Your message dated Fri, 04 Sep 2009 18:32:11 +0000
with message-id <e1mjdzz-00064w...@ries.debian.org>
and subject line Bug#542777: fixed in libcompress-raw-bzip2-perl 2.011-2lenny1
has caused the Debian Bug report #542777,
regarding CVE-2009-1884: Off-by-one error in the bzinflate function in Bzip2.xs
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
542777: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542777
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libcompress-raw-bzip2-perl
Version: 2.020-1
Severity: grave
Tags: security patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for libcompress-raw-bzip2-perl.
CVE-2009-1884[0]:
| Off-by-one error in the bzinflate function in Bzip2.xs in the
| Compress-Raw-Bzip2 module before 2.018 for Perl allows
| context-dependent attackers to cause a denial of service (application
| hang or crash) via a crafted bzip2 compressed stream that triggers a
| buffer overflow, a related issue to CVE-2009-1391.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1884
http://security-tracker.debian.net/tracker/CVE-2009-1884
Patch: https://bugs.gentoo.org/attachment.cgi?id=201642
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkqOak0ACgkQNxpp46476apmUQCgkPAlkkkAoX+FZFuDq2pL4AVT
ncUAnirOW0kG336Sp1LZ45VEX6N/z82Z
=uL1i
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: libcompress-raw-bzip2-perl
Source-Version: 2.011-2lenny1
We believe that the bug you reported is fixed in the latest version of
libcompress-raw-bzip2-perl, which is due to be installed in the Debian FTP
archive:
libcompress-raw-bzip2-perl_2.011-2lenny1.diff.gz
to
pool/main/libc/libcompress-raw-bzip2-perl/libcompress-raw-bzip2-perl_2.011-2lenny1.diff.gz
libcompress-raw-bzip2-perl_2.011-2lenny1.dsc
to
pool/main/libc/libcompress-raw-bzip2-perl/libcompress-raw-bzip2-perl_2.011-2lenny1.dsc
libcompress-raw-bzip2-perl_2.011-2lenny1_i386.deb
to
pool/main/libc/libcompress-raw-bzip2-perl/libcompress-raw-bzip2-perl_2.011-2lenny1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 542...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
gregor herrmann <gre...@debian.org> (supplier of updated
libcompress-raw-bzip2-perl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 27 Aug 2009 23:54:27 +0200
Source: libcompress-raw-bzip2-perl
Binary: libcompress-raw-bzip2-perl
Architecture: source i386
Version: 2.011-2lenny1
Distribution: stable-proposed-updates
Urgency: high
Maintainer: Bas Zoetekouw <b...@debian.org>
Changed-By: gregor herrmann <gre...@debian.org>
Description:
libcompress-raw-bzip2-perl - Low-Level Interface to bzip2 compression library
Closes: 542777
Changes:
libcompress-raw-bzip2-perl (2.011-2lenny1) stable-proposed-updates;
urgency=high
.
* Non-maintainer upload on maintainer's request.
* [SECURITY] CVE-2009-1884: fix off-by-one error in the bzinflate function
in Bzip2.xs. Closes: #542777
Checksums-Sha1:
b7fedb0a61d6c20ce3bc52032e389470583b6016 1223
libcompress-raw-bzip2-perl_2.011-2lenny1.dsc
4f788a9f3a2ce0e15551c3d9ebc5ec43559c1d21 3023
libcompress-raw-bzip2-perl_2.011-2lenny1.diff.gz
979b98d20f5a17eab38afa5ce4b59007cfcbde28 30372
libcompress-raw-bzip2-perl_2.011-2lenny1_i386.deb
Checksums-Sha256:
e5d5818c36560e463890589cd18bb43cc0af3b9714c6c109f60dd23a7bc5193c 1223
libcompress-raw-bzip2-perl_2.011-2lenny1.dsc
b74a9654b99d7ea41be3b0b1c143b8dca199532dc3ab3860fb81c2e7212f7507 3023
libcompress-raw-bzip2-perl_2.011-2lenny1.diff.gz
cd1f068ccb02e79ee4646162aa4ef653de7e805ae5741040da8212f72b8f7471 30372
libcompress-raw-bzip2-perl_2.011-2lenny1_i386.deb
Files:
42212296d50d013c2825f5488ac7a305 1223 perl optional
libcompress-raw-bzip2-perl_2.011-2lenny1.dsc
de89fc3b1445457f192edf47b7cbbd1d 3023 perl optional
libcompress-raw-bzip2-perl_2.011-2lenny1.diff.gz
f421bd785eab2d71a81a2b00d027ccbb 30372 perl optional
libcompress-raw-bzip2-perl_2.011-2lenny1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkqXyrUACgkQOzKYnQDzz+QryACg4YMIHw6gxNYtXpKDr3XCUgIU
MakAnj7JOgjZvVVstBVbQhp2T7YWROFa
=3b49
-----END PGP SIGNATURE-----
--- End Message ---
