Bug#748913: marked as done (miniupnpc: Buffer overread in miniwget)
Your message dated Thu, 29 May 2014 18:00:06 + with message-id e1wq4cy-0002n2...@franck.debian.org and subject line Bug#748913: fixed in miniupnpc 1.9.20140401-1 has caused the Debian Bug report #748913, regarding miniupnpc: Buffer overread in miniwget to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 748913: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=748913 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: miniupnpc Severity: grave Tags: security Justification: user security hole A CVE assignment is pending. The fix is here: https://github.com/miniupnp/miniupnp/commit/3a87aa2f10bd7f1408e1849bdb59c41dd63a9fe9 Cheers, Moritz ---End Message--- ---BeginMessage--- Source: miniupnpc Source-Version: 1.9.20140401-1 We believe that the bug you reported is fixed in the latest version of miniupnpc, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 748...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thomas Goirand z...@debian.org (supplier of updated miniupnpc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 28 May 2014 07:10:52 + Source: miniupnpc Binary: miniupnpc libminiupnpc10 libminiupnpc-dev python-miniupnpc Architecture: source amd64 Version: 1.9.20140401-1 Distribution: experimental Urgency: medium Maintainer: Thomas Goirand z...@debian.org Changed-By: Thomas Goirand z...@debian.org Description: libminiupnpc-dev - UPnP IGD client lightweight library development files libminiupnpc10 - UPnP IGD client lightweight library miniupnpc - UPnP IGD client lightweight library client python-miniupnpc - UPnP IGD client lightweight library Python bindings Closes: 680214 698705 748913 Changes: miniupnpc (1.9.20140401-1) experimental; urgency=medium . * New upstream release (Closes: #748913, #698705) * Uploading to experimental because of the needed transition. * Enabled hardening build flags (Closes: #680214). * Removed 000-Setup.py_CFLAGS_override.patch now applied upstream. * Refreshed fix-ftbfs-on-hurd.patch. * Upstream bumped SONAME, so now packaging libminiupnpc10 instead of 8. * Switched to upstream branch tags git packaging. Note that upstream Git cannot be used directly, as it contains all projects of miniupnp in a single repository. * Removed patch applied upstream: debian/patches/fix-ftbfs-on-hurd.patch. * Bumped Standards-Version. Checksums-Sha1: 2723c42d316d349bab8d79732e792f4646c2eb54 2097 miniupnpc_1.9.20140401-1.dsc f9bda6fc5b9f01184acdeb3c77bc557218329a6a 59432 miniupnpc_1.9.20140401.orig.tar.xz 6bce71cfb68fee999c31cd71c4e1bd906b0b850c 5088 miniupnpc_1.9.20140401-1.debian.tar.xz 2e7cadce20f0e0743e7f85940843e9930f460316 19712 miniupnpc_1.9.20140401-1_amd64.deb e01377a5aa67ad96a890b9da169053b032a5a067 28138 libminiupnpc10_1.9.20140401-1_amd64.deb e2b5b8cb5af22ca05e2bd8f23ca3787c211763d5 34208 libminiupnpc-dev_1.9.20140401-1_amd64.deb 23ac11a0b9b6f975b31104e95fa637cb98602d07 30506 python-miniupnpc_1.9.20140401-1_amd64.deb Checksums-Sha256: 83c52728e0209c25de38e66052a576960688a894e8d52699fdee4025a5afd2c2 2097 miniupnpc_1.9.20140401-1.dsc 0c8c40109f2cca6fa51820ea4bc000da06ecf4754a27874c52a7e89f211ba7bf 59432 miniupnpc_1.9.20140401.orig.tar.xz d72d6c910e31e43d8fb58e33fadd028d8966c88a9cab81552ba923b7aa99e70d 5088 miniupnpc_1.9.20140401-1.debian.tar.xz b7584576c9690134899d65d0a39e723fa72b3d39ab026c0697913a59e8bd5971 19712 miniupnpc_1.9.20140401-1_amd64.deb 69225a6742541a1e0e14fcc186ffa72f8998c0c12b94e8a4ef63df46cbf66fa5 28138 libminiupnpc10_1.9.20140401-1_amd64.deb 63bc4df14a470b43246be052d2356edecf9acd90d7ac6722d30b9b132220094f 34208 libminiupnpc-dev_1.9.20140401-1_amd64.deb 3e758c20dd653c63d74aa94cd91b30afeba97b8a5b6011f606b8168038374e97 30506 python-miniupnpc_1.9.20140401-1_amd64.deb Files: 8a837fa96c8804e455522ca360a4616f 19712 net optional miniupnpc_1.9.20140401-1_amd64.deb ae9ae62dca9e4e47c46d024ec993 28138 net optional libminiupnpc10_1.9.20140401-1_amd64.deb 3563cc1dcf6220f4944b7bbbd8f3bf00 34208 libdevel optional libminiupnpc-dev_1.9.20140401-1_amd64.deb
