[Bug 1083414] Re: DoS-Vulnerability in pgbouncer
This bug was fixed in the package pgbouncer - 1.3.1-3ubuntu0.1 --- pgbouncer (1.3.1-3ubuntu0.1) lucid-security; urgency=low * SECURITY UPDATE: denial of service when too long db name is provided (LP: #1083414) - debian/patches/04-CVE-2012-4575.dpatch: objects.c(add_database): fail gracefully if too long db name. Based on upstream patch. - CVE-2012-4575 -- Christian KuersteinerFri, 07 Dec 2012 13:06:35 +0700 ** Changed in: pgbouncer (Ubuntu Lucid) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1083414 Title: DoS-Vulnerability in pgbouncer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pgbouncer/+bug/1083414/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1083414] Re: DoS-Vulnerability in pgbouncer
ACK on the lucid debdiff, with a minor edit to debian/changelog to list the correct name of the patch file. The package is building now and will be released today. Your debdiffs look fine to me, thanks for all your hard work! ** Changed in: pgbouncer (Ubuntu Lucid) Status: Confirmed => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1083414 Title: DoS-Vulnerability in pgbouncer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pgbouncer/+bug/1083414/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1083414] Re: DoS-Vulnerability in pgbouncer
And the last patch for lucid. Since this is my first security bug fix let me know if I missed something or can improve anything. ** Patch added: "lp1083414-lucid.debdiff" https://bugs.launchpad.net/ubuntu/+source/pgbouncer/+bug/1083414/+attachment/3455964/+files/lp1083414-lucid.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1083414 Title: DoS-Vulnerability in pgbouncer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pgbouncer/+bug/1083414/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1083414] Re: DoS-Vulnerability in pgbouncer
** Branch linked: lp:ubuntu/oneiric-security/pgbouncer ** Branch linked: lp:~ubuntu-branches/ubuntu/precise/pgbouncer/precise- security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1083414 Title: DoS-Vulnerability in pgbouncer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pgbouncer/+bug/1083414/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1083414] Re: DoS-Vulnerability in pgbouncer
This bug was fixed in the package pgbouncer - 1.4.2-1ubuntu0.1 --- pgbouncer (1.4.2-1ubuntu0.1) oneiric-security; urgency=low * SECURITY UPDATE: denial of service when too long db name is provided (LP: #1083414) - debian/patches/3-CVE-2012-4575.patch: objects.c(add_database): fail gracefully if too long db name. Based on upstream patch. - CVE-2012-4575 -- Christian KuersteinerThu, 06 Dec 2012 12:46:08 +0700 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1083414 Title: DoS-Vulnerability in pgbouncer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pgbouncer/+bug/1083414/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1083414] Re: DoS-Vulnerability in pgbouncer
This bug was fixed in the package pgbouncer - 1.4.2-2ubuntu0.1 --- pgbouncer (1.4.2-2ubuntu0.1) precise-security; urgency=low * SECURITY UPDATE: denial of service when too long db name is provided (LP: #1083414) - debian/patches/2-CVE-2012-4575.patch: objects.c(add_database): fail gracefully if too long db name. Based on upstream patch. - CVE-2012-4575 -- Christian KuersteinerTue, 04 Dec 2012 22:21:56 +0700 ** Changed in: pgbouncer (Ubuntu Precise) Status: Fix Committed => Fix Released ** Changed in: pgbouncer (Ubuntu Oneiric) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1083414 Title: DoS-Vulnerability in pgbouncer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pgbouncer/+bug/1083414/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1083414] Re: DoS-Vulnerability in pgbouncer
** Changed in: pgbouncer (Ubuntu Oneiric) Status: Confirmed => Fix Committed ** Changed in: pgbouncer (Ubuntu Precise) Status: Confirmed => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1083414 Title: DoS-Vulnerability in pgbouncer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pgbouncer/+bug/1083414/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1083414] Re: DoS-Vulnerability in pgbouncer
ACK on the oneiric and precise debdiffs. They look good. They will build now and will be pushed soon. Thanks! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1083414 Title: DoS-Vulnerability in pgbouncer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pgbouncer/+bug/1083414/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1083414] Re: DoS-Vulnerability in pgbouncer
