Bug#306454: marked as done (maxdb-7.5.00: Three remotely exploitable buffer overflows in MaxDB)

Mon, 02 May 2005 15:42:08 -0700 

Your message dated Mon, 02 May 2005 14:33:07 -0400
with message-id <[EMAIL PROTECTED]>
and subject line Bug#306454: fixed in maxdb-7.5.00 7.5.00.26-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 26 Apr 2005 17:37:47 +0000
>From [EMAIL PROTECTED] Tue Apr 26 10:37:46 2005
Return-path: <[EMAIL PROTECTED]>
Received: from inutil.org (vserver151.vserver151.serverflex.de) 
[193.22.164.111] 
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1DQU0G-00082e-00; Tue, 26 Apr 2005 10:37:44 -0700
Received: from p54893d69.dip.t-dialin.net ([84.137.61.105] 
helo=localhost.localdomain)
        by vserver151.vserver151.serverflex.de with esmtpsa 
(TLS-1.0:RSA_AES_256_CBC_SHA:32)
        (Exim 4.50)
        id 1DQU0D-0006Rn-VF
        for [EMAIL PROTECTED]; Tue, 26 Apr 2005 19:37:42 +0200
Received: from jmm by localhost.localdomain with local (Exim 4.50)
        id 1DQU0B-0001oi-7S; Tue, 26 Apr 2005 19:37:39 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: maxdb-7.5.00: Three remotely exploitable buffer overflows in MaxDB
X-Mailer: reportbug 3.9
Date: Tue, 26 Apr 2005 19:37:38 +0200
Message-Id: <[EMAIL PROTECTED]>
X-SA-Exim-Connect-IP: 84.137.61.105
X-SA-Exim-Mail-From: [EMAIL PROTECTED]
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond 
expanded to false
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: maxdb-7.5.00
Severity: grave
Tags: security
Justification: user security hole

Three remotely exploitable buffer overflows in various parts of MaxDB
have been reported by iDefense. Please see their advisories for details:

http://www.idefense.com/application/poi/display?id=236&type=vulnerabilities
http://www.idefense.com/application/poi/display?id=234&type=vulnerabilities
http://www.idefense.com/application/poi/display?id=235&type=vulnerabilities

All issues have been fixed in 7.5.00.26

Cheers,
        Moritz

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)

---------------------------------------
Received: (at 306454-close) by bugs.debian.org; 2 May 2005 18:44:45 +0000
>From [EMAIL PROTECTED] Mon May 02 11:44:45 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1DSfuP-0002Wd-00; Mon, 02 May 2005 11:44:45 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
        id 1DSfj9-0005OH-00; Mon, 02 May 2005 14:33:07 -0400
From: Martin Kittel <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#306454: fixed in maxdb-7.5.00 7.5.00.26-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Mon, 02 May 2005 14:33:07 -0400
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Source: maxdb-7.5.00
Source-Version: 7.5.00.26-1

We believe that the bug you reported is fixed in the latest version of
maxdb-7.5.00, which is due to be installed in the Debian FTP archive:

