Your message dated Mon, 07 Jan 2008 00:32:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#459129: fixed in libcdio 0.78.2+dfsg1-2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: libcdio
Version: 0.78.2+dfsg1-1
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for libcdio.
CVE-2007-6613[0]:
| Stack-based buffer overflow in the print_iso9660_recurse function in
| iso-info (src/iso-info.c) in GNU Compact Disc Input and Control
| Library (libcdio) 0.79 and earlier allows context-dependent attackers
| to cause a denial of service (core dump) and possibly execute
| arbitrary code via a disk or image that contains a long joilet file
| name.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6613
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpFL9sk6MGN0.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: libcdio
Source-Version: 0.78.2+dfsg1-2
We believe that the bug you reported is fixed in the latest version of
libcdio, which is due to be installed in the Debian FTP archive:
libcdio-cdda-dev_0.78.2+dfsg1-2_powerpc.deb
to pool/main/libc/libcdio/libcdio-cdda-dev_0.78.2+dfsg1-2_powerpc.deb
libcdio-cdda-dev_0.78.2+dfsg1-2_sparc.deb
to pool/main/libc/libcdio/libcdio-cdda-dev_0.78.2+dfsg1-2_sparc.deb
libcdio-cdda0_0.78.2+dfsg1-2_powerpc.deb
to pool/main/libc/libcdio/libcdio-cdda0_0.78.2+dfsg1-2_powerpc.deb
libcdio-cdda0_0.78.2+dfsg1-2_sparc.deb
to pool/main/libc/libcdio/libcdio-cdda0_0.78.2+dfsg1-2_sparc.deb
libcdio-dev_0.78.2+dfsg1-2_powerpc.deb
to pool/main/libc/libcdio/libcdio-dev_0.78.2+dfsg1-2_powerpc.deb
libcdio-dev_0.78.2+dfsg1-2_sparc.deb
to pool/main/libc/libcdio/libcdio-dev_0.78.2+dfsg1-2_sparc.deb
libcdio-paranoia-dev_0.78.2+dfsg1-2_powerpc.deb
to pool/main/libc/libcdio/libcdio-paranoia-dev_0.78.2+dfsg1-2_powerpc.deb
libcdio-paranoia-dev_0.78.2+dfsg1-2_sparc.deb
to pool/main/libc/libcdio/libcdio-paranoia-dev_0.78.2+dfsg1-2_sparc.deb
libcdio-paranoia0_0.78.2+dfsg1-2_powerpc.deb
to pool/main/libc/libcdio/libcdio-paranoia0_0.78.2+dfsg1-2_powerpc.deb
libcdio-paranoia0_0.78.2+dfsg1-2_sparc.deb
to pool/main/libc/libcdio/libcdio-paranoia0_0.78.2+dfsg1-2_sparc.deb
libcdio-utils_0.78.2+dfsg1-2_powerpc.deb
to pool/main/libc/libcdio/libcdio-utils_0.78.2+dfsg1-2_powerpc.deb
libcdio-utils_0.78.2+dfsg1-2_sparc.deb
to pool/main/libc/libcdio/libcdio-utils_0.78.2+dfsg1-2_sparc.deb
libcdio7_0.78.2+dfsg1-2_powerpc.deb
to pool/main/libc/libcdio/libcdio7_0.78.2+dfsg1-2_powerpc.deb
libcdio7_0.78.2+dfsg1-2_sparc.deb
to pool/main/libc/libcdio/libcdio7_0.78.2+dfsg1-2_sparc.deb
libcdio_0.78.2+dfsg1-2.diff.gz
to pool/main/libc/libcdio/libcdio_0.78.2+dfsg1-2.diff.gz
libcdio_0.78.2+dfsg1-2.dsc
to pool/main/libc/libcdio/libcdio_0.78.2+dfsg1-2.dsc
libiso9660-5_0.78.2+dfsg1-2_powerpc.deb
to pool/main/libc/libcdio/libiso9660-5_0.78.2+dfsg1-2_powerpc.deb
libiso9660-5_0.78.2+dfsg1-2_sparc.deb
to pool/main/libc/libcdio/libiso9660-5_0.78.2+dfsg1-2_sparc.deb
libiso9660-dev_0.78.2+dfsg1-2_powerpc.deb
to pool/main/libc/libcdio/libiso9660-dev_0.78.2+dfsg1-2_powerpc.deb
libiso9660-dev_0.78.2+dfsg1-2_sparc.deb
to pool/main/libc/libcdio/libiso9660-dev_0.78.2+dfsg1-2_sparc.deb
libudf-dev_0.78.2+dfsg1-2_powerpc.deb
to pool/main/libc/libcdio/libudf-dev_0.78.2+dfsg1-2_powerpc.deb
libudf-dev_0.78.2+dfsg1-2_sparc.deb
to pool/main/libc/libcdio/libudf-dev_0.78.2+dfsg1-2_sparc.deb
libudf0_0.78.2+dfsg1-2_powerpc.deb
to pool/main/libc/libcdio/libudf0_0.78.2+dfsg1-2_powerpc.deb
libudf0_0.78.2+dfsg1-2_sparc.deb
to pool/main/libc/libcdio/libudf0_0.78.2+dfsg1-2_sparc.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nicolas Boullis <[EMAIL PROTECTED]> (supplier of updated libcdio package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 7 Jan 2008 00:34:44 +0100
Source: libcdio
Binary: libcdio-paranoia-dev libcdio-cdda-dev libcdio-utils libudf-dev
libcdio-cdda0 libcdio-paranoia0 libudf0 libcdio-dev libiso9660-dev libcdio7
libiso9660-5
Architecture: powerpc source sparc
Version: 0.78.2+dfsg1-2
Distribution: unstable
Urgency: high
Maintainer: Nicolas Boullis <[EMAIL PROTECTED]>
Changed-By: Nicolas Boullis <[EMAIL PROTECTED]>
Description:
libcdio-cdda-dev - library to read and control digital audio CDs (development
files)
libcdio-cdda0 - library to read and control digital audio CDs
libcdio-dev - library to read and control CD-ROM (development files)
libcdio-paranoia-dev - library to read digital audio CDs with error correction
(developm
libcdio-paranoia0 - library to read digital audio CDs with error correction
libcdio-utils - sample applications based on the CDIO libraries
libcdio7 - library to read and control CD-ROM
libiso9660-5 - library to work with ISO9660 filesystems
libiso9660-dev - library to work with ISO9660 filesystems (development files)
libudf-dev - library to work with UDF filesystems (development files)
libudf0 - library to work with UDF filesystems
Closes: 449457 459129
Changes:
libcdio (0.78.2+dfsg1-2) unstable; urgency=high
.
