Bug#593299: barnowl: CVE-2010-2725
Will upload 1.6.2. I guess I should do something about testing too. I'll ask -release if they will permit 1.6.2 into testing but kind of expect a no answer, so I'll proabably need to prepare something for tpu. --Sam -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#593299: barnowl: CVE-2010-2725
On Tue, 17 Aug 2010 08:45:26 -0400, Sam Hartman wrote: Will upload 1.6.2. I guess I should do something about testing too. I'll ask -release if they will permit 1.6.2 into testing but kind of expect a no answer, so I'll proabably need to prepare something for tpu. they'll usually grant exceptions for RC issues, and i've seen a couple other 'new upsteams' get unblocked since its still very early in the freeze. mike -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#593299: barnowl: CVE-2010-2725
Package: barnowl Version: 1.5.1-1 Severity: serious Tags: security Hi, the following CVE (Common Vulnerabilities Exposures) id was published for barnowl. CVE-2010-2725[0]: | BarnOwl before 1.6.2 does not check the return code of calls to the | (1) ZPending and (2) ZReceiveNotice functions in libzephyr, which | allows remote attackers to cause a denial of service (crash) and | possibly execute arbitrary code via unknown vectors. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2725 http://security-tracker.debian.org/tracker/CVE-2010-2725 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org