Your message dated Mon, 30 May 2005 09:17:15 -0400
with message-id <[EMAIL PROTECTED]>
and subject line Bug#308624: fixed in gdb 6.3-6
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 11 May 2005 14:29:44 +0000
>From [EMAIL PROTECTED] Wed May 11 07:29:44 2005
Return-path: <[EMAIL PROTECTED]>
Received: from inutil.org (vserver151.vserver151.serverflex.de)
[193.22.164.111]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DVsDY-0001Yd-00; Wed, 11 May 2005 07:29:44 -0700
Received: from p5489718a.dip.t-dialin.net ([84.137.113.138]
helo=localhost.localdomain)
by vserver151.vserver151.serverflex.de with esmtpsa
(TLS-1.0:RSA_AES_256_CBC_SHA:32)
(Exim 4.50)
id 1DVsCe-00036P-Ad
for [EMAIL PROTECTED]; Wed, 11 May 2005 16:28:48 +0200
Received: from jmm by localhost.localdomain with local (Exim 4.50)
id 1DVsDK-0001ds-GP; Wed, 11 May 2005 16:29:30 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: gdb: Integer overflow in ELF segment parsing
X-Mailer: reportbug 3.11
Date: Wed, 11 May 2005 16:29:30 +0200
X-Debbugs-Cc: [EMAIL PROTECTED]
Message-Id: <[EMAIL PROTECTED]>
X-SA-Exim-Connect-IP: 84.137.113.138
X-SA-Exim-Mail-From: [EMAIL PROTECTED]
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond
expanded to false
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: gdb
Version: 6.3-5
Severity: grave
Tags: security
Justification: user security hole
An integer overflow in parsing ELF segment headers has been found that
can potentially be exploited to corrupt the heap and execute arbitrary
code. See http://bugs.gentoo.org/show_bug.cgi?id=91398 for a crafted
test binary (without malicious effects) and pointers to more information.
SuSE supposedly has prepared a patch, but I couldn't find it yet.
Cheers,
Moritz
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
Versions of packages gdb depends on:
ii libc6 2.3.2.ds1-21 GNU C Library: Shared libraries an
ii libncurses5 5.4-4 Shared libraries for terminal hand
ii libreadline4 4.3-15 GNU readline and history libraries
-- no debconf information
---------------------------------------
Received: (at 308624-close) by bugs.debian.org; 30 May 2005 13:21:29 +0000
>From [EMAIL PROTECTED] Mon May 30 06:21:29 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DckCu-0007VM-00; Mon, 30 May 2005 06:21:29 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1Dck8p-0005Xj-00; Mon, 30 May 2005 09:17:15 -0400
From: Daniel Jacobowitz <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#308624: fixed in gdb 6.3-6
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Mon, 30 May 2005 09:17:15 -0400
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Source: gdb
Source-Version: 6.3-6
We believe that the bug you reported is fixed in the latest version of
gdb, which is due to be installed in the Debian FTP archive:
gdb_6.3-6.diff.gz
to pool/main/g/gdb/gdb_6.3-6.diff.gz
gdb_6.3-6.dsc
to pool/main/g/gdb/gdb_6.3-6.dsc
gdb_6.3-6_i386.deb
to pool/main/g/gdb/gdb_6.3-6_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Daniel Jacobowitz <[EMAIL PROTECTED]> (supplier of updated gdb package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 29 May 2005 18:55:44 -0400
Source: gdb
Binary: gdb
Architecture: source i386
Version: 6.3-6
Distribution: unstable
Urgency: high
Maintainer: Daniel Jacobowitz <[EMAIL PROTECTED]>
Changed-By: Daniel Jacobowitz <[EMAIL PROTECTED]>
Description:
gdb - The GNU Debugger
Closes: 308624 310728 310972
Changes:
gdb (6.3-6) unstable; urgency=high
.
* Do not crash on certain malformed input files [CAN-2005-1704]
(Closes: #308624, #310972).
* Do not load untrusted .gdbinit files [CAN-2005-1705] (Closes: #310728).
Files:
f991d2882842782116abd2cba9aec7bc 845 devel standard gdb_6.3-6.dsc
5537c9d1ce95293a921ff4b5a55f5e5e 201861 devel standard gdb_6.3-6.diff.gz
ec8ffd4489eca48d19ebb93e704a735b 2767820 devel standard gdb_6.3-6_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFCmxC5bgOPXuCjg3cRAvW2AKCV7aSEbPZPuoZOJCbOgrZdaRpMCACgzaDN
pcJvKD4GUuWIFS7kSk1RTi0=
=8R1B
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
