Bug#780567: marked as done (capnproto: CVE-2015-2312: CPU usage amplification attack)

[Debian Bug Tracking System]

Your message dated Sat, 28 Mar 2015 10:04:31 +0000
with message-id <e1ybnbt-0002q5...@franck.debian.org>
and subject line Bug#780567: fixed in capnproto 0.4.1-3
has caused the Debian Bug report #780567,
regarding capnproto: CVE-2015-2312: CPU usage amplification attack
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
780567: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780567
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: capnproto
Version: 0.4.1-2
Severity: critical

Upstream has reported a number of security issues in capnproto 0.4.1.
Creating bugs to track these issues while I work on getting them fixed.

This bug is tracking the "CPU usage amplification attack" bug reported on
2015-03-02.

Full details + patch:
https://github.com/sandstorm-io/capnproto/blob/master/security-advisories/2015-03-02-2-all-cpu-amplification.md


-- 
*Tom Lee */ http://tomlee.co / @tglee <http://twitter.com/tglee>

--- End Message ---

--- Begin Message ---

Source: capnproto
Source-Version: 0.4.1-3

We believe that the bug you reported is fixed in the latest version of
capnproto, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 780...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Tom Lee <deb...@tomlee.co> (supplier of updated capnproto package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 17 Mar 2015 19:53:24 -0800
Source: capnproto
Binary: libcapnp-0.4.1 libcapnp-dev capnproto
Architecture: source amd64
Version: 0.4.1-3
Distribution: unstable
Urgency: high
Maintainer: Tom Lee <deb...@tomlee.co>
Changed-By: Tom Lee <deb...@tomlee.co>
Description:
 capnproto  - tool for working with the Cap'n Proto data interchange format
 libcapnp-0.4.1 - Cap'n Proto C++ library
 libcapnp-dev - Cap'n Proto C++ library (development files)
Closes: 780565 780566 780567 780568
Changes:
 capnproto (0.4.1-3) unstable; urgency=high
 .
   * Fix CVE-2015-2310: Integer overflow in pointer validation (Closes: 780565)
   * Fix CVE-2015-2311: Integer underflow in pointer validation (Closes: 780566)
   * Fix CVE-2015-2312: CPU usage amplification attack (Closes: 780567)
   * Fix CVE-2015-2313: CPU usage amplification attack #2 (Closes: 780568)
Checksums-Sha1:
 bfe5a1cea8070a5dee0121ecd7068e87ef7f6c9d 2054 capnproto_0.4.1-3.dsc
 2f251b205c665c7b72817ae6d4c52f047f5c0282 10984 capnproto_0.4.1-3.debian.tar.xz
 9cde11cd029b8767494d450fb4979853af4bcbaa 526256 
libcapnp-0.4.1_0.4.1-3_amd64.deb
 2da025c247379fdb44705116e11a921b65bcfe69 745964 libcapnp-dev_0.4.1-3_amd64.deb
 9ef5ca198cad87de6501049ca92ddf4ec44ac910 170350 capnproto_0.4.1-3_amd64.deb
Checksums-Sha256:
 32f86d39b12d26d0edeb36a8df51ce4be6a431f579f6b415edeb9b9900d5d300 2054 
capnproto_0.4.1-3.dsc
 d2855bd37291847b7dea7a9d0c9aa632088da6ec16a038ece0ba403d4b12cfe5 10984 
capnproto_0.4.1-3.debian.tar.xz
 0cc882278276f9c09eb7bcec86e5f9a35f5896f78a5595d1b87df17eeeb4608b 526256 
libcapnp-0.4.1_0.4.1-3_amd64.deb
 1054d6f3d786748edd83fb59a0c840a7f03212b44c9137aee51108fd2fd228b7 745964 
libcapnp-dev_0.4.1-3_amd64.deb
 22b6714c52a57d29670320c0746e6f68627f1dc963e16edcbf5d1ee15befa0b8 170350 
capnproto_0.4.1-3_amd64.deb
Files:
 eb595ceebeb49db8ecdd480acebc34f0 2054 devel optional capnproto_0.4.1-3.dsc
 41613a343a27107b43f7cc7d4439601c 10984 devel optional 
capnproto_0.4.1-3.debian.tar.xz
 96655f2e7aeb70fe31105e401dbb0547 526256 libs optional 
libcapnp-0.4.1_0.4.1-3_amd64.deb
 0ae5bbd903cab58907f25d1e798c6d36 745964 libdevel optional 
libcapnp-dev_0.4.1-3_amd64.deb
 43056c2e59c9ada3d7999d585593d2ab 170350 devel optional 
capnproto_0.4.1-3_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJVFlyVAAoJEJWkL+g1NSX51QgP/3+VZopWCBf4EVHsMnuuVvZP
iQ2DyQ7dLLzwsoRiipjd1dP22sfqH6JN0Ac1stPxkHS9vt4QO/sTYi4KoydM9Mp3
qbbEJt9ivGo4l/gEcDA9wKR0FV1V40KYy0WXHwvXK16s6t3VU14Caf3wt8zSnAxA
b4ZZDGac8LNrI5Q2cViGU11FRa16UuJVI4EfWhyPxsb9OxH+2bKlOwGCcTdnqXw1
tPZrMuFv88pWCG7G7H/vUazu4GJD/V3AsIqYRKdF1bIHVcLkfSKtasJ89c2GE3jm
urKCcdJs0UcjJRa3yAxUGPtCwerubfLxUyYVacciC0g5UcJgcfM+im8xbqT0h4CP
cYpGe2xs5thVo426tfoO/JBxqDKhf/2sQb63axOECmsHliRjgcQmHx9pz9Am/mIO
ZKKEvPq9DZNr2zhC/NG0kdMJDCYzDC2+Je0ttNbIXY98rKqeAe/u3h1ffaX2IN95
c56VA7Pjjto03Nqd0di4mudtSwNSwvJ8auiFqetRjfD+OZaJPyGEDBCN2wCDjU6u
Rsybuqx8v/j0B39E9yGcmzrxnaahm2jfFg1yy4GCob0txQ2eX4ukqwIdB8kZJjfK
8CKnjzpV4xSYrqcVnK8AS0UMiFkZ7owRNbW+G2zMGXy1O7uIj2ebb+mnzDEgkN+3
A717zs6cgpIwyHp+UAxu
=GxxL
-----END PGP SIGNATURE-----

--- End Message ---