Bug#479036: CVE-2008-1996: DoS due to too many connections
Package: licq Severity: normal Hi The following CVE(0) has been issued against licq. CVE-2008-1996: licq before 1.3.6 allows remote attackers to cause a denial of service (file-descriptor exhaustion and application crash) via a large number of connections. A proposed patch can be found here(1). Cheers Steffen (0) http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1996 (1) http://www.licq.org/changeset/6146 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#410401: scheme48: Please package new upstream version
On Wed, Apr 30, 2008 at 03:16:32PM -0700, Tzvetan Mikov wrote: If Scheme48 1.3 is badly needed by someone, the existing 1.3 package still exists and I suppose can always easily be forward ported. I really hope that Schdme48 does not become orphaned in Debian (or has it already?). http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=411425 might or might not answer you question. Gruesse, -- Frank Lichtenheld [EMAIL PROTECTED] www: http://www.djpig.de/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processing of licq_1.3.5-6_i386.changes
licq_1.3.5-6_i386.changes uploaded successfully to localhost along with the files: licq_1.3.5-6.dsc licq_1.3.5-6.diff.gz licq-dev_1.3.5-6_all.deb licq_1.3.5-6_i386.deb licq-plugin-autoreply_1.3.5-6_i386.deb licq-plugin-console_1.3.5-6_i386.deb licq-plugin-forwarder_1.3.5-6_i386.deb licq-plugin-kde_1.3.5-6_i386.deb licq-plugin-msn_1.3.5-6_i386.deb licq-plugin-osd_1.3.5-6_i386.deb licq-plugin-qt_1.3.5-6_i386.deb licq-plugin-rms_1.3.5-6_i386.deb Greetings, Your Debian queue daemon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#479036: CVE-2008-1996: DoS due to too many connections
On Sat, May 03, 2008 at 05:54:18AM +1000, Steffen Joeris wrote: Package: licq Severity: normal The following CVE(0) has been issued against licq. CVE-2008-1996: licq before 1.3.6 allows remote attackers to cause a denial of service (file-descriptor exhaustion and application crash) via a large number of connections. I will make a QA upload for that. Gruesse, -- Frank Lichtenheld [EMAIL PROTECTED] www: http://www.djpig.de/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
licq override disparity
There are disparities between your recently accepted upload and the override file for the following file(s): licq-dev_1.3.5-6_all.deb: package says section is libdevel, override says devel. Either the package or the override file is incorrect. If you think the override is correct and the package wrong please fix the package so that this disparity is fixed in the next upload. If you feel the override is incorrect then please reply to this mail and explain why. [NB: this is an automatically generated mail; if you replied to one like it before and have not received a response yet, please ignore this mail. Your reply needs to be processed by a human and will be in due course, but until then the installer will send these automated mails; sorry.] -- Debian distribution maintenance software (This message was generated automatically; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
licq_1.3.5-6_i386.changes ACCEPTED
Accepted: licq-dev_1.3.5-6_all.deb to pool/main/l/licq/licq-dev_1.3.5-6_all.deb licq-plugin-autoreply_1.3.5-6_i386.deb to pool/main/l/licq/licq-plugin-autoreply_1.3.5-6_i386.deb licq-plugin-console_1.3.5-6_i386.deb to pool/main/l/licq/licq-plugin-console_1.3.5-6_i386.deb licq-plugin-forwarder_1.3.5-6_i386.deb to pool/main/l/licq/licq-plugin-forwarder_1.3.5-6_i386.deb licq-plugin-kde_1.3.5-6_i386.deb to pool/main/l/licq/licq-plugin-kde_1.3.5-6_i386.deb licq-plugin-msn_1.3.5-6_i386.deb to pool/main/l/licq/licq-plugin-msn_1.3.5-6_i386.deb licq-plugin-osd_1.3.5-6_i386.deb to pool/main/l/licq/licq-plugin-osd_1.3.5-6_i386.deb licq-plugin-qt_1.3.5-6_i386.deb to pool/main/l/licq/licq-plugin-qt_1.3.5-6_i386.deb licq-plugin-rms_1.3.5-6_i386.deb to pool/main/l/licq/licq-plugin-rms_1.3.5-6_i386.deb licq_1.3.5-6.diff.gz to pool/main/l/licq/licq_1.3.5-6.diff.gz licq_1.3.5-6.dsc to pool/main/l/licq/licq_1.3.5-6.dsc licq_1.3.5-6_i386.deb to pool/main/l/licq/licq_1.3.5-6_i386.deb Override entries for your package: licq-dev_1.3.5-6_all.deb - optional devel licq-plugin-autoreply_1.3.5-6_i386.deb - optional net licq-plugin-console_1.3.5-6_i386.deb - optional net licq-plugin-forwarder_1.3.5-6_i386.deb - optional net licq-plugin-kde_1.3.5-6_i386.deb - optional net licq-plugin-msn_1.3.5-6_i386.deb - optional net licq-plugin-osd_1.3.5-6_i386.deb - optional net licq-plugin-qt_1.3.5-6_i386.deb - optional net licq-plugin-rms_1.3.5-6_i386.deb - optional net licq_1.3.5-6.dsc - source net licq_1.3.5-6_i386.deb - optional net Announcing to [EMAIL PROTECTED] Closing bugs: 479036 Thank you for your contribution to Debian. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#479036: marked as done (CVE-2008-1996: DoS due to too many connections)
