Your message dated Tue, 02 Oct 2007 19:56:20 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#432007: fixed in ktorrent 2.0.3+dfsg1-2etch1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: ktorrent
Version: 2.0.3+dfsg1-2.2
Severity: grave
Tags: security
Justification: user security hole
Apparently, the fix for directory traversal is incomplete... see:
http://bugs.kde.org/show_bug.cgi?id=143637
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (990, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.18
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages ktorrent depends on:
ii kdelibs4c2a 4:3.5.7.dfsg.1-1 core libraries and binaries for al
ii libacl1 2.2.42-1 Access control list shared library
ii libart-2.0-2 2.3.19-3 Library of functions for 2D graphi
ii libattr1 1:2.4.32-1.1 Extended attribute shared library
ii libaudio2 1.9-2 The Network Audio System (NAS). (s
ii libc6 2.5-9 GNU C Library: Shared libraries
ii libfontconfig1 2.4.2-1.2 generic font configuration library
ii libfreetype6 2.2.1-6 FreeType 2 font engine, shared lib
ii libgamin0 [libfam0] 0.1.8-2 Client library for the gamin file
ii libgcc1 1:4.2-20070516-1 GCC support library
ii libgmp3c2 2:4.2.1+dfsg-4 Multiprecision arithmetic library
ii libice6 1:1.0.3-2 X11 Inter-Client Exchange library
ii libidn11 0.6.5-1 GNU libidn library, implementation
ii libjpeg62 6b-13 The Independent JPEG Group's JPEG
ii libpcre3 6.7-1 Perl 5 Compatible Regular Expressi
ii libpng12-0 1.2.15~beta5-2 PNG library - runtime
ii libqt3-mt 3:3.3.7-4+b1 Qt GUI Library (Threaded runtime v
ii libsm6 2:1.0.3-1 X11 Session Management library
ii libstdc++6 4.2-20070516-1 The GNU Standard C++ Library v3
ii libx11-6 2:1.0.3-7 X11 client-side library
ii libxcursor1 1:1.1.8-2 X cursor management library
ii libxext6 1:1.0.3-2 X11 miscellaneous extension librar
ii libxft2 2.1.12-2 FreeType-based font drawing librar
ii libxi6 1:1.0.1-4 X11 Input extension library
ii libxinerama1 1:1.0.2-1 X11 Xinerama extension library
ii libxrandr2 2:1.2.1-1 X11 RandR extension library
ii libxrender1 1:0.9.2-1 X Rendering Extension client libra
ii libxt6 1:1.0.5-3 X11 toolkit intrinsics library
ii zlib1g 1:1.2.3-15 compression library - runtime
ktorrent recommends no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: ktorrent
Source-Version: 2.0.3+dfsg1-2etch1
We believe that the bug you reported is fixed in the latest version of
ktorrent, which is due to be installed in the Debian FTP archive:
ktorrent_2.0.3+dfsg1-2etch1.diff.gz
to pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2etch1.diff.gz
ktorrent_2.0.3+dfsg1-2etch1.dsc
to pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2etch1.dsc
ktorrent_2.0.3+dfsg1-2etch1_amd64.deb
to pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2etch1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Modestas Vainius <[EMAIL PROTECTED]> (supplier of updated ktorrent package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 24 Jul 2007 16:43:47 +0300
Source: ktorrent
Binary: ktorrent
Architecture: source amd64
Version: 2.0.3+dfsg1-2etch1
Distribution: stable-security
Urgency: high
Maintainer: Joel Johnson <[EMAIL PROTECTED]>
Changed-By: Modestas Vainius <[EMAIL PROTECTED]>
Description:
ktorrent - BitTorrent client for KDE
Closes: 425043 432007
Changes:
ktorrent (2.0.3+dfsg1-2etch1) stable-security; urgency=high
.
* Non-maintainer upload.
* [CVE-2007-1799] Complete fix for directory traversal vulnerability. The
patch is based on upstream svn commit #651343 (Closes: #432007).
* Fix frequent DHT related crashes. The crashes are caused by other
bittorent clients sending specially formed DHT packets (hence remotely
exploitable). See KDE bug #144416. The patch is based on upstream svn
commits #655895 and #656421 (Closes: #425043).
Files:
ec1366a6819ce30b5891b7c4e0e51986 663 kde optional
ktorrent_2.0.3+dfsg1-2etch1.dsc
3aef60283e457b7e13c1719387251612 2183095 kde optional
ktorrent_2.0.3+dfsg1.orig.tar.gz
09ef4b627881d0aa29f682dbcf860ae7 12570 kde optional
ktorrent_2.0.3+dfsg1-2etch1.diff.gz
dea2c2add2b28f51c37838104cbacab6 1587096 kde optional
ktorrent_2.0.3+dfsg1-2etch1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGtR6GwM/Gs81MDZ0RAhXhAJ4+/iaxA/tNerFj0FMDD/YZ0XEYtQCfbAkK
Sz7vq6dRL8SC/H03R2Lts4Y=
=YxPz
-----END PGP SIGNATURE-----
--- End Message ---
