Bug#295499: marked as done (CAN-2005-0011: Buffer overflows in fliccd of kstars of kdeedu)

Debian Bug Tracking System Wed, 16 Feb 2005 14:38:06 -0800

Your message dated Wed, 16 Feb 2005 17:17:35 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#295499: fixed in kdeedu 4:3.3.2-2
has caused the attached Bug report to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 16 Feb 2005 08:37:13 +0000
>From [EMAIL PROTECTED] Wed Feb 16 00:37:13 2005
Return-path: <[EMAIL PROTECTED]>
Received: from luonnotar.infodrom.org [195.124.48.78] (postfix)
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1D1KgL-0005kA-00; Wed, 16 Feb 2005 00:37:13 -0800
Received: by luonnotar.infodrom.org (Postfix, from userid 10)
        id 44A45366B7A; Wed, 16 Feb 2005 09:37:17 +0100 (CET)
Received: at Infodrom Oldenburg (/\##/\ Smail-3.2.0.102 1998-Aug-2 #2)
        from infodrom.org by finlandia.Infodrom.North.DE
        via smail from stdin
        id <[EMAIL PROTECTED]>
        for [EMAIL PROTECTED]; Wed, 16 Feb 2005 09:30:18 +0100 (CET) 
Date: Wed, 16 Feb 2005 09:30:18 +0100
From: Martin Schulze <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: CAN-2005-0011: Buffer overflows in fliccd of kstars of kdeedu
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
X-Debbugs-Cc: [EMAIL PROTECTED]
User-Agent: Mutt/1.5.6+20040907i
Content-Transfer-Encoding: quoted-printable
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
        X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: kdeedu
Severity: grave
Tags: security sid patch sarge

Erik Sj=F6lund discovered that a buffer overflow in fliccd which is
installed setuid root (at least on Debian/unstable) can be exploited
quite easily and will probably allow arbitrary code to be executed.

Patch:
ftp://ftp.kde.org/pub/kde/security_patches/post-3.3.2-kdeedu-kstars.diff

Please
 . update the package in sid and sarge
 . mention the CVE id from the subject in the changelog
 . use priority=3Dhigh

Regards,

        Joey

--=20
Ten years and still binary compatible.  -- XFree86

Please always Cc to me when replying to me on the lists.

---------------------------------------
Received: (at 295499-close) by bugs.debian.org; 16 Feb 2005 22:24:44 +0000
>From [EMAIL PROTECTED] Wed Feb 16 14:24:44 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1D1XbA-0007vA-00; Wed, 16 Feb 2005 14:24:44 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
        id 1D1XUF-0004V4-00; Wed, 16 Feb 2005 17:17:35 -0500
From: Ben Burton <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#295499: fixed in kdeedu 4:3.3.2-2
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Wed, 16 Feb 2005 17:17:35 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Source: kdeedu
Source-Version: 4:3.3.2-2

We believe that the bug you reported is fixed in the latest version of
kdeedu, which is due to be installed in the Debian FTP archive:

