Your message dated Mon, 21 Mar 2005 03:17:53 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#299807: fixed in omniorb4 4.0.5-2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 16 Mar 2005 17:38:25 +0000
>From [EMAIL PROTECTED] Wed Mar 16 09:38:25 2005
Return-path: <[EMAIL PROTECTED]>
Received: from einhorn.in-berlin.de [192.109.42.8] (root)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DBcTQ-0002hT-00; Wed, 16 Mar 2005 09:38:25 -0800
X-Envelope-From: [EMAIL PROTECTED]
X-Envelope-To: <[EMAIL PROTECTED]>
Received: from einhorn.in-berlin.de (localhost [127.0.0.1])
by einhorn.in-berlin.de (8.12.10/8.12.10/Debian-4) with ESMTP id
j2GHcHti015164
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
for <[EMAIL PROTECTED]>; Wed, 16 Mar 2005 18:38:17 +0100
Received: (from [EMAIL PROTECTED])
by einhorn.in-berlin.de (8.12.10/8.12.10/Debian-4) id j2GHcDAL015137
for [EMAIL PROTECTED]; Wed, 16 Mar 2005 18:38:13 +0100
X-Authentication-Warning: einhorn.in-berlin.de: www-data set sender to [EMAIL
PROTECTED] using -f
Received: from port-213-148-143-146.static.qsc.de
(port-213-148-143-146.static.qsc.de [213.148.143.146])
by webmail.in-berlin.de (IMP) with HTTP
for <[EMAIL PROTECTED]>; Wed, 16 Mar 2005 18:38:12 +0100
Message-ID: <[EMAIL PROTECTED]>
Date: Wed, 16 Mar 2005 18:38:12 +0100
From: "W. Borgert" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: omniORB potentially vulnerable against DoS
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 3.2.6
X-Spam-Score: (-2.398) ALL_TRUSTED,AWL,BAYES_00
X-Scanned-By: MIMEDefang_at_IN-Berlin_e.V. on 192.109.42.8
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: libomniorb4
Version: 4.0.5-1
Severity: grave
Tags: patch
In case of setting serverCallTimeOutPeriod in /etc/omniORB4.cfg
or by command line, omniORB does not honour the timeout which
leads to inaccessibility of any server application, if too many
client connections are not closed by the client side.
The patch is by Duncan Grisby (omniORB upstream) and will
be included in CVS and upcoming 4.0.6, I hope.
diff -u -r1.1.4.21 giopStrand.cc
--- src/lib/omniORB/orbcore/giopStrand.cc 17 Oct 2004 21:48:40 -0000 1.1.4.21
+++ src/lib/omniORB/orbcore/giopStrand.cc 16 Mar 2005 09:15:29 -0000
@@ -540,10 +540,12 @@
giop_s->giopStreamList::insert(servers);
}
- if (remove && giop_s->state() != IOP_S::WaitingForReply)
- delete giop_s;
- else
- restart_idle = 0;
+ if (remove) {
+ if (giop_s->state() != IOP_S::WaitingForReply)
+ delete giop_s;
+ else
+ restart_idle = 0;
+ }
if (restart_idle && !biDir) {
CORBA::Boolean success = startIdleCounter();
---------------------------------------
Received: (at 299807-close) by bugs.debian.org; 21 Mar 2005 08:24:22 +0000
>From [EMAIL PROTECTED] Mon Mar 21 00:24:22 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DDICz-0006UH-00; Mon, 21 Mar 2005 00:24:21 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1DDI6j-0005uR-00; Mon, 21 Mar 2005 03:17:53 -0500
From: Bastian Blank <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#299807: fixed in omniorb4 4.0.5-2
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Mon, 21 Mar 2005 03:17:53 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Source: omniorb4
Source-Version: 4.0.5-2
We believe that the bug you reported is fixed in the latest version of
omniorb4, which is due to be installed in the Debian FTP archive:
libcos4-dev_4.0.5-2_i386.deb
to pool/main/o/omniorb4/libcos4-dev_4.0.5-2_i386.deb
libcos4_4.0.5-2_i386.deb
