Bug#593299: marked as done (barnowl: CVE-2010-2725)
Your message dated Sun, 05 Sep 2010 13:59:12 + with message-id and subject line Bug#593299: fixed in barnowl 1.0.1-4+lenny2 has caused the Debian Bug report #593299, regarding barnowl: CVE-2010-2725 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 593299: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=593299 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: barnowl Version: 1.5.1-1 Severity: serious Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for barnowl. CVE-2010-2725[0]: | BarnOwl before 1.6.2 does not check the return code of calls to the | (1) ZPending and (2) ZReceiveNotice functions in libzephyr, which | allows remote attackers to cause a denial of service (crash) and | possibly execute arbitrary code via unknown vectors. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2725 http://security-tracker.debian.org/tracker/CVE-2010-2725 --- End Message --- --- Begin Message --- Source: barnowl Source-Version: 1.0.1-4+lenny2 We believe that the bug you reported is fixed in the latest version of barnowl, which is due to be installed in the Debian FTP archive: barnowl-irc_1.0.1-4+lenny2_all.deb to main/b/barnowl/barnowl-irc_1.0.1-4+lenny2_all.deb barnowl_1.0.1-4+lenny2.diff.gz to main/b/barnowl/barnowl_1.0.1-4+lenny2.diff.gz barnowl_1.0.1-4+lenny2.dsc to main/b/barnowl/barnowl_1.0.1-4+lenny2.dsc barnowl_1.0.1-4+lenny2_i386.deb to main/b/barnowl/barnowl_1.0.1-4+lenny2_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 593...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sebastien Delafond (supplier of updated barnowl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Wed, 01 Sep 2010 20:36:01 +0200 Source: barnowl Binary: barnowl barnowl-irc Architecture: source all i386 Version: 1.0.1-4+lenny2 Distribution: stable-security Urgency: high Maintainer: Sam Hartman Changed-By: Sebastien Delafond Description: barnowl- A curses-based tty Jabber and Zephyr client barnowl-irc - Provide IRC support for the BarnOwl Zephyr client Closes: 593299 Changes: barnowl (1.0.1-4+lenny2) stable-security; urgency=high . * Non-maintainer upload by the security team. * Check the return code of calls to ZPending and ZReceiveNotice functions in zephyr.c (Closes: #593299). CVE-2010-2725. Checksums-Sha1: f97eed677dc9804ee9e9e10460c6ccc05ac08d6b 1131 barnowl_1.0.1-4+lenny2.dsc 05f82c9736df6b5a7315f96d76312a08e8306510 17407 barnowl_1.0.1-4+lenny2.diff.gz 18905a643db145c92ac4fbd79d2514c201e0fbd6 39502 barnowl-irc_1.0.1-4+lenny2_all.deb 33f4d73f0cf190115bf8f0cd58ce51bebd31e89f 468532 barnowl_1.0.1-4+lenny2_i386.deb Checksums-Sha256: 5da4c45ee8b9dd8a8d06f4d2c7ed96d43ea60bb7c9f595dda78442e2d3b50812 1131 barnowl_1.0.1-4+lenny2.dsc ebcd69c320644abd4f05ad606097b96d4748683256f147525ba159925d2a219b 17407 barnowl_1.0.1-4+lenny2.diff.gz 70e0b5378173fbcc3c945d6f38e3efe0faf0ba6644d79d07751a5a470ca5820b 39502 barnowl-irc_1.0.1-4+lenny2_all.deb 2f3570b37da0ceee3ac34e3bba80ec6ee5a42a59eb3d26a34034eb8d6f90aac9 468532 barnowl_1.0.1-4+lenny2_i386.deb Files: 2cf38ea3565cbc819c2599045d41e594 1131 net optional barnowl_1.0.1-4+lenny2.dsc 6eef7b2e31097c85d1fce993e9d08f27 17407 net optional barnowl_1.0.1-4+lenny2.diff.gz 7dd6dd51b6f8fbb189e174390973d0e0 39502 net extra barnowl-irc_1.0.1-4+lenny2_all.deb e70847f4b14dde80a4afcbf095f738bf 468532 net optional barnowl_1.0.1-4+lenny2_i386.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkx+o2wACgkQiZgNKcDdyD9g4ACgmcijuoviMi4NIJBhpVOhJgR9 WPUAn3TBnwTy8Y1y8c+hWq5zpfZzD8lj =6tn8 -END PGP SIGNATURE- --- End Message ---