kalzium_3.3.2-2_i386.deb
  to pool/main/k/kdeedu/kalzium_3.3.2-2_i386.deb
kbruch_3.3.2-2_i386.deb
  to pool/main/k/kdeedu/kbruch_3.3.2-2_i386.deb
kdeedu-data_3.3.2-2_all.deb
  to pool/main/k/kdeedu/kdeedu-data_3.3.2-2_all.deb
kdeedu-doc-html_3.3.2-2_all.deb
  to pool/main/k/kdeedu/kdeedu-doc-html_3.3.2-2_all.deb
kdeedu_3.3.2-2.diff.gz
  to pool/main/k/kdeedu/kdeedu_3.3.2-2.diff.gz
kdeedu_3.3.2-2.dsc
  to pool/main/k/kdeedu/kdeedu_3.3.2-2.dsc
kdeedu_3.3.2-2_all.deb
  to pool/main/k/kdeedu/kdeedu_3.3.2-2_all.deb
keduca_3.3.2-2_i386.deb
  to pool/main/k/kdeedu/keduca_3.3.2-2_i386.deb
khangman_3.3.2-2_i386.deb
  to pool/main/k/kdeedu/khangman_3.3.2-2_i386.deb
kig_3.3.2-2_i386.deb
  to pool/main/k/kdeedu/kig_3.3.2-2_i386.deb
kiten_3.3.2-2_i386.deb
  to pool/main/k/kdeedu/kiten_3.3.2-2_i386.deb
klatin_3.3.2-2_i386.deb
  to pool/main/k/kdeedu/klatin_3.3.2-2_i386.deb
klettres-data_3.3.2-2_all.deb
  to pool/main/k/kdeedu/klettres-data_3.3.2-2_all.deb
klettres_3.3.2-2_i386.deb
  to pool/main/k/kdeedu/klettres_3.3.2-2_i386.deb
kmessedwords_3.3.2-2_i386.deb
  to pool/main/k/kdeedu/kmessedwords_3.3.2-2_i386.deb
kmplot_3.3.2-2_i386.deb
  to pool/main/k/kdeedu/kmplot_3.3.2-2_i386.deb
kpercentage_3.3.2-2_i386.deb
  to pool/main/k/kdeedu/kpercentage_3.3.2-2_i386.deb
kstars-data_3.3.2-2_all.deb
  to pool/main/k/kdeedu/kstars-data_3.3.2-2_all.deb
kstars_3.3.2-2_i386.deb
  to pool/main/k/kdeedu/kstars_3.3.2-2_i386.deb
ktouch_3.3.2-2_i386.deb
  to pool/main/k/kdeedu/ktouch_3.3.2-2_i386.deb
kturtle_3.3.2-2_i386.deb
  to pool/main/k/kdeedu/kturtle_3.3.2-2_i386.deb
kverbos_3.3.2-2_i386.deb
  to pool/main/k/kdeedu/kverbos_3.3.2-2_i386.deb
kvoctrain_3.3.2-2_i386.deb
  to pool/main/k/kdeedu/kvoctrain_3.3.2-2_i386.deb
kwordquiz_3.3.2-2_i386.deb
  to pool/main/k/kdeedu/kwordquiz_3.3.2-2_i386.deb
libkdeedu-dev_3.3.2-2_i386.deb
  to pool/main/k/kdeedu/libkdeedu-dev_3.3.2-2_i386.deb
libkdeedu1_3.3.2-2_i386.deb
  to pool/main/k/kdeedu/libkdeedu1_3.3.2-2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ben Burton <[EMAIL PROTECTED]> (supplier of updated kdeedu package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 17 Feb 2005 07:53:09 +1100
Source: kdeedu
Binary: kdeedu-doc-html keduca kdeedu libkdeedu-dev kstars ktouch libkdeedu1 
kwordquiz klettres kmplot kdeedu-data kalzium kverbos kstars-data khangman 
kvoctrain kbruch kiten kmessedwords kturtle kig klatin klettres-data kpercentage
Architecture: source i386 all
Version: 4:3.3.2-2
Distribution: unstable
Urgency: high
Maintainer: Ben Burton <[EMAIL PROTECTED]>
Changed-By: Ben Burton <[EMAIL PROTECTED]>
Description: 
 kalzium    - chemistry teaching tool for KDE
 kbruch     - fraction calculation teaching tool for KDE
 kdeedu     - educational apps from the official KDE release
 kdeedu-data - shared data for KDE educational applications
 kdeedu-doc-html - KDE edutainment documentation in HTML format
 keduca     - interactive form-based tests for KDE
 khangman   - the classical hangman game for KDE
 kig        - interactive geometry program for KDE
 kiten      - Japanese reference/study tool for KDE
 klatin     - application to help revise/teach Latin
 klettres   - foreign alphabet tutor for KDE
 klettres-data - data files for KLettres foreign alphabet tutor
 kmessedwords - letter order game for KDE
 kmplot     - mathematical function plotter for KDE
 kpercentage - percentage calculation teaching tool for KDE
