Your message dated Thu, 13 Dec 2007 07:52:13 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#454133: fixed in pwlib 1.8.4-1+sarge1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: pwlib
Version: 1.10.2-1
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for pwlib.
CVE-2007-4897[0]:
| pwlib, as used by Ekiga 2.0.5 and possibly other products, allows
| remote attackers to cause a denial of service (application crash) via
| a long argument to the PString::vsprintf function, related to a
| "memory management flaw". NOTE: this issue was originally reported as
| being in the SIPURL::GetHostAddress function in Ekiga (formerly
| GnomeMeeting).
If you fix this vulnerability please also include the CVE id
in your changelog entry.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4897
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpZL7oK5Kiw1.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: pwlib
Source-Version: 1.8.4-1+sarge1
We believe that the bug you reported is fixed in the latest version of
pwlib, which is due to be installed in the Debian FTP archive:
libpt-1.8.3_1.8.4-1+sarge1_i386.deb
to pool/main/p/pwlib/libpt-1.8.3_1.8.4-1+sarge1_i386.deb
libpt-dbg_1.8.4-1+sarge1_i386.deb
to pool/main/p/pwlib/libpt-dbg_1.8.4-1+sarge1_i386.deb
libpt-dev_1.8.4-1+sarge1_i386.deb
to pool/main/p/pwlib/libpt-dev_1.8.4-1+sarge1_i386.deb
libpt-doc_1.8.4-1+sarge1_all.deb
to pool/main/p/pwlib/libpt-doc_1.8.4-1+sarge1_all.deb
libpt-plugins-alsa_1.8.4-1+sarge1_i386.deb
to pool/main/p/pwlib/libpt-plugins-alsa_1.8.4-1+sarge1_i386.deb
libpt-plugins-avc_1.8.4-1+sarge1_i386.deb
to pool/main/p/pwlib/libpt-plugins-avc_1.8.4-1+sarge1_i386.deb
libpt-plugins-dc_1.8.4-1+sarge1_i386.deb
to pool/main/p/pwlib/libpt-plugins-dc_1.8.4-1+sarge1_i386.deb
libpt-plugins-oss_1.8.4-1+sarge1_i386.deb
to pool/main/p/pwlib/libpt-plugins-oss_1.8.4-1+sarge1_i386.deb
libpt-plugins-v4l2_1.8.4-1+sarge1_i386.deb
to pool/main/p/pwlib/libpt-plugins-v4l2_1.8.4-1+sarge1_i386.deb
libpt-plugins-v4l_1.8.4-1+sarge1_i386.deb
to pool/main/p/pwlib/libpt-plugins-v4l_1.8.4-1+sarge1_i386.deb
pwlib_1.8.4-1+sarge1.diff.gz
to pool/main/p/pwlib/pwlib_1.8.4-1+sarge1.diff.gz
pwlib_1.8.4-1+sarge1.dsc
to pool/main/p/pwlib/pwlib_1.8.4-1+sarge1.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Kilian Krause <[EMAIL PROTECTED]> (supplier of updated pwlib package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 4 Dec 2007 12:20:23 +0100
Source: pwlib
Binary: libpt-plugins-v4l2 libpt-plugins-oss libpt-plugins-alsa
libpt-plugins-dc libpt-dev libpt-plugins-v4l libpt-plugins-avc libpt-1.8.3
libpt-doc libpt-dbg
Architecture: source i386 all
Version: 1.8.4-1+sarge1
Distribution: oldstable-proposed-updates
Urgency: high
Maintainer: Debian VoIP Team <[EMAIL PROTECTED]>
Changed-By: Kilian Krause <[EMAIL PROTECTED]>
Description:
libpt-1.8.3 - Portable Windows Library
libpt-dbg - Portable Windows Library development debug files
libpt-dev - Portable Windows Library development files
libpt-doc - Portable Windows Library documentation & sample files
libpt-plugins-alsa - Portable Windows Library Audio Plugin for the ALSA
Interface
libpt-plugins-avc - PWLib Video Plugin for IEEE1394 (FireWire) AVC devices
libpt-plugins-dc - PWLib Video Plugin for IEEE1394 (Firewire) DC Devices
libpt-plugins-oss - Portable Windows Library Audio Plugins for the OSS
Interface
libpt-plugins-v4l - Portable Windows Library Video Plugin for Video4Linux
libpt-plugins-v4l2 - Portable Windows Library Video Plugin for Video4Linux v2
Closes: 454133
Changes:
pwlib (1.8.4-1+sarge1) oldstable-proposed-updates; urgency=high
.
* Fix remote denial of service vulnerability caused
by a call to PString::vsprintf if the used object already
contained more than 1000 characters (CVE-2007-4897; Closes: #454133).
Files:
9e1af4d7074b74af908d82c540af2023 1224 libs optional pwlib_1.8.4-1+sarge1.dsc
a5eed56c058823afcfa9d9c62b1c2424 20066 libs optional
pwlib_1.8.4-1+sarge1.diff.gz
eca1c9a84fb18d5290c9ca31a28abca5 1098822 libs optional
libpt-1.8.3_1.8.4-1+sarge1_i386.deb
d4dd74c6db55c8580f8eaeeced4a273b 2023238 libdevel optional
libpt-dev_1.8.4-1+sarge1_i386.deb
7800360a5d1d022df4b9c385ab6863cf 437998 libdevel extra
libpt-dbg_1.8.4-1+sarge1_i386.deb
1cc6d0e95e61b066dbec75cd7197679b 203738 libs optional
libpt-plugins-v4l_1.8.4-1+sarge1_i386.deb
cbfb17140edc41d835b93541781c1352 204074 libs optional
libpt-plugins-v4l2_1.8.4-1+sarge1_i386.deb
90b8438ce9ebff7689c72a54ea797670 205034 libs optional
libpt-plugins-avc_1.8.4-1+sarge1_i386.deb
03b45eee44293a8a40796fca8baf5e52 196844 libs optional
libpt-plugins-dc_1.8.4-1+sarge1_i386.deb
47563e977e8d93b3845845d7a8910583 204918 libs optional
libpt-plugins-oss_1.8.4-1+sarge1_i386.deb
3b4aaa615c6366ccd12ead4a69f3771f 202610 libs optional
libpt-plugins-alsa_1.8.4-1+sarge1_i386.deb
528cf357548396452041a329bd7c268d 2266030 doc extra
libpt-doc_1.8.4-1+sarge1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHVlxjvdkzt4X+wX8RAtgiAJ43YBGmL4ODhVTHbX3Keb7ObdyNFACeOtKV
dEkZm6CEWhQUj3mFRt3oI2I=
=zRvN
-----END PGP SIGNATURE-----
--- End Message ---
