Your message dated Thu, 10 Mar 2005 13:17:08 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#296925: fixed in prozilla 1:1.3.7.4-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 25 Feb 2005 19:40:56 +0000
>From [EMAIL PROTECTED] Fri Feb 25 11:40:56 2005
Return-path: <[EMAIL PROTECTED]>
Received: from kitenet.net [64.62.161.42] (postfix)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1D4lKa-0003sY-00; Fri, 25 Feb 2005 11:40:56 -0800
Received: from dragon.kitenet.net (unknown [66.168.94.144])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "Joey Hess", Issuer "Joey Hess" (verified OK))
by kitenet.net (Postfix) with ESMTP id C222E17DC6
for <[EMAIL PROTECTED]>; Fri, 25 Feb 2005 19:40:55 +0000 (GMT)
Received: by dragon.kitenet.net (Postfix, from userid 1000)
id 6AEAC6F031; Fri, 25 Feb 2005 14:43:23 -0500 (EST)
Date: Fri, 25 Feb 2005 14:43:23 -0500
From: Joey Hess <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: remote shell via format string vulnerability (CAN-2005-0523)
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="5mCyUwZo2JvN/JJP"
Content-Disposition: inline
X-Reportbug-Version: 3.8
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
--5mCyUwZo2JvN/JJP
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Package: prozilla
Version: 1:1.3.7.3-1
Severity: grave
prozilla has another security hole. A format string vulnerability allows
remote code execution. I've not verified this, but here's the exploit:
http://downloads.securityfocus.com/vulnerabilities/exploits/prozillaFormatS=
tring.c
Based on info at the end of this gentoo bug repprt, the format string
problem involves a double expansion of a string from the server between
message() and curses_message().
In message(), we have:
va_start(vp, args);
vsnprintf(p, sizeof(p), args, vp);
va_end(vp);
switch (rt.display_mode)
{
case DISPLAY_CURSES:
curses_message(p);
The above vsnprintf is vulnerable to a format string attack.
In curses_message(), we have:
va_start(vp, args);
vsnprintf(p, sizeof(p), args, vp);
va_end(vp);
Also vulnerable.
There may be others. Upstream is apparently aware of this vulnerability.
--=20
see shy jo
--5mCyUwZo2JvN/JJP
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCH3/ad8HHehbQuO8RAj8gAKDk9yZNwiM0PSZK+Vzh+728VNzRQwCglWT4
yH+3VzW5sAGILRa8WzzBnmE=
=gVOb
-----END PGP SIGNATURE-----
--5mCyUwZo2JvN/JJP--
---------------------------------------
Received: (at 296925-close) by bugs.debian.org; 10 Mar 2005 18:23:04 +0000
>From [EMAIL PROTECTED] Thu Mar 10 10:23:03 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1D9SJL-0002RR-00; Thu, 10 Mar 2005 10:23:03 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1D9SDc-0007r6-00; Thu, 10 Mar 2005 13:17:08 -0500
From: [EMAIL PROTECTED] (Guilherme de S. Pastore)
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#296925: fixed in prozilla 1:1.3.7.4-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Thu, 10 Mar 2005 13:17:08 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Source: prozilla
Source-Version: 1:1.3.7.4-1
We believe that the bug you reported is fixed in the latest version of
prozilla, which is due to be installed in the Debian FTP archive:
prozilla_1.3.7.4-1.diff.gz
to pool/main/p/prozilla/prozilla_1.3.7.4-1.diff.gz
prozilla_1.3.7.4-1.dsc
to pool/main/p/prozilla/prozilla_1.3.7.4-1.dsc
prozilla_1.3.7.4-1_i386.deb
to pool/main/p/prozilla/prozilla_1.3.7.4-1_i386.deb
prozilla_1.3.7.4.orig.tar.gz
to pool/main/p/prozilla/prozilla_1.3.7.4.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guilherme de S. Pastore <[EMAIL PROTECTED]> (supplier of updated prozilla
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 10 Mar 2005 13:42:29 -0300
Source: prozilla
Binary: prozilla
Architecture: source i386
Version: 1:1.3.7.4-1
Distribution: unstable
Urgency: high
Maintainer: Guilherme de S. Pastore <[EMAIL PROTECTED]>
Changed-By: Guilherme de S. Pastore <[EMAIL PROTECTED]>
Description:
prozilla - multi-threaded download accelerator
Closes: 296925
Changes:
prozilla (1:1.3.7.4-1) unstable; urgency=high
.
* New upstream release
- Fixes format string vulnerability, CAN-2005-0523 (Closes: #296925)
* debian/control:
- Improved long description
- Added Homepage to long description's end
Files:
adcb4efe081f24bf18fed52f3754a9cb 624 net optional prozilla_1.3.7.4-1.dsc
b594b55b1b49a8eca2505173cc1bfc44 222229 net optional
prozilla_1.3.7.4.orig.tar.gz
d15a5be79b3573d88f7d63d92d6e7f60 10823 net optional prozilla_1.3.7.4-1.diff.gz
68697663edc59a87e7b179827e034817 84010 net optional prozilla_1.3.7.4-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCMIunt1anjIgqbEsRAkOGAKDOpmcZ5A1arR9qdG3JJ7PN3i6s1gCeNMOu
TqPKo/x6H1ykeaVJc/Rn7Z8=
=gx9J
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