Your message dated Fri, 02 May 2008 14:32:55 + with message-id [EMAIL PROTECTED] and subject line Bug#479036: fixed in licq 1.3.5-6 has caused the Debian Bug report #479036, regarding CVE-2008-1996: DoS due to too many connections to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 479036: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=479036 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: licq Severity: normal Hi The following CVE(0) has been issued against licq. CVE-2008-1996: licq before 1.3.6 allows remote attackers to cause a denial of service (file-descriptor exhaustion and application crash) via a large number of connections. A proposed patch can be found here(1). Cheers Steffen (0) http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1996 (1) http://www.licq.org/changeset/6146 ---End Message--- ---BeginMessage--- Source: licq Source-Version: 1.3.5-6 We believe that the bug you reported is fixed in the latest version of licq, which is due to be installed in the Debian FTP archive: licq-dev_1.3.5-6_all.deb to pool/main/l/licq/licq-dev_1.3.5-6_all.deb licq-plugin-autoreply_1.3.5-6_i386.deb to pool/main/l/licq/licq-plugin-autoreply_1.3.5-6_i386.deb licq-plugin-console_1.3.5-6_i386.deb to pool/main/l/licq/licq-plugin-console_1.3.5-6_i386.deb licq-plugin-forwarder_1.3.5-6_i386.deb to pool/main/l/licq/licq-plugin-forwarder_1.3.5-6_i386.deb licq-plugin-kde_1.3.5-6_i386.deb to pool/main/l/licq/licq-plugin-kde_1.3.5-6_i386.deb licq-plugin-msn_1.3.5-6_i386.deb to pool/main/l/licq/licq-plugin-msn_1.3.5-6_i386.deb licq-plugin-osd_1.3.5-6_i386.deb to pool/main/l/licq/licq-plugin-osd_1.3.5-6_i386.deb licq-plugin-qt_1.3.5-6_i386.deb to pool/main/l/licq/licq-plugin-qt_1.3.5-6_i386.deb licq-plugin-rms_1.3.5-6_i386.deb to pool/main/l/licq/licq-plugin-rms_1.3.5-6_i386.deb licq_1.3.5-6.diff.gz to pool/main/l/licq/licq_1.3.5-6.diff.gz licq_1.3.5-6.dsc to pool/main/l/licq/licq_1.3.5-6.dsc licq_1.3.5-6_i386.deb to pool/main/l/licq/licq_1.3.5-6_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Frank Lichtenheld [EMAIL PROTECTED] (supplier of updated licq package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Fri, 02 May 2008 14:36:59 +0200 Source: licq Binary: licq licq-dev licq-plugin-autoreply licq-plugin-console licq-plugin-forwarder licq-plugin-kde licq-plugin-msn licq-plugin-osd licq-plugin-qt licq-plugin-rms Architecture: source all i386 Version: 1.3.5-6 Distribution: unstable Urgency: high Maintainer: Debian QA Group [EMAIL PROTECTED] Changed-By: Frank Lichtenheld [EMAIL PROTECTED] Description: licq - ICQ client (base files) licq-dev - Licq development and header files licq-plugin-autoreply - autoreply plug-in for Licq licq-plugin-console - console user interface plug-in for Licq licq-plugin-forwarder - forwarder plug-in for Licq licq-plugin-kde - graphical user interface plug-in for Licq using Qt and KDE licq-plugin-msn - MSN plug-in for Licq licq-plugin-osd - on-screen display plug-in for Licq licq-plugin-qt - graphical user interface plug-in for Licq using Qt licq-plugin-rms - remote management server plug-in for telnet Licq access Closes: 479036 Changes: licq (1.3.5-6) unstable; urgency=high . * QA Upload * CVE-2008-1996: Limit maximum number of connections to avoid DoS attacks. Patch from upstream, pointed out by Steffen Joeris. (closes: #479036) Checksums-Sha1: 870be54b8ee85b9325ac4b5bd05852fabe87cbac 1297 licq_1.3.5-6.dsc 3bb029ac3e55b75a8e7728480d82f503297c979d 36549 licq_1.3.5-6.diff.gz 86f794df5a6b468a2266b5df1f316b7fb2aa1f18 90220 licq-dev_1.3.5-6_all.deb 57dbe69ff735ad0d6c2616dada809a5823725489 691072 licq_1.3.5-6_i386.deb 4417feeadf172a2d0004baba80def0ba8f00b8a0 36798 licq-plugin-autoreply_1.3.5-6_i386.deb 4f92543702f1eb629a8d057200c2f469e5a94469 76558 licq-plugin-console_1.3.5-6_i386.deb 8adf09b41531e4eb28a0b659863265ebed8fb88e 37960 licq-plugin-forwarder_1.3.5-6_i386.deb ec970727d6e7212d520a16becb456494d59413b8 1709420 licq-plugin-kde_1.3.5-6_i386.deb 0f979453397fda6652e4816fdb672c1c444233f5 75378
Processed: tagging 479036
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.10.26 tags 479036 security Bug#479036: CVE-2008-1996: DoS due to too many connections There were no tags set. Tags added: security End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#479098: fixed