 kstars     - desktop planetarium for KDE
 kstars-data - data files for KStars desktop planetarium
 ktouch     - touch typing tutor for KDE
 kturtle    - educational Logo programming environment
 kverbos    - Spanish verb form study application for KDE
 kvoctrain  - vocabulary trainer for KDE
 kwordquiz  - flashcard and vocabulary learning program for KDE
 libkdeedu-dev - development files for KDE educational library
 libkdeedu1 - library for use with KDE educational apps
Closes: 295499
Changes: 
 kdeedu (4:3.3.2-2) unstable; urgency=high
 .
   * Fixed buffer overflows in fliccd, one of the INDI drivers shipped with
     kstars (closes: #295499).  See the following URL for further information:
     - http://www.kde.org/info/security/advisory-20050215-1.txt
     References: CAN-2005-0011
   * Patched the sources directly (i.e., the patch shows up in the usual
     debian diff but not as an extra file in debian/patches), since this is
     a non-debian-specific problem that is already fixed in upstream CVS.
Files: 
 27b8d0cd346a746a1ea43685e3944512 901 kde optional kdeedu_3.3.2-2.dsc
 7d91f463281c216a8c704449c697dd97 13970 kde optional kdeedu_3.3.2-2.diff.gz
 ae5db21414c5f361754b54485dd00c7f 9450 kde optional kdeedu_3.3.2-2_all.deb
 7ac68aec50156a613f64cea40fc50e01 20118 kde optional kdeedu-data_3.3.2-2_all.deb
 9250f3295271df3927354d4f6bae3705 276670 doc optional 
kdeedu-doc-html_3.3.2-2_all.deb
 c15dc86f983303d5c586ef8c6799bbad 790364 kde optional 
klettres-data_3.3.2-2_all.deb
 ff588fd7bf730bc9a3588bf89ec4b3d6 6399036 science optional 
kstars-data_3.3.2-2_all.deb
 835a147588c0e76ac9f3bc2f21d88c19 1157638 science optional 
kalzium_3.3.2-2_i386.deb
 cc12632f4d8695c6069fe02ce0b31b6f 313998 math optional kbruch_3.3.2-2_i386.deb
 0e44713c76019e73d3662d38fc63505f 261994 kde optional keduca_3.3.2-2_i386.deb
 208d29e528bab170a91c340268a3f97f 1293412 games optional 
khangman_3.3.2-2_i386.deb
 71d1777f1a1639c0cb8291fa8d1d0437 1426260 math optional kig_3.3.2-2_i386.deb
 2952dd684a3f909f804b8669e4bde5c7 257706 kde optional kiten_3.3.2-2_i386.deb
 b08de483ce48b12e7deaa4062daaab59 212098 kde optional klatin_3.3.2-2_i386.deb
 9a4a96c81ca25980b103b7bea2398da9 750528 kde optional klettres_3.3.2-2_i386.deb
 6884b5c29b846101deb13900eb70f3f8 772818 games optional 
kmessedwords_3.3.2-2_i386.deb
 94119f3948cbd35d56b5f9285d4f10f4 561888 math optional kmplot_3.3.2-2_i386.deb
 edb4b331e8db4c916c7cc9ec77c161dd 367250 math optional 
kpercentage_3.3.2-2_i386.deb
 0c8483ff2bd31d4e16c90d0e4e2cd3c5 3565694 science optional 
kstars_3.3.2-2_i386.deb
 998196cc8bcd82cd75e36da1d794764d 935822 kde optional ktouch_3.3.2-2_i386.deb
 49e70669dbd894e1f36710cd891c1acb 356752 devel optional kturtle_3.3.2-2_i386.deb
 81658745a809534954e47ea631122995 443216 kde optional kverbos_3.3.2-2_i386.deb
 b245f53a8a5a31d56647e8d18427ebbd 847384 kde optional kvoctrain_3.3.2-2_i386.deb
 ba0e969d9f4c610ff22e93f4ab55d952 731432 kde optional kwordquiz_3.3.2-2_i386.deb
 07fc0f37cfe7be22169192fc87aff0e0 114364 libs optional 
libkdeedu1_3.3.2-2_i386.deb
 77cf181d755634111b26c2d191f481a6 32976 libdevel optional 
libkdeedu-dev_3.3.2-2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCE73UMQNuxza4YcERAvagAJwIqShao229HNueXSTIigB26x2dUwCfaQhE
GAd/wnXXW/s1GDgvjrijTck=
=19mw
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#295499: marked as done (CAN-2005-0011: Buffer overflows in fliccd of kstars of kdeedu)

Reply via email to