Bug#299846: marked as done (openslp: Several non-descript buffer overflows and out-of-bounds memory access)

Thu, 17 Mar 2005 06:08:05 -0800 

Your message dated Thu, 17 Mar 2005 08:47:08 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#299846: fixed in openslp 1.0.11a-2
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 16 Mar 2005 23:02:01 +0000
>From [EMAIL PROTECTED] Wed Mar 16 15:02:01 2005
Return-path: <[EMAIL PROTECTED]>
Received: from inutil.org (vserver151.vserver151.serverflex.de) 
[193.22.164.111] 
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1DBhWa-0005CA-00; Wed, 16 Mar 2005 15:02:00 -0800
Received: from p5489639b.dip.t-dialin.net ([84.137.99.155] 
helo=localhost.localdomain)
        by vserver151.vserver151.serverflex.de with esmtpsa 
(TLS-1.0:RSA_AES_256_CBC_SHA:32)
        (Exim 4.44)
        id 1DBhWY-0007tA-84
        for [EMAIL PROTECTED]; Thu, 17 Mar 2005 00:01:58 +0100
Received: from jmm by localhost.localdomain with local (Exim 4.50)
        id 1DBhWV-0001oB-Ga
        for [EMAIL PROTECTED]; Thu, 17 Mar 2005 00:01:55 +0100
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: openslp: Several non-descript buffer overflows and out-of-bounds memory
 access
X-Mailer: reportbug 3.8
Date: Thu, 17 Mar 2005 00:01:54 +0100
X-Debbugs-Cc: [EMAIL PROTECTED]
Message-Id: <[EMAIL PROTECTED]>
X-SA-Exim-Connect-IP: 84.137.99.155
X-SA-Exim-Mail-From: [EMAIL PROTECTED]
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond 
expanded to false
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
        X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: openslp
Severity: grave
Tags: security
Justification: user security hole

SuSE Security has found several buffer overflows and out-of-memory access
possibilities during a code audit. Neither the original SuSE nor the Mandrake
advisory contain detailed information, openslp.org lacks usable information
as well, but as both SuSE and Mandrake issued advisories the problem seems
to require further evaluation.

I couldn't find a CAN assignment yet.

Cheers,
        Moritz

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)

---------------------------------------
Received: (at 299846-close) by bugs.debian.org; 17 Mar 2005 13:53:04 +0000
>From [EMAIL PROTECTED] Thu Mar 17 05:53:04 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1DBvQu-0005K1-00; Thu, 17 Mar 2005 05:53:04 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
        id 1DBvLA-00039i-00; Thu, 17 Mar 2005 08:47:08 -0500
From: Ganesan Rajagopal <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#299846: fixed in openslp 1.0.11a-2
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Thu, 17 Mar 2005 08:47:08 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Source: openslp
Source-Version: 1.0.11a-2

We believe that the bug you reported is fixed in the latest version of
openslp, which is due to be installed in the Debian FTP archive:

libslp-dev_1.0.11a-2_i386.deb
  to pool/main/o/openslp/libslp-dev_1.0.11a-2_i386.deb
libslp1_1.0.11a-2_i386.deb
  to pool/main/o/openslp/libslp1_1.0.11a-2_i386.deb
openslp-doc_1.0.11a-2_all.deb
  to pool/main/o/openslp/openslp-doc_1.0.11a-2_all.deb
openslp_1.0.11a-2.diff.gz
  to pool/main/o/openslp/openslp_1.0.11a-2.diff.gz
openslp_1.0.11a-2.dsc
  to pool/main/o/openslp/openslp_1.0.11a-2.dsc
slpd_1.0.11a-2_i386.deb
  to pool/main/o/openslp/slpd_1.0.11a-2_i386.deb
slptool_1.0.11a-2_i386.deb
  to pool/main/o/openslp/slptool_1.0.11a-2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ganesan Rajagopal <[EMAIL PROTECTED]> (supplier of updated openslp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 17 Mar 2005 18:44:25 +0530
Source: openslp
Binary: libslp-dev slptool libslp1 openslp-doc slpd
Architecture: source i386 all
Version: 1.0.11a-2
Distribution: unstable
Urgency: high
Maintainer: Ganesan Rajagopal <[EMAIL PROTECTED]>
Changed-By: Ganesan Rajagopal <[EMAIL PROTECTED]>
Description: 
 libslp-dev - OpenSLP development libraries
 libslp1    - OpenSLP libraries
 openslp-doc - OpenSLP documentation
 slpd       - OpenSLP Server (slpd)
 slptool    - SLP command line tool
Closes: 299846
Changes: 
 openslp (1.0.11a-2) unstable; urgency=high
 .
   * Apply patches from SuSE openslp-1.1.5-73.15.src.rpm to fix several
     buffer overflows and out-of-bounds memory access (Closes: #299846).
Files: 
 8a92ca551220e5880315230d77a5bc89 640 net extra openslp_1.0.11a-2.dsc
 7c3dde5a7f1b32abe92f29ec2c656c10 150870 net extra openslp_1.0.11a-2.diff.gz
 cb97f974b6ef9b72591811d1869b23b3 96080 doc extra openslp-doc_1.0.11a-2_all.deb
 4f18a2eaf9a035fac067c7c8dc2a932e 66610 net extra slpd_1.0.11a-2_i386.deb
 4e03c213a3f48cca55e7fa39c888cd50 47298 libs optional libslp1_1.0.11a-2_i386.deb
 c3a92d47a43e25b5303044009abf15aa 26320 utils extra slptool_1.0.11a-2_i386.deb
 a47b2aaf6a1011461873e67a4185c6e0 62692 libdevel extra 
libslp-dev_1.0.11a-2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFCOYZcFeACul2MEuoRAteYAKCyq4zB6zIJWGZxFp6CPczo0u/uOgCgkcnn
DEPFfKmxzr8dISwGNIY3sdg=
=G86I
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to