libsqldbc7.5.00-dev_7.5.00.26-1_i386.deb
  to pool/main/m/maxdb-7.5.00/libsqldbc7.5.00-dev_7.5.00.26-1_i386.deb
libsqldbc7.5.00_7.5.00.26-1_i386.deb
  to pool/main/m/maxdb-7.5.00/libsqldbc7.5.00_7.5.00.26-1_i386.deb
libsqlod7.5.00-dev_7.5.00.26-1_i386.deb
  to pool/main/m/maxdb-7.5.00/libsqlod7.5.00-dev_7.5.00.26-1_i386.deb
libsqlod7.5.00_7.5.00.26-1_i386.deb
  to pool/main/m/maxdb-7.5.00/libsqlod7.5.00_7.5.00.26-1_i386.deb
maxdb-7.5.00_7.5.00.26-1.diff.gz
  to pool/main/m/maxdb-7.5.00/maxdb-7.5.00_7.5.00.26-1.diff.gz
maxdb-7.5.00_7.5.00.26-1.dsc
  to pool/main/m/maxdb-7.5.00/maxdb-7.5.00_7.5.00.26-1.dsc
maxdb-7.5.00_7.5.00.26.orig.tar.gz
  to pool/main/m/maxdb-7.5.00/maxdb-7.5.00_7.5.00.26.orig.tar.gz
maxdb-dbanalyzer_7.5.00.26-1_i386.deb
  to pool/main/m/maxdb-7.5.00/maxdb-dbanalyzer_7.5.00.26-1_i386.deb
maxdb-dbmcli_7.5.00.26-1_i386.deb
  to pool/main/m/maxdb-7.5.00/maxdb-dbmcli_7.5.00.26-1_i386.deb
maxdb-loadercli_7.5.00.26-1_i386.deb
  to pool/main/m/maxdb-7.5.00/maxdb-loadercli_7.5.00.26-1_i386.deb
maxdb-lserver_7.5.00.26-1_i386.deb
  to pool/main/m/maxdb-7.5.00/maxdb-lserver_7.5.00.26-1_i386.deb
maxdb-server-7.5.00_7.5.00.26-1_i386.deb
  to pool/main/m/maxdb-7.5.00/maxdb-server-7.5.00_7.5.00.26-1_i386.deb
maxdb-server-dbg-7.5.00_7.5.00.26-1_i386.deb
  to pool/main/m/maxdb-7.5.00/maxdb-server-dbg-7.5.00_7.5.00.26-1_i386.deb
maxdb-server_7.5.00.26-1_i386.deb
  to pool/main/m/maxdb-7.5.00/maxdb-server_7.5.00.26-1_i386.deb
maxdb-sqlcli_7.5.00.26-1_i386.deb
  to pool/main/m/maxdb-7.5.00/maxdb-sqlcli_7.5.00.26-1_i386.deb
maxdb-webtools_7.5.00.26-1_i386.deb
  to pool/main/m/maxdb-7.5.00/maxdb-webtools_7.5.00.26-1_i386.deb
python-maxdb-loader_7.5.00.26-1_i386.deb
  to pool/main/m/maxdb-7.5.00/python-maxdb-loader_7.5.00.26-1_i386.deb
python-maxdb_7.5.00.26-1_i386.deb
  to pool/main/m/maxdb-7.5.00/python-maxdb_7.5.00.26-1_i386.deb
python2.3-maxdb-loader_7.5.00.26-1_i386.deb
  to pool/main/m/maxdb-7.5.00/python2.3-maxdb-loader_7.5.00.26-1_i386.deb
python2.3-maxdb_7.5.00.26-1_i386.deb
  to pool/main/m/maxdb-7.5.00/python2.3-maxdb_7.5.00.26-1_i386.deb
python2.4-maxdb-loader_7.5.00.26-1_i386.deb
  to pool/main/m/maxdb-7.5.00/python2.4-maxdb-loader_7.5.00.26-1_i386.deb
python2.4-maxdb_7.5.00.26-1_i386.deb
  to pool/main/m/maxdb-7.5.00/python2.4-maxdb_7.5.00.26-1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Martin Kittel <[EMAIL PROTECTED]> (supplier of updated maxdb-7.5.00 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 26 Apr 2005 21:21:30 +0200
Source: maxdb-7.5.00
Binary: python2.3-maxdb maxdb-server-dbg-7.5.00 libsqldbc7.5.00-dev 
libsqldbc7.5.00 python-maxdb python2.4-maxdb-loader python2.3-maxdb-loader 
maxdb-dbanalyzer libsqlod7.5.00-dev maxdb-dbmcli python2.4-maxdb 
maxdb-loadercli python-maxdb-loader maxdb-sqlcli maxdb-server-7.5.00 
maxdb-lserver maxdb-webtools libsqlod7.5.00 maxdb-server
Architecture: source i386
Version: 7.5.00.26-1
Distribution: unstable
Urgency: high
Maintainer: Martin Kittel <[EMAIL PROTECTED]>
Changed-By: Martin Kittel <[EMAIL PROTECTED]>
Description: 
 libsqldbc7.5.00 - SQLDB interface libraries for the MaxDB database system
 libsqldbc7.5.00-dev - Development package for the SQLDBC interface to the 
MaxDB databas
 libsqlod7.5.00 - ODBC interface libraries for the MaxDB database system
 libsqlod7.5.00-dev - Development package for the ODBC interface to the MaxDB 
database 
 maxdb-dbanalyzer - A performance monitoring tool for MaxDB databases
 maxdb-dbmcli - The MaxDB database manager command line interface
