Your message dated Mon, 21 Mar 2005 03:17:53 -0500 with message-id <[EMAIL PROTECTED]> and subject line Bug#299807: fixed in omniorb4 4.0.5-2 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 16 Mar 2005 17:38:25 +0000 >From [EMAIL PROTECTED] Wed Mar 16 09:38:25 2005 Return-path: <[EMAIL PROTECTED]> Received: from einhorn.in-berlin.de [192.109.42.8] (root) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1DBcTQ-0002hT-00; Wed, 16 Mar 2005 09:38:25 -0800 X-Envelope-From: [EMAIL PROTECTED] X-Envelope-To: <[EMAIL PROTECTED]> Received: from einhorn.in-berlin.de (localhost [127.0.0.1]) by einhorn.in-berlin.de (8.12.10/8.12.10/Debian-4) with ESMTP id j2GHcHti015164 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for <[EMAIL PROTECTED]>; Wed, 16 Mar 2005 18:38:17 +0100 Received: (from [EMAIL PROTECTED]) by einhorn.in-berlin.de (8.12.10/8.12.10/Debian-4) id j2GHcDAL015137 for [EMAIL PROTECTED]; Wed, 16 Mar 2005 18:38:13 +0100 X-Authentication-Warning: einhorn.in-berlin.de: www-data set sender to [EMAIL PROTECTED] using -f Received: from port-213-148-143-146.static.qsc.de (port-213-148-143-146.static.qsc.de [213.148.143.146]) by webmail.in-berlin.de (IMP) with HTTP for <[EMAIL PROTECTED]>; Wed, 16 Mar 2005 18:38:12 +0100 Message-ID: <[EMAIL PROTECTED]> Date: Wed, 16 Mar 2005 18:38:12 +0100 From: "W. Borgert" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: omniORB potentially vulnerable against DoS MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit User-Agent: Internet Messaging Program (IMP) 3.2.6 X-Spam-Score: (-2.398) ALL_TRUSTED,AWL,BAYES_00 X-Scanned-By: MIMEDefang_at_IN-Berlin_e.V. on 192.109.42.8 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Package: libomniorb4 Version: 4.0.5-1 Severity: grave Tags: patch In case of setting serverCallTimeOutPeriod in /etc/omniORB4.cfg or by command line, omniORB does not honour the timeout which leads to inaccessibility of any server application, if too many client connections are not closed by the client side. The patch is by Duncan Grisby (omniORB upstream) and will be included in CVS and upcoming 4.0.6, I hope. diff -u -r1.1.4.21 giopStrand.cc --- src/lib/omniORB/orbcore/giopStrand.cc 17 Oct 2004 21:48:40 -0000 1.1.4.21 +++ src/lib/omniORB/orbcore/giopStrand.cc 16 Mar 2005 09:15:29 -0000 @@ -540,10 +540,12 @@ giop_s->giopStreamList::insert(servers); } - if (remove && giop_s->state() != IOP_S::WaitingForReply) - delete giop_s; - else - restart_idle = 0; + if (remove) { + if (giop_s->state() != IOP_S::WaitingForReply) + delete giop_s; + else + restart_idle = 0; + } if (restart_idle && !biDir) { CORBA::Boolean success = startIdleCounter(); --------------------------------------- Received: (at 299807-close) by bugs.debian.org; 21 Mar 2005 08:24:22 +0000 >From [EMAIL PROTECTED] Mon Mar 21 00:24:22 2005 Return-path: <[EMAIL PROTECTED]> Received: from newraff.debian.org [208.185.25.31] (mail) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1DDICz-0006UH-00; Mon, 21 Mar 2005 00:24:21 -0800 Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian)) id 1DDI6j-0005uR-00; Mon, 21 Mar 2005 03:17:53 -0500 From: Bastian Blank <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] X-Katie: $Revision: 1.55 $ Subject: Bug#299807: fixed in omniorb4 4.0.5-2 Message-Id: <[EMAIL PROTECTED]> Sender: Archive Administrator <[EMAIL PROTECTED]> Date: Mon, 21 Mar 2005 03:17:53 -0500 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Source: omniorb4 Source-Version: 4.0.5-2 We believe that the bug you reported is fixed in the latest version of omniorb4, which is due to be installed in the