Bug#748913: marked as done (miniupnpc: Buffer overread in miniwget)
Your message dated Wed, 28 May 2014 06:18:46 + with message-id e1wpxci-0003zf...@franck.debian.org and subject line Bug#748913: fixed in miniupnpc 1.6-4 has caused the Debian Bug report #748913, regarding miniupnpc: Buffer overread in miniwget to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 748913: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=748913 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: miniupnpc Severity: grave Tags: security Justification: user security hole A CVE assignment is pending. The fix is here: https://github.com/miniupnp/miniupnp/commit/3a87aa2f10bd7f1408e1849bdb59c41dd63a9fe9 Cheers, Moritz ---End Message--- ---BeginMessage--- Source: miniupnpc Source-Version: 1.6-4 We believe that the bug you reported is fixed in the latest version of miniupnpc, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 748...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thomas Goirand z...@debian.org (supplier of updated miniupnpc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 28 May 2014 06:07:40 + Source: miniupnpc Binary: miniupnpc libminiupnpc8 libminiupnpc-dev python-miniupnpc Architecture: source amd64 Version: 1.6-4 Distribution: unstable Urgency: high Maintainer: Thomas Goirand z...@debian.org Changed-By: Thomas Goirand z...@debian.org Description: libminiupnpc-dev - UPnP IGD client lightweight library development files libminiupnpc8 - UPnP IGD client lightweight library miniupnpc - UPnP IGD client lightweight library client python-miniupnpc - UPnP IGD client lightweight library Python bindings Closes: 748913 Changes: miniupnpc (1.6-4) unstable; urgency=high . * Fixed potential buffer overrun in miniwget.c (Closes: #748913). Checksums-Sha1: ec45547c9c3aad8c86ec1edfc05f51bb44505aca 2032 miniupnpc_1.6-4.dsc 136c3604cbdb6b73235c06a32596813c935792e7 6144 miniupnpc_1.6-4.debian.tar.xz 3f6883627f8492cebdba9c0cc3369606d9bb108b 16158 miniupnpc_1.6-4_amd64.deb c85ddf291706b66fe869ba99606ff7d4f393a66f 24238 libminiupnpc8_1.6-4_amd64.deb 5dcd82120a70ecabaa69a92c5da32995de70ec98 29234 libminiupnpc-dev_1.6-4_amd64.deb 447c4c9e43c693a48c976ca9a00fabacb3b9f4ca 26184 python-miniupnpc_1.6-4_amd64.deb Checksums-Sha256: 6213ab85eb91dac8eb2d8172cd7ce2e7e61bb53e01ecf0e3c722dced29bb2a70 2032 miniupnpc_1.6-4.dsc fc25bf036e4204ada5012d63e0409e09becabd30fb4093455871086375b79643 6144 miniupnpc_1.6-4.debian.tar.xz b4534cd05aef4ff3c60e7bc73b0f43d187c2aa95ef49305e999014cda588595b 16158 miniupnpc_1.6-4_amd64.deb 5d2c5d18a153e30840752e6599def77f7407adda82c879f7f3b18b3a099e67aa 24238 libminiupnpc8_1.6-4_amd64.deb ffac6a63d730cf428543ef1a82905329015bf30474a4545ab5fc0ae2fa25366f 29234 libminiupnpc-dev_1.6-4_amd64.deb 11c182b22b9424658e720926bd0adc8dd3a13819d4290af18e51ee50460a03ec 26184 python-miniupnpc_1.6-4_amd64.deb Files: 62ae71143812a4e892ab8669f60ba2da 16158 net optional miniupnpc_1.6-4_amd64.deb 16be7aa63379595d0835f62a6e342569 24238 net optional libminiupnpc8_1.6-4_amd64.deb 8561ddabc84e2649bed68d2ad2b4bae5 29234 libdevel optional libminiupnpc-dev_1.6-4_amd64.deb 9e08cf972e828e0af4eeed0b11a0 26184 python optional python-miniupnpc_1.6-4_amd64.deb 31ae9507c99948a0f4bf92067fde0016 2032 net optional miniupnpc_1.6-4.dsc b52bbb7f41061d550c79dc14bf760bd3 6144 net optional miniupnpc_1.6-4.debian.tar.xz -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJThX1hAAoJENQWrRWsa0P+RL4P/23CLkAF4eVomcfd1mORc+JO aJf8R/ra28eXqG8CUEiejRb3EHb6OGVeYsWUzszZJgfYAKBYyTDg7qdobAsi7pkT QDwNBJTYlJwEqdaGqF8e/2b2uHM9ONI5hGZEpz1VGCdu0Zk9tbmFAyyfNTlE29Bq e5g/dUk+V9C9H0KVNoX6cz8T1r3YXkNuZUBMQ5L3lZLLcqIIyzEv+JVPiJmHwbku 2Liq2RocdNksZ/4KDMzX59x84SQAu5+ivtEZIzviK+WU7fD16UMZ7uEZKoaveLsu v6OvSU9BGXlZ5FAf1YaYD9rMW3TcRWmA4dDzRtj9uJ8KyO/oXUVdxW1/NXnc9xeh IcVZwn0vqEVemfKgKKJ1CzMaUk8KRdcgr/FEA4nyorOY8whqgQOYkyASF/vcpTUN mgvpy1aWoR/p1uwItwiEnYZo/t9QND17edWtmWPilhnnPGUh0HuiP8iGe0gTPV5j dtwh0GP3MsJX8J8trYev624FkYfwz2fR/BcxKWpRjb5hbEGWLk8WzuwpFlY+T2Y5 wtLDsR8kqOQ5INDqq2Y6CVi9J+1HIza45EfxzYw4QcGI2pbhVXSokwWflbi7W3s5
