#781806: fixed in das-watchdog 0.9.0-2+deb6u1 has caused the Debian Bug report #781806, regarding das-watchdog: CVE-2015-2831: Buffer overflow in the handling of the XAUTHORITY env variable to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 781806: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781806 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: das-watchdog Severity: grave Tags: security Hi, this has been assigned CVE-2015-2831: http://www.openwall.com/lists/oss-security/2015/04/01/8 Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: das-watchdog Source-Version: 0.9.0-2+deb6u1 We believe that the bug you reported is fixed in the latest version of das-watchdog, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 781...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated das-watchdog package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 12 Apr 2015 16:33:12 +0200 Source: das-watchdog Binary: das-watchdog Architecture: source amd64 Version: 0.9.0-2+deb6u1 Distribution: squeeze-lts Urgency: high Maintainer: Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: das-watchdog - solves system lock-ups by making all processes non-realtime Closes: 781806 Changes: das-watchdog (0.9.0-2+deb6u1) squeeze-lts; urgency=high . * Non-maintainer upload. * Fix buffer overflow in the handling of the XAUTHORITY env variable (CVE-2015-2831) (Closes: #781806) * Remove duplicate check for temp[i] == '\0' in das_watchdog.c * Fix infinite loop on platforms where char is unsigned * Add fix-memory-leak-on-realloc.patch patch. Fix potential memory leak on realloc and causing "NULL+i" (write) dereference afterwards. Thanks to Niels Thykier <ni...@thykier.net> Checksums-Sha1: a3e96020ad9555c4896d141f822c568f3b58ce68 1948 das-watchdog_0.9.0-2+deb6u1.dsc 72f640d34d6908c7c861e12826b92beaa80e74e8 5121 das-watchdog_0.9.0-2+deb6u1.debian.tar.gz fc423418f40801312950ae059557a458029f8bc5 15238 das-watchdog_0.9.0-2+deb6u1_amd64.deb Checksums-Sha256: 8a962ff491b73add828cbccd2092cac48a4c3df79ede6a995083684c726e7207 1948 das-watchdog_0.9.0-2+deb6u1.dsc 6932c051a69ff12c291b7fe7674033875c1cc98fcd5b21f753cbc316929d6485 5121 das-watchdog_0.9.0-2+deb6u1.debian.tar.gz 273a613e4342b905b56e21c7bb8965baea43b269bba75900c4091f732e0584e2 15238 das-watchdog_0.9.0-2+deb6u1_amd64.deb Files: 7874a78f0251762510ba3566135d8aaf 1948 admin extra das-watchdog_0.9.0-2+deb6u1.dsc aa5a992913e268a5de3ebcc745f58840 5121 admin extra das-watchdog_0.9.0-2+deb6u1.debian.tar.gz 106afc9cb49b106cb37acf40b4e685fd 15238 admin extra das-watchdog_0.9.0-2+deb6u1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVKoOLAAoJEAVMuPMTQ89EBvcP/1dz84xk0LbRuQpA66mChVPP gWLnmnAaS7gTVKHqeOGCLCLk2Sr3AHtCtVetRttLISpRZB6L4Z/GM8EkOUQqRFty +0jjbeoIO9IRK3RdMa5dDhOmr7bA/wp1k5Dy+wnW6F8aDoFkmb6AgO+zO1+7lJ3V m3ONRHM+jEgeQ7tbNpz9UyxjQ46/rSIeN6r4COU91JSUGfcdfOJsTyAf2L2aZ1lv x6Vi9hHTIsTy38tn6x6hQc6aKrxVwXSUtnMHHzFcBm70Ko8nabcSRYxtbv1b5zlC v39tCF4h50OfbfT0z6wdlv37Opn4bkoUbEKlxVXm+NhNEWxUkXgBsZ8gu1ubROhG GDUTg9oOYkkDk9PemFZ8dhUIlNJ/cEpIpDhDJ8eow1yPjudqCFItH6MWpYcLRn1g M6kcQJgaLcK6+mv9PG9upZnJpvD/xCwHTvB1YOvCZ9y2Yy2/2T8ZfrrMNtW4rPrG 7XRMcXY0nPq8X7NIzrQDPthUn6gF0FeF6n/cUgimONjwDX4CPL2Bgm+EkDXsrxCo yWeM/d5a2Ek4qWUE/BfjsmkpX1ffow7VRZpdcP5Hv8vA8PtEVFE91topgmiQncF/ zp6//51REaJkl1n4/6rzSgf5D4X0nzvu5yoXYxcxz+I4rBDGt/NH+KORuOtNnXa9 wwUMgn1SUFuyIZ6Q4AZ8 =TJsQ -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