Debian FTP archive: libcos4-dev_4.0.5-2_i386.deb to pool/main/o/omniorb4/libcos4-dev_4.0.5-2_i386.deb libcos4_4.0.5-2_i386.deb to pool/main/o/omniorb4/libcos4_4.0.5-2_i386.deb libomniorb4-dev_4.0.5-2_i386.deb to pool/main/o/omniorb4/libomniorb4-dev_4.0.5-2_i386.deb libomniorb4_4.0.5-2_i386.deb to pool/main/o/omniorb4/libomniorb4_4.0.5-2_i386.deb libomnithread3-dev_4.0.5-2_i386.deb to pool/main/o/omniorb4/libomnithread3-dev_4.0.5-2_i386.deb libomnithread3_4.0.5-2_i386.deb to pool/main/o/omniorb4/libomnithread3_4.0.5-2_i386.deb omniidl4_4.0.5-2_i386.deb to pool/main/o/omniorb4/omniidl4_4.0.5-2_i386.deb omniorb4-doc_4.0.5-2_all.deb to pool/main/o/omniorb4/omniorb4-doc_4.0.5-2_all.deb omniorb4-idl_4.0.5-2_all.deb to pool/main/o/omniorb4/omniorb4-idl_4.0.5-2_all.deb omniorb4-nameserver_4.0.5-2_i386.deb to pool/main/o/omniorb4/omniorb4-nameserver_4.0.5-2_i386.deb omniorb4_4.0.5-2.diff.gz to pool/main/o/omniorb4/omniorb4_4.0.5-2.diff.gz omniorb4_4.0.5-2.dsc to pool/main/o/omniorb4/omniorb4_4.0.5-2.dsc omniorb4_4.0.5-2_i386.deb to pool/main/o/omniorb4/omniorb4_4.0.5-2_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bastian Blank <[EMAIL PROTECTED]> (supplier of updated omniorb4 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sun, 20 Mar 2005 11:13:56 +0100 Source: omniorb4 Binary: omniorb4-doc libomnithread3 omniidl4 libcos4 omniorb4-nameserver libomnithread3-dev libcos4-dev omniorb4 libomniorb4-dev omniorb4-idl libomniorb4 Architecture: source i386 all Version: 4.0.5-2 Distribution: unstable Urgency: high Maintainer: Bastian Blank <[EMAIL PROTECTED]> Changed-By: Bastian Blank <[EMAIL PROTECTED]> Description: libcos4 - omniORB4 - CORBA ORB - libcos4 libcos4-dev - omniORB4 - CORBA ORB - libcos4 - developer files libomniorb4 - omniORB4 - CORBA ORB - libomniorb4 libomniorb4-dev - omniORB4 - CORBA ORB - developer files libomnithread3 - omniORB4 - CORBA ORB - libomnithread3 libomnithread3-dev - omniORB4 - CORBA ORB - developer files omniidl4 - omniORB4 - idl compiler omniorb4 - omniORB4 - CORBA ORB - programs omniorb4-doc - omniORB4 - CORBA ORB - documentation omniorb4-idl - omniORB4 - CORBA ORB - idl files omniorb4-nameserver - omniORB4 - CORBA ORB - nameserver Closes: 299807 Changes: omniorb4 (4.0.5-2) unstable; urgency=high . * Fix DoS. (closes: #299807) Files: fd7fcacc90a8de0a4e06cdadf4ecb5f2 760 devel optional omniorb4_4.0.5-2.dsc 772534b86b8009207eb428d1822df6e8 7104 devel optional omniorb4_4.0.5-2.diff.gz 6cd49ceee9f02905844d8c1af1cfa3c7 89384 devel optional omniorb4-idl_4.0.5-2_all.deb 465f91ed3c29cd84a16fe5d81e7568f9 129128 doc optional omniorb4-doc_4.0.5-2_all.deb 4ff686d97b9fa66f112d031b7b4696d1 84368 devel optional omniorb4_4.0.5-2_i386.deb 202a6264913612440ac215543eb643e4 86624 devel optional omniorb4-nameserver_4.0.5-2_i386.deb bfe79e11f927c626c6591bc5917e4d8c 540710 libs optional libcos4_4.0.5-2_i386.deb ef5819af722f99a39ec3b534e4f431ba 650804 libdevel optional libcos4-dev_4.0.5-2_i386.deb 6e44fa39a3b7d721df2fcd569c4691fe 1149750 libs optional libomniorb4_4.0.5-2_i386.deb 5da230c75cfff9281e07f2327c25e5d7 1634336 libdevel optional libomniorb4-dev_4.0.5-2_i386.deb 28f7d47421cd79c21fa19f670c0ae7ba 57324 libs optional libomnithread3_4.0.5-2_i386.deb f06c6d82d4f9f5e32b04d9a3c3429592 64078 libdevel optional libomnithread3-dev_4.0.5-2_i386.deb 68bcdee2c081634729937df46bca6371 340938 devel optional omniidl4_4.0.5-2_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) iEYEARECAAYFAkI+ffsACgkQLkAIIn9ODhHa1ACfZcLxNHiZnt3kc/vlEYhwmr3l vgwAmwbfnRW+GsKJOz+Pcu1zzfx8Glww =aUuz -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]