Your message dated Mon, 24 Mar 2008 23:32:02 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#471670: fixed in bzip2 1.0.5-0.1
has caused the Debian Bug report #471670,
regarding bzip2: CVE-2008-1372 buffer over-read via crafted archive file
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
471670: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471670
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: bzip2
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for bzip2.
CVE-2008-1372[0]:
| bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to
| cause a denial of service (crash) via a crafted file that triggers a
| buffer over-read, as demonstrated by the PROTOS GENOME test suite.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1372
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpNBzjebWQzl.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: bzip2
Source-Version: 1.0.5-0.1
We believe that the bug you reported is fixed in the latest version of
bzip2, which is due to be installed in the Debian FTP archive:
bzip2-doc_1.0.5-0.1_all.deb
to pool/main/b/bzip2/bzip2-doc_1.0.5-0.1_all.deb
bzip2_1.0.5-0.1.diff.gz
to pool/main/b/bzip2/bzip2_1.0.5-0.1.diff.gz
bzip2_1.0.5-0.1.dsc
to pool/main/b/bzip2/bzip2_1.0.5-0.1.dsc
bzip2_1.0.5-0.1_i386.deb
to pool/main/b/bzip2/bzip2_1.0.5-0.1_i386.deb
bzip2_1.0.5.orig.tar.gz
to pool/main/b/bzip2/bzip2_1.0.5.orig.tar.gz
lib64bz2-1.0_1.0.5-0.1_i386.deb
to pool/main/b/bzip2/lib64bz2-1.0_1.0.5-0.1_i386.deb
lib64bz2-dev_1.0.5-0.1_i386.deb
to pool/main/b/bzip2/lib64bz2-dev_1.0.5-0.1_i386.deb
libbz2-1.0_1.0.5-0.1_i386.deb
to pool/main/b/bzip2/libbz2-1.0_1.0.5-0.1_i386.deb
libbz2-dev_1.0.5-0.1_i386.deb
to pool/main/b/bzip2/libbz2-dev_1.0.5-0.1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Luis Uribe <[EMAIL PROTECTED]> (supplier of updated bzip2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 24 Mar 2008 13:34:34 -0500
Source: bzip2
Binary: libbz2-1.0 libbz2-dev bzip2 lib64bz2-1.0 lib64bz2-dev lib32bz2-1.0
lib32bz2-dev bzip2-doc
Architecture: source all i386
Version: 1.0.5-0.1
Distribution: unstable
Urgency: high
Maintainer: Anibal Monsalve Salazar <[EMAIL PROTECTED]>
Changed-By: Luis Uribe <[EMAIL PROTECTED]>
Description:
bzip2 - high-quality block-sorting file compressor - utilities
bzip2-doc - high-quality block-sorting file compressor - documentation
lib64bz2-1.0 - high-quality block-sorting file compressor library - 64bit
runtim
lib64bz2-dev - high-quality block-sorting file compressor library - 64bit
develo
libbz2-1.0 - high-quality block-sorting file compressor library - runtime
libbz2-dev - high-quality block-sorting file compressor library - development
Closes: 471670
Changes:
bzip2 (1.0.5-0.1) unstable; urgency=high
.
* NMU
* New upstream version. Fixes a denial of service via a crafted file.
Ref: CVE-2008-1372. (Closes: #471670).
Files:
3d20b8c33961431d27f299942a408a47 874 utils important bzip2_1.0.5-0.1.dsc
3c15a0c8d1d3ee1c46a1634d00617b1a 841402 utils important bzip2_1.0.5.orig.tar.gz
6f41c4868a6cadefbd75bfa1e6a2bd9c 74233 utils important bzip2_1.0.5-0.1.diff.gz
d2ec649808b34dfbe5b644b7120d8222 327908 doc optional
bzip2-doc_1.0.5-0.1_all.deb
05bb2841cf25add12705cb8d5795d70f 44746 libs important
libbz2-1.0_1.0.5-0.1_i386.deb
da355e4d73116973a1c1742323c20233 31890 libdevel optional
libbz2-dev_1.0.5-0.1_i386.deb
04cbbcbe864274352fd8e6fbfed1eff7 45126 utils optional bzip2_1.0.5-0.1_i386.deb
279e8dfe6847b54b371f90933f21d824 37836 libs optional
lib64bz2-1.0_1.0.5-0.1_i386.deb
238abc5a030df6f1d0b2be0a9650baf1 29786 libdevel optional
lib64bz2-dev_1.0.5-0.1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFH6DXCQUuEI2/szeARApj4AKCIOcmQ6ajfBHE7cqeq0dOFqWpgjACcDJg0
H1KNhNE8KOpFoce+W+I/oEo=
=8kiY
-----END PGP SIGNATURE-----
--- End Message ---