to pool/main/o/omniorb4/libcos4_4.0.5-2_i386.deb
libomniorb4-dev_4.0.5-2_i386.deb
to pool/main/o/omniorb4/libomniorb4-dev_4.0.5-2_i386.deb
libomniorb4_4.0.5-2_i386.deb
to pool/main/o/omniorb4/libomniorb4_4.0.5-2_i386.deb
libomnithread3-dev_4.0.5-2_i386.deb
to pool/main/o/omniorb4/libomnithread3-dev_4.0.5-2_i386.deb
libomnithread3_4.0.5-2_i386.deb
to pool/main/o/omniorb4/libomnithread3_4.0.5-2_i386.deb
omniidl4_4.0.5-2_i386.deb
to pool/main/o/omniorb4/omniidl4_4.0.5-2_i386.deb
omniorb4-doc_4.0.5-2_all.deb
to pool/main/o/omniorb4/omniorb4-doc_4.0.5-2_all.deb
omniorb4-idl_4.0.5-2_all.deb
to pool/main/o/omniorb4/omniorb4-idl_4.0.5-2_all.deb
omniorb4-nameserver_4.0.5-2_i386.deb
to pool/main/o/omniorb4/omniorb4-nameserver_4.0.5-2_i386.deb
omniorb4_4.0.5-2.diff.gz
to pool/main/o/omniorb4/omniorb4_4.0.5-2.diff.gz
omniorb4_4.0.5-2.dsc
to pool/main/o/omniorb4/omniorb4_4.0.5-2.dsc
omniorb4_4.0.5-2_i386.deb
to pool/main/o/omniorb4/omniorb4_4.0.5-2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastian Blank <[EMAIL PROTECTED]> (supplier of updated omniorb4 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 20 Mar 2005 11:13:56 +0100
Source: omniorb4
Binary: omniorb4-doc libomnithread3 omniidl4 libcos4 omniorb4-nameserver
libomnithread3-dev libcos4-dev omniorb4 libomniorb4-dev omniorb4-idl libomniorb4
Architecture: source i386 all
Version: 4.0.5-2
Distribution: unstable
Urgency: high
Maintainer: Bastian Blank <[EMAIL PROTECTED]>
Changed-By: Bastian Blank <[EMAIL PROTECTED]>
Description:
libcos4 - omniORB4 - CORBA ORB - libcos4
libcos4-dev - omniORB4 - CORBA ORB - libcos4 - developer files
libomniorb4 - omniORB4 - CORBA ORB - libomniorb4
libomniorb4-dev - omniORB4 - CORBA ORB - developer files
libomnithread3 - omniORB4 - CORBA ORB - libomnithread3
libomnithread3-dev - omniORB4 - CORBA ORB - developer files
omniidl4 - omniORB4 - idl compiler
omniorb4 - omniORB4 - CORBA ORB - programs
omniorb4-doc - omniORB4 - CORBA ORB - documentation
omniorb4-idl - omniORB4 - CORBA ORB - idl files
omniorb4-nameserver - omniORB4 - CORBA ORB - nameserver
Closes: 299807
Changes:
omniorb4 (4.0.5-2) unstable; urgency=high
.
* Fix DoS. (closes: #299807)
Files:
fd7fcacc90a8de0a4e06cdadf4ecb5f2 760 devel optional omniorb4_4.0.5-2.dsc
772534b86b8009207eb428d1822df6e8 7104 devel optional omniorb4_4.0.5-2.diff.gz
6cd49ceee9f02905844d8c1af1cfa3c7 89384 devel optional
omniorb4-idl_4.0.5-2_all.deb
465f91ed3c29cd84a16fe5d81e7568f9 129128 doc optional
omniorb4-doc_4.0.5-2_all.deb
4ff686d97b9fa66f112d031b7b4696d1 84368 devel optional omniorb4_4.0.5-2_i386.deb
202a6264913612440ac215543eb643e4 86624 devel optional
omniorb4-nameserver_4.0.5-2_i386.deb
bfe79e11f927c626c6591bc5917e4d8c 540710 libs optional libcos4_4.0.5-2_i386.deb
ef5819af722f99a39ec3b534e4f431ba 650804 libdevel optional
libcos4-dev_4.0.5-2_i386.deb
6e44fa39a3b7d721df2fcd569c4691fe 1149750 libs optional
libomniorb4_4.0.5-2_i386.deb
5da230c75cfff9281e07f2327c25e5d7 1634336 libdevel optional
libomniorb4-dev_4.0.5-2_i386.deb
28f7d47421cd79c21fa19f670c0ae7ba 57324 libs optional
libomnithread3_4.0.5-2_i386.deb
f06c6d82d4f9f5e32b04d9a3c3429592 64078 libdevel optional
libomnithread3-dev_4.0.5-2_i386.deb
68bcdee2c081634729937df46bca6371 340938 devel optional
omniidl4_4.0.5-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iEYEARECAAYFAkI+ffsACgkQLkAIIn9ODhHa1ACfZcLxNHiZnt3kc/vlEYhwmr3l
vgwAmwbfnRW+GsKJOz+Pcu1zzfx8Glww
=aUuz
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
