Your message dated Tue, 26 Feb 2008 15:02:02 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#466539: fixed in gnome-peercast 0.5.4-1.2 has caused the Debian Bug report #466539, regarding gnome-peercast: CVE-2007-6454 heap-based buffer overflow possibly leading to code execution to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 466539: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466539 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems
--- Begin Message ---Package: gnome-peercast Version: 0.5.4-1.1 Severity: grave Tags: security Justification: user security hole Hi ! CVE-2007-6454 as been fixed for peercast, but since this package includes a static version of the code, the vulnerability still applies there. As a side note, I've already done a lot of things to try to fix this, but upstream seems not to care at all, and didn't maintain this package for 1 year (last upload was my NMU)... Romain -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.24-rc7-mactel (SMP w/2 CPU cores; PREEMPT) Locale: LANG=fr_FR, LC_CTYPE=fr_FR (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/bash
--- End Message ---
--- Begin Message ---Source: gnome-peercast Source-Version: 0.5.4-1.2 We believe that the bug you reported is fixed in the latest version of gnome-peercast, which is due to be installed in the Debian FTP archive: gnome-peercast_0.5.4-1.2.diff.gz to pool/main/g/gnome-peercast/gnome-peercast_0.5.4-1.2.diff.gz gnome-peercast_0.5.4-1.2.dsc to pool/main/g/gnome-peercast/gnome-peercast_0.5.4-1.2.dsc gnome-peercast_0.5.4-1.2_i386.deb to pool/main/g/gnome-peercast/gnome-peercast_0.5.4-1.2_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Nico Golde <[EMAIL PROTECTED]> (supplier of updated gnome-peercast package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Tue, 26 Feb 2008 15:11:40 +0100 Source: gnome-peercast Binary: gnome-peercast Architecture: source i386 Version: 0.5.4-1.2 Distribution: unstable Urgency: high Maintainer: Takuo KITAME <[EMAIL PROTECTED]> Changed-By: Nico Golde <[EMAIL PROTECTED]> Description: gnome-peercast - PeerCast user interface for GNOME includes peercast core Closes: 466539 Changes: gnome-peercast (0.5.4-1.2) unstable; urgency=high . * Non-maintainer upload by security team. * This update addresses the following security issue: - CVE-2007-6454: Use the methods from the String class to copy buffers rather than strcpy to fix Heap-based buffer overflow in the handshakeHTTP function possibly leading to arbitrary code execution (Closes: #466539). Files: d7285dac1421fc04ad17c4bb5653dc1c 654 gnome optional gnome-peercast_0.5.4-1.2.dsc 3669875e7941e7c2784c3ca69d08fe06 1929 gnome optional gnome-peercast_0.5.4-1.2.diff.gz c7f63fcd6c5bb2b5732edd087aa43197 245838 gnome optional gnome-peercast_0.5.4-1.2_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHxChHHYflSXNkfP8RAtK9AKCBMN2MrJgoWmwtRuzhQ3tkq13G7gCeMK2w woQNOmtcNO5hmokMgvh86+U= =qSFp -----END PGP SIGNATURE-----
--- End Message ---