* This update addresses the following security issue, thanks to Nico
Golde:
- CVE-2007-6613: a stack-based buffer overflow in the
print_iso9660_recurse function could lead to cause a denial of
service or arbitrary code execution if the iso-info or cd-info tool
is used with a crafted iso image. (Closes: #459129)
* Support GNU/kFreeBSD systems, thanks to Petr Salinger for his
patch. (Closes: #449457)
* Bump Standards-Version to 3.7.3 (no change needed).
Files:
0ea47b304c9337835f920dab3123faf6 109972 libdevel optional
libcdio-paranoia-dev_0.78.2+dfsg1-2_sparc.deb
1029005b0684f2f664d1e3b2297db34a 113450 libs optional
libiso9660-5_0.78.2+dfsg1-2_sparc.deb
23d981a88832fe6140050dbb73369438 181228 otherosfs optional
libcdio-utils_0.78.2+dfsg1-2_sparc.deb
24a11d23ef499fcad0ae6db5ac14725c 111394 libdevel optional
libcdio-paranoia-dev_0.78.2+dfsg1-2_powerpc.deb
32f5ccbe9027e26da8139c092417ea59 207384 otherosfs optional
libcdio-utils_0.78.2+dfsg1-2_powerpc.deb
379551b99ab7250b434641a3bb648eca 117300 libs optional
libiso9660-5_0.78.2+dfsg1-2_powerpc.deb
3812e853517c5d185079c9c03d8d1441 109512 libs optional
libcdio-cdda0_0.78.2+dfsg1-2_powerpc.deb
3a1d1d1490ceede05c935e6d308c26c4 109854 libs optional
libcdio-paranoia0_0.78.2+dfsg1-2_powerpc.deb
3d49ce3e1edbc27aa62744abb3079051 105572 libs optional
libcdio-cdda0_0.78.2+dfsg1-2_sparc.deb
65ea7684655b79855a94e4e100ead9ad 105836 libs optional
libcdio-paranoia0_0.78.2+dfsg1-2_sparc.deb
75d2942cb828452842e64ebc1c31061e 103184 libs optional
libudf0_0.78.2+dfsg1-2_powerpc.deb
79e479ebb56c36ce4b5b15dbe79e642f 110968 libdevel optional
libudf-dev_0.78.2+dfsg1-2_powerpc.deb
7cb6a727fc3d867b22b9b3ea51f34aab 148860 libs optional
libcdio7_0.78.2+dfsg1-2_powerpc.deb
7e8becbdf4bcd2f2a27f70fa88298fda 131414 libdevel optional
libiso9660-dev_0.78.2+dfsg1-2_sparc.deb
fdab790b7b756a94f932cffa42780ed2 842 libs optional libcdio_0.78.2+dfsg1-2.dsc
88e3347f5f506d9ee1560f07c2713378 113354 libdevel optional
libcdio-cdda-dev_0.78.2+dfsg1-2_powerpc.deb
8cb0f126e43984c0d285588762c74b2a 99497 libs optional
libcdio_0.78.2+dfsg1-2.diff.gz
9a1e18586c7527c4e38eca21fec6254c 141694 libs optional
libcdio7_0.78.2+dfsg1-2_sparc.deb
a9c22d6c47489af46a36335a046d3f90 100814 libs optional
libudf0_0.78.2+dfsg1-2_sparc.deb
b112e398c91128542a5f875014200d12 111672 libdevel optional
libcdio-cdda-dev_0.78.2+dfsg1-2_sparc.deb
c295091d737e8794ab3e92c83834f63b 111402 libdevel optional
libudf-dev_0.78.2+dfsg1-2_sparc.deb
c5370aa13215edfa4f04ae14caba4ee4 205628 libdevel optional
libcdio-dev_0.78.2+dfsg1-2_powerpc.deb
d8392640abea47aff44f885b41399658 199456 libdevel optional
libcdio-dev_0.78.2+dfsg1-2_sparc.deb
e13b51cc973551a8015f1b4df26f4aaa 133142 libdevel optional
libiso9660-dev_0.78.2+dfsg1-2_powerpc.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHgXEWwmyXkG1Pxm8RAhgZAKCVeRfrc2IQnXHiq5R6xNVzknYgyACffBkr
7fsMTUZvVUQQ9NcdctFlc2E=
=JTpE
-----END PGP SIGNATURE-----
--- End Message ---