** Patch added: "lp1083414-oneiric.debdiff" https://bugs.launchpad.net/ubuntu/+source/pgbouncer/+bug/1083414/+attachment/3453631/+files/lp1083414-oneiric.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1083414 Title: DoS-Vulnerability in pgbouncer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pgbouncer/+bug/1083414/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1083414] Re: DoS-Vulnerability in pgbouncer
** Patch added: "lp1083414-precise.debdiff" https://bugs.launchpad.net/ubuntu/+source/pgbouncer/+bug/1083414/+attachment/3452777/+files/lp1083414-precise.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1083414 Title: DoS-Vulnerability in pgbouncer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pgbouncer/+bug/1083414/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1083414] Re: DoS-Vulnerability in pgbouncer
** Branch linked: lp:~ubuntu-branches/ubuntu/quantal/pgbouncer/quantal- security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1083414 Title: DoS-Vulnerability in pgbouncer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pgbouncer/+bug/1083414/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1083414] Re: DoS-Vulnerability in pgbouncer
This bug was fixed in the package pgbouncer - 1.5.2-2ubuntu0.1 --- pgbouncer (1.5.2-2ubuntu0.1) quantal-security; urgency=low * SECURITY UPDATE: denial of service when too long db name is provided (LP: #1083414) - debian/patches/1-CVE-2012-4575.patch: objects.c(add_database): fail gracefully if too long db name. Based on upstream patch. - CVE-2012-4575 -- Christian KuersteinerMon, 03 Dec 2012 13:53:28 +0700 ** Changed in: pgbouncer (Ubuntu Quantal) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1083414 Title: DoS-Vulnerability in pgbouncer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pgbouncer/+bug/1083414/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1083414] Re: DoS-Vulnerability in pgbouncer
ACK on the debdiff, looks good, thanks! I will upload it for building now, and it should be released in the next few hours. Thanks! ** Also affects: pgbouncer (Ubuntu Quantal) Importance: Undecided Status: New ** Also affects: pgbouncer (Ubuntu Raring) Importance: Undecided Status: New ** Also affects: pgbouncer (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: pgbouncer (Ubuntu Oneiric) Importance: Undecided Status: New ** Also affects: pgbouncer (Ubuntu Precise) Importance: Undecided Status: New ** Changed in: pgbouncer (Ubuntu Raring) Status: New => Fix Released ** Changed in: pgbouncer (Ubuntu Quantal) Status: New => Confirmed ** Changed in: pgbouncer (Ubuntu Precise) Status: New => Confirmed ** Changed in: pgbouncer (Ubuntu Oneiric) Status: New => Confirmed ** Changed in: pgbouncer (Ubuntu Lucid) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1083414 Title: DoS-Vulnerability in pgbouncer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pgbouncer/+bug/1083414/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1083414] Re: DoS-Vulnerability in pgbouncer
The attachment "lp1083414-quantal.debdiff" of this bug report has been identified as being a patch in the form of a debdiff. The ubuntu- sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu- sponsors team please also unsubscribe the team from this bug report. [This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1083414 Title: DoS-Vulnerability in pgbouncer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pgbouncer/+bug/1083414/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1083414] Re: DoS-Vulnerability in pgbouncer
** Patch added: "lp1083414-quantal.debdiff" https://bugs.launchpad.net/ubuntu/+source/pgbouncer/+bug/1083414/+attachment/3450319/+files/lp1083414-quantal.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1083414 Title: DoS-Vulnerability in pgbouncer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pgbouncer/+bug/1083414/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1083414] Re: DoS-Vulnerability in pgbouncer
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1083414 Title: DoS-Vulnerability in pgbouncer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pgbouncer/+bug/1083414/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs