Your message dated Wed, 09 Mar 2005 14:09:53 +0900
with message-id <[EMAIL PROTECTED]>
and subject line Critical Buffer Overflow in mlterm
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 8 Mar 2005 21:38:48 +0000
>From [EMAIL PROTECTED] Tue Mar 08 13:38:48 2005
Return-path: <[EMAIL PROTECTED]>
Received: from cm181-223.liwest.at (mail.nadev.net) [81.10.181.223]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1D8mPf-0005Cz-00; Tue, 08 Mar 2005 13:38:48 -0800
Received: from Cardassia.nadev.net (cardassia.nadev.net [::ffff:192.168.0.66])
by mail.nadev.net with esmtp; Tue, 08 Mar 2005 22:38:15 +0100
id 0000E48E.422E1B48.000071AB
Received: by Cardassia.nadev.net (sSMTP sendmail emulation); Tue, 8 Mar 2005
22:38:15 +0100
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Thomas Prokosch <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: Critical Buffer Overflow in mlterm
X-Mailer: reportbug 3.8
Date: Tue, 08 Mar 2005 22:38:15 +0100
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-5.8 required=4.0 tests=BAYES_00,FROM_ENDS_IN_NUMS,
FROM_HAS_MIXED_NUMS,HAS_PACKAGE autolearn=no
version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: mlterm
Version: 2.8.0.cvs20040403-2
Severity: grave
Tags: security
Justification: user security hole
According to Secunia the version of mlterm which is currently in testing
and unstable has a serious buffer overflow. See
http://secunia.com/advisories/14509/ for details.
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i586)
Kernel: Linux 2.6.10-1-386
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C)
Versions of packages mlterm depends on:
ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an
ii libfontconfig1 2.2.3-4 generic font configuration library
ii libfreetype6 2.1.7-2.3 FreeType 2 font engine, shared lib
ii libfribidi0 0.10.4-6 Free Implementation of the Unicode
ii libglib2.0-0 2.6.2-1 The GLib library of C routines
ii libgtk2.0-0 2.6.2-3 The GTK+ graphical user interface
ii libice6 4.3.0.dfsg.1-10 Inter-Client Exchange library
ii libsm6 4.3.0.dfsg.1-10 X Window System Session Management
ii libx11-6 4.3.0.dfsg.1-10 X Window System protocol client li
ii libxft2 2.1.2-6 FreeType-based font drawing librar
ii libxrender1 0.8.3-7 X Rendering Extension client libra
ii mlterm-common 2.8.0.cvs20040403-2 MultiLingual TERMinal, common file
ii xlibs 4.3.0.dfsg.1-10 X Keyboard Extension (XKB) configu
ii zlib1g 1:1.2.2-3 compression library - runtime
-- no debconf information
---------------------------------------
Received: (at 298621-done) by bugs.debian.org; 9 Mar 2005 05:09:54 +0000
>From [EMAIL PROTECTED] Tue Mar 08 21:09:54 2005
Return-path: <[EMAIL PROTECTED]>
Received: from orochi.topstudio.co.jp (mail.topstudio.co.jp) [202.224.239.193]
(postfix)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1D8tSE-0005fX-00; Tue, 08 Mar 2005 21:09:54 -0800
Received: from localhost (localhost [127.0.0.1])
by mail.topstudio.co.jp (Postfix) with ESMTP id 86C88223104
for <[EMAIL PROTECTED]>; Wed, 9 Mar 2005 14:09:53 +0900 (JST)
Received: from mail.topstudio.co.jp ([127.0.0.1])
by localhost (hydra [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
id 05601-08 for <[EMAIL PROTECTED]>;
Wed, 9 Mar 2005 14:09:53 +0900 (JST)
Received: from cyclopus.topstudio-unet.ocn.ne.jp.topstudio.co.jp
(cyclopus.topstudio-unet.ocn.ne.jp [192.168.1.3])
by mail.topstudio.co.jp (Postfix) with ESMTP id 4CDE3223101
for <[EMAIL PROTECTED]>; Wed, 9 Mar 2005 14:09:53 +0900 (JST)
Date: Wed, 09 Mar 2005 14:09:53 +0900
From: Kenshi Muto <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: Critical Buffer Overflow in mlterm
User-Agent: Wanderlust/2.11.30 (Wonderwall) SEMI/1.14.6 (Maruoka) FLIM/1.14.6
(Marutamachi) APEL/10.6 MULE XEmacs/21.4 (patch 17) (Jumbo Shrimp)
(amd64-debian-linux)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset=US-ASCII
Message-Id: <[EMAIL PROTECTED]>
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at topstudio.co.jp
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no
version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
mlterm 2.9.2 was already uploaded ago. Because it has NEW package,
hasn't been accepted.
Today, mlterm 2.9.2-1 is accepted for unstable! This urgency is high,
so building for other architectures and entering Sarge will be soon.
Thanks,
--
Kenshi Muto
[EMAIL PROTECTED]
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
