Bug#532738: marked as done (CVE-2009-1391: Buffer overflow in Compress::Raw::Zlib)

Fri, 28 Aug 2009 13:44:36 -0700 

Your message dated Fri, 28 Aug 2009 19:59:34 +0000
with message-id <e1mh7bi-0002y6...@ries.debian.org>
and subject line Bug#532738: fixed in libcompress-raw-zlib-perl 2.012-1lenny1
has caused the Debian Bug report #532738,
regarding CVE-2009-1391: Buffer overflow in Compress::Raw::Zlib
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
532738: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532738
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: libcompress-raw-zlib-perl
Version: 2.012-1
Severity: grave
Tags: security
Justification: user security hole

A security vulnverability was found in Compress::Raw::Zlib:

Compress::Raw::Zlib versions before 2.017 contain a buffer overflow in
inflate(). A badly formed zlib-stream can trigger this buffer overflow and cause
the perl process at least to hang or to crash.

This causes a remote DoS in amavisd-new.

The perl package in lenny and sid contains Compress::Raw::Zlib 2.008.
There is also a separate package libcompress-raw-zlib-perl

More information can be found at
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1391

--- End Message ---
--- Begin Message --- 
Source: libcompress-raw-zlib-perl
Source-Version: 2.012-1lenny1

We believe that the bug you reported is fixed in the latest version of
libcompress-raw-zlib-perl, which is due to be installed in the Debian FTP 
archive:

libcompress-raw-zlib-perl_2.012-1lenny1.diff.gz
  to 
pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.012-1lenny1.diff.gz
libcompress-raw-zlib-perl_2.012-1lenny1.dsc
  to 
pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.012-1lenny1.dsc
libcompress-raw-zlib-perl_2.012-1lenny1_amd64.deb
  to 
pool/main/libc/libcompress-raw-zlib-perl/libcompress-raw-zlib-perl_2.012-1lenny1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 532...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Niko Tyni <nt...@debian.org> (supplier of updated libcompress-raw-zlib-perl 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 13 Jun 2009 22:19:41 +0300
Source: libcompress-raw-zlib-perl
Binary: libcompress-raw-zlib-perl
Architecture: source amd64
Version: 2.012-1lenny1
Distribution: stable
Urgency: high
Maintainer: Debian Perl Group <pkg-perl-maintain...@lists.alioth.debian.org>
Changed-By: Niko Tyni <nt...@debian.org>
Description: 
 libcompress-raw-zlib-perl - low-level interface to zlib compression library
Closes: 532738
Changes: 
 libcompress-raw-zlib-perl (2.012-1lenny1) stable; urgency=high
 .
   * [SECURITY] CVE-2009-1391: Fix a buffer overflow in inflate().
     (Closes: #532738)
Checksums-Sha1: 
 7e83dbe5a1ccf49e5813aa97ac01770bd3041717 1543 
libcompress-raw-zlib-perl_2.012-1lenny1.dsc
 95fcd6e72af1a51f0cf1f08d4d63fcb132d7da8a 3689 
libcompress-raw-zlib-perl_2.012-1lenny1.diff.gz
 c7fc281239da21bb20d9fc6eca2a4acc374066fd 57288 
libcompress-raw-zlib-perl_2.012-1lenny1_amd64.deb
Checksums-Sha256: 
 5be7e864ae9335e303a6320830f497ecb1b2bdfd8f4a3bc4568fbbfc4ae8f60e 1543 
libcompress-raw-zlib-perl_2.012-1lenny1.dsc
 9e1eee454ee0ad40dbe10c3b95125a4b2e8b43fabeefbc0abde3762277d7508b 3689 
libcompress-raw-zlib-perl_2.012-1lenny1.diff.gz
 f1816b04671c3fe1272071e88b1613681f215a6a4b0d6657594459f0223e5f44 57288 
libcompress-raw-zlib-perl_2.012-1lenny1_amd64.deb
Files: 
 598a98a96d5e73231c4b31acc49b7154 1543 perl optional 
libcompress-raw-zlib-perl_2.012-1lenny1.dsc
 5d88b947abf8ceccd67bb21802969a5e 3689 perl optional 
libcompress-raw-zlib-perl_2.012-1lenny1.diff.gz
 a425ea9d2e947405f9bc7eadf738ed9c 57288 perl optional 
libcompress-raw-zlib-perl_2.012-1lenny1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkqW3CQACgkQiyizGWoHLTkrIACfSOqzoPY+qAZdW50MgtL01awz
J/EAn2j+BDxye/Qsco1ZSoLC1BPL4re4
=XDbN
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to