Your message dated Tue, 06 May 2008 18:02:06 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#479039: fixed in sip-tester 2.0.1-1.2
has caused the Debian Bug report #479039,
regarding CVE-2008-2085, CVE-2008-1959 multiple stack-based buffer overflows
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
479039: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=479039
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: sip-tester
Severity: important
Tags: Security
Hi
The following CVE(0) has been issued against sip-tester.
Please check, if it applies to the debian version.
CVE-2008-1959:
Stack-based buffer overflow in the get_remote_video_port_media function
in call.cpp in SIPp 3.0 allows remote attackers to cause a denial of
service and possibly execute arbitrary code via a crafted SIP message.
NOTE: some of these details are obtained from third party information.
Cheers
Steffen
(0): http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1959
--- End Message ---
--- Begin Message ---
Source: sip-tester
Source-Version: 2.0.1-1.2
We believe that the bug you reported is fixed in the latest version of
sip-tester, which is due to be installed in the Debian FTP archive:
sip-tester_2.0.1-1.2.diff.gz
to pool/main/s/sip-tester/sip-tester_2.0.1-1.2.diff.gz
sip-tester_2.0.1-1.2.dsc
to pool/main/s/sip-tester/sip-tester_2.0.1-1.2.dsc
sip-tester_2.0.1-1.2_amd64.deb
to pool/main/s/sip-tester/sip-tester_2.0.1-1.2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <[EMAIL PROTECTED]> (supplier of updated sip-tester package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 04 May 2008 13:58:41 +0200
Source: sip-tester
Binary: sip-tester
Architecture: source amd64
Version: 2.0.1-1.2
Distribution: unstable
Urgency: high
Maintainer: ARAKI Yasuhiro <[EMAIL PROTECTED]>
Changed-By: Nico Golde <[EMAIL PROTECTED]>
Description:
sip-tester - a performance testing tool for the SIP protocol
Closes: 479039
Changes:
sip-tester (2.0.1-1.2) unstable; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2008-1959: Fix stack-based buffer overflow in the
get_remote_video_port_media function
* CVE-2008-2085: Fix stack-baseed buffer overflow in the
get_remote_ip_media and get_remote_ipv6_media
functions which lead to arbitrary code execution (Closes: #479039).
Checksums-Sha1:
47f565eb5dbcf91ee5fbf6b09ea67506a7dfd909 1032 sip-tester_2.0.1-1.2.dsc
bb45530c95b9395987037b4da06ee799b76d827e 3744 sip-tester_2.0.1-1.2.diff.gz
90daccf81685d46dafb9bdfa531955dc0d226d5d 122038 sip-tester_2.0.1-1.2_amd64.deb
Checksums-Sha256:
125c1e7205285b6928160fde4bd3f22441d215e0cf88dcaca58137b000084231 1032
sip-tester_2.0.1-1.2.dsc
861f0cf3f6d14e4b90741d10639c6cd1f8b98163254abf3704c48c463cc0c95e 3744
sip-tester_2.0.1-1.2.diff.gz
2eed043f3c7b579f3e61f37c54fcb501bbee3f33fe72e8dbc04793ea68556091 122038
sip-tester_2.0.1-1.2_amd64.deb
Files:
f40c457b6bab97d1c889b5fde7aefd92 1032 comm optional sip-tester_2.0.1-1.2.dsc
fe7c670731728b2fe1fe261de3e16bdb 3744 comm optional
sip-tester_2.0.1-1.2.diff.gz
73d1d2c2375bcfc389b5e1565a5bcecd 122038 comm optional
sip-tester_2.0.1-1.2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFIIJdHHYflSXNkfP8RAqJcAJ9RfQ/jP0KnY4Ttei4J8KZ57dV4hACgo1qb
EXYE5umHLQPzbXiD6aviFG0=
=P6s7
-----END PGP SIGNATURE-----
--- End Message ---