We believe that the bug you reported is now fixed; the following package(s) have been removed from unstable: 4digits | 0.8-1 | alpha, hurd-i386, m68k 4digits | 0.8-2 | source, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc Note that the package(s) have simply been removed from the tag database and may (or may not) still be in the pool; this is not a bug. The package(s) will be physically removed automatically when no suite references them (and in the case of source, when no binary references it). Please also remember that the changes have been done on the master archive (ftp-master.debian.org) and will not propagate to any mirrors (ftp.debian.org included) until the next cron.daily run at the earliest. Packages are never removed from testing by hand. Testing tracks unstable and will automatically remove packages which were removed from unstable when removing them from testing causes no dependency problems. Bugs which have been reported against this package are not automatically removed from the Bug Tracking System. Please check all open bugs and close them or re-assign them to another package if the removed package was superseded by another one. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED] This message was generated automatically; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED] Debian distribution maintenance software pp. Thomas Viehmann (the ftpmaster behind the curtain) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#466286: fixed
We believe that the bug you reported is now fixed; the following package(s) have been removed from unstable: libsylpheed-claws-dev | 1.0.5-6.1 | alpha, amd64, arm, armel, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390, sparc sylpheed-claws | 1.0.5-6.1 | source, alpha, amd64, arm, armel, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390, sparc sylpheed-claws-clamav | 1.0.5-6.1 | alpha, amd64, arm, armel, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390, sparc sylpheed-claws-dillo-viewer | 1.0.5-6.1 | alpha, amd64, arm, armel, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390, sparc sylpheed-claws-i18n | 1.0.5-6.1 | all sylpheed-claws-image-viewer | 1.0.5-6.1 | alpha, amd64, arm, armel, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390, sparc sylpheed-claws-pgpmime | 1.0.5-6.1 | alpha, amd64, arm, armel, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390, sparc sylpheed-claws-plugins | 1.0.5-6.1 | all sylpheed-claws-scripts | 1.0.5-6.1 | all sylpheed-claws-spamassassin | 1.0.5-6.1 | alpha, amd64, arm, armel, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390, sparc sylpheed-claws-trayicon | 1.0.5-6.1 | alpha, amd64, arm, armel, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390, sparc Note that the package(s) have simply been removed from the tag database and may (or may not) still be in the pool; this is not a bug. The package(s) will be physically removed automatically when no suite references them (and in the case of source, when no binary references it). Please also remember that the changes have been done on the master archive (ftp-master.debian.org) and will not propagate to any mirrors (ftp.debian.org included) until the next cron.daily run at the earliest. Packages are never removed from testing by hand. Testing tracks unstable and will automatically remove packages which were removed from unstable when removing them from testing causes no dependency problems. Bugs which have been reported against this package are not automatically removed from the Bug Tracking System. Please check all open bugs and close them or re-assign them to another package if the removed package was superseded by another one. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED] This message was generated automatically; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED] Debian distribution maintenance software pp. Thomas Viehmann (the ftpmaster behind the curtain) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
gcal 3.01.1-6 MIGRATED to testing
FYI: The status of the gcal source package in Debian's testing distribution has changed. Previous version: 3.01.1-5.1 Current version: 3.01.1-6 -- This email is automatically generated; [EMAIL PROTECTED] is responsible. See http://people.debian.org/~henning/trille/ for more information. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
bdfresize 1.5-4 MIGRATED to testing
FYI: The status of the bdfresize source package in Debian's testing distribution has changed. Previous version: 1.5-3.2 Current version: 1.5-4 -- This email is automatically generated; [EMAIL PROTECTED] is responsible. See http://people.debian.org/~henning/trille/ for more information. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]