Your message dated Sat, 13 Jun 2009 19:17:15 +0000
with message-id <e1mfyj5-0006ph...@ries.debian.org>
and subject line Bug#532738: fixed in libcompress-raw-zlib-perl 2.015-2
has caused the Debian Bug report #532738,
regarding CVE-2009-1391: Buffer overflow in Compress::Raw::Zlib
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
532738: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532738
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libcompress-raw-zlib-perl
Version: 2.012-1
Severity: grave
Tags: security
Justification: user security hole
A security vulnverability was found in Compress::Raw::Zlib:
Compress::Raw::Zlib versions before 2.017 contain a buffer overflow in
inflate(). A badly formed zlib-stream can trigger this buffer overflow and cause
the perl process at least to hang or to crash.
This causes a remote DoS in amavisd-new.
The perl package in lenny and sid contains Compress::Raw::Zlib 2.008.
There is also a separate package libcompress-raw-zlib-perl
More information can be found at
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1391
--- End Message ---
--- Begin Message ---
Source: libcompress-raw-zlib-perl
Source-Version: 2.015-2
We believe that the bug you reported is fixed in the latest version of
libcompress-raw-zlib-perl, which is due to be installed in the Debian FTP
archive:
libcompress-raw-zlib-perl_2.015-2.diff.gz
to
pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.015-2.diff.gz
libcompress-raw-zlib-perl_2.015-2.dsc
to
pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.015-2.dsc
libcompress-raw-zlib-perl_2.015-2_amd64.deb
to
pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.015-2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 532...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Niko Tyni <nt...@debian.org> (supplier of updated libcompress-raw-zlib-perl
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 13 Jun 2009 21:49:34 +0300
Source: libcompress-raw-zlib-perl
Binary: libcompress-raw-zlib-perl
Architecture: source amd64
Version: 2.015-2
Distribution: unstable
Urgency: high
Maintainer: Debian Perl Group <pkg-perl-maintain...@lists.alioth.debian.org>
Changed-By: Niko Tyni <nt...@debian.org>
Description:
libcompress-raw-zlib-perl - low-level interface to zlib compression library
Closes: 532738
Changes:
libcompress-raw-zlib-perl (2.015-2) unstable; urgency=high
.
* [SECURITY] CVE-2009-1391: Fix a buffer overflow in inflate().
(Closes: #532738)
* Add myself to Uploaders.
Checksums-Sha1:
454a495b24f1efd525e1b3d2f2234ab3772103c8 1581
libcompress-raw-zlib-perl_2.015-2.dsc
04907fb951a8e4bc953928176ad44b849b3164dd 3750
libcompress-raw-zlib-perl_2.015-2.diff.gz
6dd378fcc4fb2decf8d214d86f6e39e1049a97ba 58038
libcompress-raw-zlib-perl_2.015-2_amd64.deb
Checksums-Sha256:
92dc9d1fd9c1e28edbe13628eff7098de8e9332a8e2a26549ef070a5a850143f 1581
libcompress-raw-zlib-perl_2.015-2.dsc
77210b5568e049cc52015b0f29f997158252342bbe616d2ade6d279cc3be9f3c 3750
libcompress-raw-zlib-perl_2.015-2.diff.gz
fd37b03309c801ce42df5784ab98b21b73e182f56e33ef4bc99927205f1ab449 58038
libcompress-raw-zlib-perl_2.015-2_amd64.deb
Files:
2a0a819925e51be13f8a03829742d4a1 1581 perl optional
libcompress-raw-zlib-perl_2.015-2.dsc
6319b70a9917a5e9e41b66de4c058325 3750 perl optional
libcompress-raw-zlib-perl_2.015-2.diff.gz
e540812c4a07b72f6748af5c06511d0b 58038 perl optional
libcompress-raw-zlib-perl_2.015-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkoz9uQACgkQiyizGWoHLTmJZgCghQaMmxTLc5eJ3P8hbx2dUPsc
pBoAoI/SZPCSdJUKdkPsn+0Zuk9vs/C5
=zbSq
-----END PGP SIGNATURE-----
--- End Message ---
