Bug#512728: marked as done ([SA33635] Tor Unspecified Memory Corruption Vulnerability)

Debian Bug Tracking System Fri, 23 Jan 2009 02:33:34 -0800

Your message dated Fri, 23 Jan 2009 11:23:08 +0100 (CET)
with message-id <20090123102308.87bc4162...@intrepid.palfrader.org>
and subject line fixed in experimental
has caused the Debian Bug report #512728,
regarding [SA33635] Tor Unspecified Memory Corruption Vulnerability
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
512728: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512728
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: tor
Severity: serious
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

The following SA (Secunia Advisory) id was published for Tor:

SA33635[1]

> DESCRIPTION:
> A vulnerability with an unknown impact has been reported in Tor.
> 
> The vulnerability is caused due to an unspecified error and can be
> exploited to trigger a heap corruption. No further information is
> currently available. 
> 
> The vulnerability is reported in versions prior to 0.2.0.33.
> 
> SOLUTION:
> Update to version 0.2.0.33.
> 
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits Ilja van Sprundel.
> 
> ORIGINAL ADVISORY:
> http://archives.seul.org/or/announce/Jan-2009/msg00000.html

If you fix the vulnerability please also make sure to include the CVE id
(if available) in the changelog entry.

[1]http://secunia.com/advisories/33635/

Cheers,
Giuseppe.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkl5ddoACgkQNxpp46476arI/gCdEpdbHQsxIdn8VnZYpDCeKkmK
GckAn2AG2KYpVLPLwYpthoOvVZ0lKJ2Z
=uKVf
-----END PGP SIGNATURE-----

--- End Message ---

--- Begin Message ---

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 21 Jan 2009 01:00:15 +0100
Source: tor
Binary: tor tor-dbg tor-geoipdb
Architecture: source all i386
Version: 0.2.1.11-alpha-1
Distribution: experimental
Urgency: high
Maintainer: Peter Palfrader <wea...@debian.org>
Changed-By: Peter Palfrader <wea...@debian.org>
Description: 
 tor        - anonymizing overlay network for TCP
 tor-dbg    - debugging symbols for Tor
 tor-geoipdb - geoIP database for Tor
Closes: 495829
Changes: 
 tor (0.2.1.11-alpha-1) experimental; urgency=high
 .
   * New upstream version:
     - Fixes a possible remote heap buffer overflow bug.
     - torify(1) manpage mentions DNS leaks now (closes: #495829).
   * README.Debian: No longer claim we change the default 'Group' setting
     when run as debian-user.  That setting no longer exists.
   * Forward port 03_tor_manpage_in_section_8.dpatch.
Checksums-Sha1: 
 a131b13e667e374cdc11bc475c9f7c3e541664b9 1206 tor_0.2.1.11-alpha-1.dsc
 24e7781e55d8c96f8bb05489f6eb721b2406deb7 2363071 tor_0.2.1.11-alpha.orig.tar.gz
 46e0480ee611a25c8680b0ee4aeeb152f467aedf 77337 tor_0.2.1.11-alpha-1.diff.gz
 a89b14019c66b6d230e733ae19e73a1338868c9b 762150 
tor-geoipdb_0.2.1.11-alpha-1_all.deb
 5eddd354f07ed21572ba4d29d3361feb2802ffcb 1320302 tor_0.2.1.11-alpha-1_i386.deb
 c705675fdde24b36ac260d6cd9cc5b186d5a1534 906584 
tor-dbg_0.2.1.11-alpha-1_i386.deb
Checksums-Sha256: 
 c823e08f7585d0f86c6a5fc1a519be28ae6f0718c7d460c791e5e69b053db7f4 1206 
tor_0.2.1.11-alpha-1.dsc
 fd0fbd57d82fdc94bea863d41aef0a205001c80b5f8473a983642101b92a1441 2363071 
tor_0.2.1.11-alpha.orig.tar.gz
 ac1f555a8ac04dda49c371bd76f7d7e9fbfff3c60f6c19378f5641427b622fec 77337 
tor_0.2.1.11-alpha-1.diff.gz
 0caaaa060bde7f473f4990bc56690f713451a155ff140755c66c180538ddff7e 762150 
tor-geoipdb_0.2.1.11-alpha-1_all.deb
 25238bd23c48692cb28c5f4805d22b5d537cabd9f2a37b45353653ba8af7c2fd 1320302 
tor_0.2.1.11-alpha-1_i386.deb
 df066fa8e5a039e891c8c9f62a8fee8dbfc096d5c6a5c1f896895089b8408ae4 906584 
tor-dbg_0.2.1.11-alpha-1_i386.deb
Files: 
 50b09f7601fcee70068bbc7042ddd0e8 1206 comm optional tor_0.2.1.11-alpha-1.dsc
 c8477aef2c874c7bfd5a1cd6a9e08ade 2363071 comm optional 
tor_0.2.1.11-alpha.orig.tar.gz
 9e2a17acd72c365f0cdddcabe2397891 77337 comm optional 
tor_0.2.1.11-alpha-1.diff.gz
 4cffbe51d8f62619731f5e3162bb954c 762150 comm extra 
tor-geoipdb_0.2.1.11-alpha-1_all.deb
 2e7943462e83dfb53dd6b8363e7c77c2 1320302 comm optional 
tor_0.2.1.11-alpha-1_i386.deb
 f9c9849aa076391c9e2ce9bfa8ef90b4 906584 comm extra 
tor-dbg_0.2.1.11-alpha-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkl2eV8ACgkQz/ccs6+kS90ixQCfTnB1VSF8rxbNJDuLWal8kWj4
dWsAn12PXGMEO12RHxIypS/WahIZ7hrJ
=af6O
-----END PGP SIGNATURE-----

--- End Message ---

Bug#512728: marked as done ([SA33635] Tor Unspecified Memory Corruption Vulnerability)

Reply via email to