Your message dated Tue, 23 Aug 2005 11:02:07 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#323185: fixed in centericq 4.20.0-9
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 15 Aug 2005 10:14:06 +0000
>From [EMAIL PROTECTED] Mon Aug 15 03:14:06 2005
Return-path: <[EMAIL PROTECTED]>
Received: from ip0.serverflex.de (vserver151.vserver151.serverflex.de)
[193.22.164.111]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1E4byo-000668-00; Mon, 15 Aug 2005 03:14:06 -0700
Received: from wlan-client-260.informatik.uni-bremen.de ([134.102.117.10]
helo=localhost.localdomain)
by vserver151.vserver151.serverflex.de with esmtpsa
(TLS-1.0:RSA_AES_256_CBC_SHA:32)
(Exim 4.50)
id 1E4bym-0003BN-E3
for [EMAIL PROTECTED]; Mon, 15 Aug 2005 12:14:04 +0200
Received: from jmm by localhost.localdomain with local (Exim 4.52)
id 1E4bz8-00054g-0p; Mon, 15 Aug 2005 12:14:26 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: centericq: Multiple security problems in libgadu
X-Mailer: reportbug 3.15
Date: Mon, 15 Aug 2005 12:14:25 +0200
Message-Id: <[EMAIL PROTECTED]>
X-SA-Exim-Connect-IP: 134.102.117.10
X-SA-Exim-Mail-From: [EMAIL PROTECTED]
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond
expanded to false
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Package: centericq
Severity: grave
Tags: security
Justification: user security hole
Multiple security problems have been fixed in ekg and it's libgadu
library:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2370
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2369
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1916
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1851
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1850
I noticed that centericq embeds a local copy of libgadu. Do any of the
vulnerabilities above affect the embedded copy as well?
Cheers,
Moritz
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-rc5
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
---------------------------------------
Received: (at 323185-close) by bugs.debian.org; 23 Aug 2005 18:10:50 +0000
>From [EMAIL PROTECTED] Tue Aug 23 11:10:50 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
id 1E7d67-0001NS-00; Tue, 23 Aug 2005 11:02:07 -0700
From: Julien Lemoine <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#323185: fixed in centericq 4.20.0-9
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Tue, 23 Aug 2005 11:02:07 -0700
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Source: centericq
Source-Version: 4.20.0-9
We believe that the bug you reported is fixed in the latest version of
centericq, which is due to be installed in the Debian FTP archive:
centericq-common_4.20.0-9_i386.deb
to pool/main/c/centericq/centericq-common_4.20.0-9_i386.deb
centericq-fribidi_4.20.0-9_i386.deb
to pool/main/c/centericq/centericq-fribidi_4.20.0-9_i386.deb
centericq-utf8_4.20.0-9_i386.deb
to pool/main/c/centericq/centericq-utf8_4.20.0-9_i386.deb
centericq_4.20.0-9.diff.gz
to pool/main/c/centericq/centericq_4.20.0-9.diff.gz
centericq_4.20.0-9.dsc
to pool/main/c/centericq/centericq_4.20.0-9.dsc
centericq_4.20.0-9_i386.deb
to pool/main/c/centericq/centericq_4.20.0-9_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Julien Lemoine <[EMAIL PROTECTED]> (supplier of updated centericq package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 23 Aug 2005 16:40:55 +0200
Source: centericq
Binary: centericq-common centericq-utf8 centericq-fribidi centericq
Architecture: source i386
Version: 4.20.0-9
Distribution: unstable
Urgency: high
Maintainer: Julien LEMOINE <[EMAIL PROTECTED]>
Changed-By: Julien Lemoine <[EMAIL PROTECTED]>
Description:
centericq - A text-mode multi-protocol instant messenger client
centericq-common - A text-mode multi-protocol instant messenger client (data
files)
centericq-fribidi - A text-mode multi-protocol instant messenger client
(Hebrew)
centericq-utf8 - A text-mode multi-protocol instant messenger client
Closes: 323185
Changes:
centericq (4.20.0-9) unstable; urgency=high
.
* Fix endianess errors (may allow remote attackers to cause a denial of
service), CAN-2005-2448
* Fix memory alignment errors (may allows remote attackers to cause a denial
of service (bus error) on
certain architectures such as SPARC via an incoming message, CAN-2005-2370
* Fix Multiple integer signedness errors (may allow remote attackers to
cause a denial of service
or execute arbitrary code.), CAN-2005-2369
(Closes: #323185)
Files:
850cbfc19773a523b5a07f9dc4ec4b80 863 net optional centericq_4.20.0-9.dsc
ee187f4013e3121005cade00ba9741d9 257997 net optional centericq_4.20.0-9.diff.gz
09a2102797229b4d47899acf40b91d08 336202 net optional
centericq-common_4.20.0-9_i386.deb
f051565080463abd42cc07320c75d598 1285706 net optional
centericq_4.20.0-9_i386.deb
7794cbcb9bffae3ca768e55577309051 1285760 net optional
centericq-utf8_4.20.0-9_i386.deb
4de410535c48b4e6ecb8528a287f5dcd 1286418 net optional
centericq-fribidi_4.20.0-9_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDC2Coc29c8N2YKnURAoX8AJ0WrGGpmpoW2Y71jHyhKN33rhlKDQCfUBuJ
29Q+Ilp/jWRHoYnPtbE3L80=
=cvST
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