 maxdb-loadercli - A load/unload tool for MaxDB databases
 maxdb-lserver - Loader server client of the MaxDB database package
 maxdb-server - Communication server for the MaxDB database system
 maxdb-server-7.5.00 - A transactional, industrial-strength SQL database system
 maxdb-server-dbg-7.5.00 - Debug versions of the database server kernel
 maxdb-sqlcli - A command line query interface to MaxDB databases
 maxdb-webtools - MaxDB webserver with WebDBM and WebSQL applications
 python-maxdb - Python bindings for MaxDB (default version)
 python-maxdb-loader - Python bindings for MaxDB loader server (default version)
 python2.3-maxdb - Python bindings for MaxDB for Python v2.3
 python2.3-maxdb-loader - Python interface to the MaxDB loader for Python v2.3
 python2.4-maxdb - Python bindings for MaxDB for Python v2.4
 python2.4-maxdb-loader - Python interface to the MaxDB loader for Python v2.4
Closes: 306454
Changes: 
 maxdb-7.5.00 (7.5.00.26-1) unstable; urgency=high
 .
   * New upstream release
   * updated patches and removed those that are not needed any more
   * This release closes the buffer overflows in the web tools mentioned in
     some iDefense advisories (Closes: #306454).
Files: 
 d315a2bdb41ea9ca83f1a88425dc78ca 1141 misc optional 
maxdb-7.5.00_7.5.00.26-1.dsc
 540f0d95daf49d68226e84e12e708f4b 16481808 misc optional 
maxdb-7.5.00_7.5.00.26.orig.tar.gz
 7ce2b1143f0f259a2b60964641145e56 108003 misc optional 
maxdb-7.5.00_7.5.00.26-1.diff.gz
 4deb97d5fe0000a307bed48b53811753 3095366 misc optional 
maxdb-server_7.5.00.26-1_i386.deb
 5a13c3d7fce32220f07f51e09f29960f 13274450 misc optional 
maxdb-server-7.5.00_7.5.00.26-1_i386.deb
 c51c8a1a5d29a1abd4930689cafcffca 2082816 misc optional 
maxdb-loadercli_7.5.00.26-1_i386.deb
 c70dc0f0ec65e11ab7fd5d2cff8e0304 1158954 misc optional 
maxdb-dbmcli_7.5.00.26-1_i386.deb
 1a6cd937e98ac2af2b65df1749da7a09 6290708 misc extra 
maxdb-server-dbg-7.5.00_7.5.00.26-1_i386.deb
 497503cf250db9055d08bbd2e5011881 64462 python optional 
python-maxdb_7.5.00.26-1_i386.deb
 2814e7a1e2f6aa9b77436f9ffff718d7 59744 python optional 
python-maxdb-loader_7.5.00.26-1_i386.deb
 6b785ac9137964bf2ba68537727f1f8e 418628 python optional 
python2.3-maxdb_7.5.00.26-1_i386.deb
 c0492f501e0d1f8ba6175c40e2182ea1 211366 python optional 
python2.3-maxdb-loader_7.5.00.26-1_i386.deb
 90fbb36b07190b2d663e5fa8de0ff0e1 418610 python optional 
python2.4-maxdb_7.5.00.26-1_i386.deb
 c7d107a3f31c3b27c4b50807aba2eaf9 211356 python optional 
python2.4-maxdb-loader_7.5.00.26-1_i386.deb
 3af6fa00501d89f60897c9a854ec72c3 2659820 misc optional 
maxdb-webtools_7.5.00.26-1_i386.deb
 fab11cd026bc9affc9d21f8543ec3595 965066 misc optional 
maxdb-dbanalyzer_7.5.00.26-1_i386.deb
 9323b4fe641c010257e1405fc4e84dfd 139722 misc optional 
maxdb-sqlcli_7.5.00.26-1_i386.deb
 d7ce438c1cb4166a790f7885298ced61 670912 libs optional 
libsqlod7.5.00_7.5.00.26-1_i386.deb
 eae46abc0b36f3bbd4d1e9652449d810 121652 libdevel optional 
libsqlod7.5.00-dev_7.5.00.26-1_i386.deb
 e4668f61db451930472947644ae66029 2006356 misc optional 
maxdb-lserver_7.5.00.26-1_i386.deb
 63e9eee6c6f70d624e89ebf40a150454 731826 libs optional 
libsqldbc7.5.00_7.5.00.26-1_i386.deb
 3dbed86133730dc4352ef1da51f9cc09 909166 libdevel optional 
libsqldbc7.5.00-dev_7.5.00.26-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCdmbpStlRaw+TLJwRAgcDAKCpODQW9+pvP7d9BfEDrs1EfISB3wCfTYcP
Xz568uIWwDcxEZlIGn1/8h0=
=7zNv
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to