Bug#532736: marked as done (CVE-2009-1391: Buffer overflow in Compress::Raw::Zlib)

Fri, 04 Sep 2009 12:26:13 -0700 

Your message dated Fri, 04 Sep 2009 18:32:40 +0000
with message-id <e1mjdas-0006g7...@ries.debian.org>
and subject line Bug#532736: fixed in perl 5.10.0-19lenny2
has caused the Debian Bug report #532736,
regarding CVE-2009-1391: Buffer overflow in Compress::Raw::Zlib
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
532736: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532736
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: perl
Version: 5.10.0-19
Severity: grave
Tags: security
Justification: user security hole

A security vulnverability was found in Compress::Raw::Zlib:

Compress::Raw::Zlib versions before 2.017 contain a buffer overflow in
inflate(). A badly formed zlib-stream can trigger this buffer overflow and cause
the perl process at least to hang or to crash.

This causes a remote DoS in amavisd-new.

The perl package in lenny and sid contains Compress::Raw::Zlib 2.008.
There is also a separate package libcompress-raw-zlib-perl

More information can be found at
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1391

--- End Message ---
--- Begin Message --- 
Source: perl
Source-Version: 5.10.0-19lenny2

We believe that the bug you reported is fixed in the latest version of
perl, which is due to be installed in the Debian FTP archive:

libcgi-fast-perl_5.10.0-19lenny2_all.deb
  to pool/main/p/perl/libcgi-fast-perl_5.10.0-19lenny2_all.deb
perl-doc_5.10.0-19lenny2_all.deb
  to pool/main/p/perl/perl-doc_5.10.0-19lenny2_all.deb
perl-modules_5.10.0-19lenny2_all.deb
  to pool/main/p/perl/perl-modules_5.10.0-19lenny2_all.deb
perl_5.10.0-19lenny2.diff.gz
  to pool/main/p/perl/perl_5.10.0-19lenny2.diff.gz
perl_5.10.0-19lenny2.dsc
  to pool/main/p/perl/perl_5.10.0-19lenny2.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 532...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Niko Tyni <nt...@debian.org> (supplier of updated perl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 27 Aug 2009 23:12:30 +0300
Source: perl
Binary: perl-base libcgi-fast-perl perl-doc perl-modules perl-debug perl-suid 
libperl5.10 libperl-dev perl
Architecture: all source 
Version: 5.10.0-19lenny2
Distribution: stable
Urgency: high
Maintainer: Brendan O'Dea <b...@debian.org>
Changed-By: Niko Tyni <nt...@debian.org>
Closes: 516289 528332 532736
Description:
 libcgi-fast-perl - CGI::Fast Perl module
 libperl5.10 - Shared Perl library
 libperl-dev - Perl library: development files
 perl-base  - minimal Perl system
 perl-debug - Debug-enabled Perl interpreter
 perl-doc   - Perl documentation
 perl       - Larry Wall's Practical Extraction and Report Language
 perl-modules - Core Perl modules
 perl-suid  - Runs setuid Perl scripts
Changes:
 perl (5.10.0-19lenny2) stable; urgency=low
 .
   * Fix a typo in the replaces/conflicts/provides: libcpan-plus-perl
     should have been libcpanplus-perl. (Closes: #516289)
   * Fix a memory leak with the map operator. (Closes: #528332)
 .
 perl (5.10.0-19lenny1) stable-security; urgency=high
 .
   * [SECURITY] CVE-2009-1391: Fix a buffer overflow in Compress::Raw::Zlib.
     (Closes: #532736)
Checksums-Sha1: 
 3fb1ca3cbf85aa420f03939478ab3f1d27f8bd70 3197670 
perl-modules_5.10.0-19lenny2_all.deb
 4b83a97715958ef5a54bfffffcc3258e94a4ce7c 142470 perl_5.10.0-19lenny2.diff.gz
 a3f790f433bbea589fa1126c6777889ed63eb5ba 1331 perl_5.10.0-19lenny2.dsc
 afd0d36e65e37095899f87c8488998397a630070 8217858 
perl-doc_5.10.0-19lenny2_all.deb
 ea0d6e2f07fe44ab72693d4af9c4c98a10d1dc20 44730 
libcgi-fast-perl_5.10.0-19lenny2_all.deb
Checksums-Sha256: 
 58d46b059c7578a79e3504b1dc7e5e380a3102747aba53c1359b36ffbf08a485 44730 
libcgi-fast-perl_5.10.0-19lenny2_all.deb
 7e3961ce2928dd63fbd1166e8568c78b4059d767462ac34b3df5cc6678e7dd90 1331 
perl_5.10.0-19lenny2.dsc
 a1aa1fd48c79cc55ef8642732bcbcf06c77a6277bd1d56ab0da02b4f23c9aa45 8217858 
perl-doc_5.10.0-19lenny2_all.deb
 b0734bc8b625149cb32954977bd3dadfaafe5644b80f7432d389c8b8e18a61e4 142470 
perl_5.10.0-19lenny2.diff.gz
 fc5ad5b5c515169b5e083e0f97774fe26a23b0000ba404bafaeda545449428ac 3197670 
perl-modules_5.10.0-19lenny2_all.deb
Files: 
 055bed89b91888926a7e7540e20e99b0 1331 perl standard perl_5.10.0-19lenny2.dsc
 670ca856380c4b9c4ab9a291c02cfb01 142470 perl standard 
perl_5.10.0-19lenny2.diff.gz
 930e49d0d99ea2dfda1a274a0722d193 3197670 perl standard 
perl-modules_5.10.0-19lenny2_all.deb
 c38b659f557ebbe13d7a44b038d76474 8217858 doc optional 
perl-doc_5.10.0-19lenny2_all.deb
 ef22c0691afcd9f03d300effedf71867 44730 perl optional 
libcgi-fast-perl_5.10.0-19lenny2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkqW/fAACgkQiyizGWoHLTmJOACfS/o8WsSPLTfB5oTpO1N4g/xd
T1QAn2ee9aNVwO20STHuqkGx9VRj8BCa
=N2aR
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to