Bug#593299: marked as done (barnowl: CVE-2010-2725)
Your message dated Wed, 18 Aug 2010 00:02:07 + with message-id and subject line Bug#593299: fixed in barnowl 1.6.2-1 has caused the Debian Bug report #593299, regarding barnowl: CVE-2010-2725 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 593299: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=593299 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: barnowl Version: 1.5.1-1 Severity: serious Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for barnowl. CVE-2010-2725[0]: | BarnOwl before 1.6.2 does not check the return code of calls to the | (1) ZPending and (2) ZReceiveNotice functions in libzephyr, which | allows remote attackers to cause a denial of service (crash) and | possibly execute arbitrary code via unknown vectors. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2725 http://security-tracker.debian.org/tracker/CVE-2010-2725 --- End Message --- --- Begin Message --- Source: barnowl Source-Version: 1.6.2-1 We believe that the bug you reported is fixed in the latest version of barnowl, which is due to be installed in the Debian FTP archive: barnowl_1.6.2-1.debian.tar.gz to main/b/barnowl/barnowl_1.6.2-1.debian.tar.gz barnowl_1.6.2-1.dsc to main/b/barnowl/barnowl_1.6.2-1.dsc barnowl_1.6.2-1_i386.deb to main/b/barnowl/barnowl_1.6.2-1_i386.deb barnowl_1.6.2.orig.tar.gz to main/b/barnowl/barnowl_1.6.2.orig.tar.gz A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 593...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sam Hartman (supplier of updated barnowl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Tue, 17 Aug 2010 18:47:15 -0400 Source: barnowl Binary: barnowl Architecture: source i386 Version: 1.6.2-1 Distribution: unstable Urgency: low Maintainer: Sam Hartman Changed-By: Sam Hartman Description: barnowl- A curses-based tty Jabber, IRC, AIM and Zephyr client Closes: 593299 Changes: barnowl (1.6.2-1) unstable; urgency=low . * New Upstream version * Fixes cve-2010-2725, Closes: #593299 * Build conflict with barnowl because t/mock.pl is broken and old version of barnowl mess up current versions tests. Checksums-Sha1: d6c61ad329eb967ffcb7831dec902bb25dd7597b 1313 barnowl_1.6.2-1.dsc 26331a81c0def4bcfc99518c6d0ef781ae1fc4a3 850059 barnowl_1.6.2.orig.tar.gz 0f3a3b8e16755e2659cc1bd5acfc68435a36b652 6615 barnowl_1.6.2-1.debian.tar.gz fdc2db73cd197970c79096849f567e392b51fe83 505838 barnowl_1.6.2-1_i386.deb Checksums-Sha256: c7beb52c3a8da23f9d2079e6850623dbfcf27876282cef20301bd5700a6411f5 1313 barnowl_1.6.2-1.dsc a3e7a05275fc44004067bdcfa1dfd99847d9a176c284b7261087a51828a89545 850059 barnowl_1.6.2.orig.tar.gz 44187eb3375ff2c3e62c3e4dadca8f2ef032e1d5dfaf3e831bd30c06ebdb96c0 6615 barnowl_1.6.2-1.debian.tar.gz 5a81ff8999b537acbda1743adde8f2aed06471a3acdc5b8e0d044da827ff7a43 505838 barnowl_1.6.2-1_i386.deb Files: fa3c3ce3664d81f4a43117ed68162aa7 1313 net optional barnowl_1.6.2-1.dsc e21529853f276c9d75be2975767ae45e 850059 net optional barnowl_1.6.2.orig.tar.gz 388d92c0bfe4b8447b22b519b0eac2db 6615 net optional barnowl_1.6.2-1.debian.tar.gz 7e2ecef58daf88e194be9c873c5eeaa0 505838 net optional barnowl_1.6.2-1_i386.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkxrGwAACgkQ/I12czyGJg+45gCgrq6brbYy+cPaQIHTRB3d1vi5 dC4AoOrLimSv7XLOg+s6DdUh+14VMe4N =BWKA -END PGP SIGNATURE- --- End Message ---