Bug#574418: marked as done (barnowl: CVE-2010-0793 buffer overflow)

[Debian Bug Tracking System]

Your message dated Tue, 06 Apr 2010 04:19:39 +0000
with message-id <e1nz0gj-0007fb...@ries.debian.org>
and subject line Bug#574418: fixed in barnowl 1.5.1-1
has caused the Debian Bug report #574418,
regarding barnowl: CVE-2010-0793 buffer overflow
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
574418: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=574418
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: barnowl
Version: 1.0.1-4
Severity: grave
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for barnowl.

CVE-2010-0793[0]:
| Buffer overflow in BarnOwl before 1.5.1 allows remote attackers to
| cause a denial of service (crash) and possibly execute arbitrary code
| via a crafted CC: header.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0793
    http://security-tracker.debian.org/tracker/CVE-2010-0793

--- End Message ---

--- Begin Message ---

Source: barnowl
Source-Version: 1.5.1-1

We believe that the bug you reported is fixed in the latest version of
barnowl, which is due to be installed in the Debian FTP archive:

barnowl_1.5.1-1.diff.gz
  to main/b/barnowl/barnowl_1.5.1-1.diff.gz
barnowl_1.5.1-1.dsc
  to main/b/barnowl/barnowl_1.5.1-1.dsc
barnowl_1.5.1-1_i386.deb
  to main/b/barnowl/barnowl_1.5.1-1_i386.deb
barnowl_1.5.1.orig.tar.gz
  to main/b/barnowl/barnowl_1.5.1.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 574...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sam Hartman <hartm...@debian.org> (supplier of updated barnowl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 05 Apr 2010 16:33:43 -0400
Source: barnowl
Binary: barnowl
Architecture: source i386
Version: 1.5.1-1
Distribution: unstable
Urgency: low
Maintainer: Sam Hartman <hartm...@debian.org>
Changed-By: Sam Hartman <hartm...@debian.org>
Description: 
 barnowl    - A curses-based tty Jabber, IRC, AIM  and Zephyr client
Closes: 574418
Changes: 
 barnowl (1.5.1-1) unstable; urgency=low
 .
   * New upstream release, including solution to cve-2010-0793, Closes:
     #574418
Checksums-Sha1: 
 efaafa78adfee43622c705e157d9f8b84d8a8558 1262 barnowl_1.5.1-1.dsc
 e5c80301c6376d59827b7b800a7d405a6537481b 826453 barnowl_1.5.1.orig.tar.gz
 9cc20c69f67c455e2e7fa57c93e2791ed17bde0d 5738 barnowl_1.5.1-1.diff.gz
 c5795b4193a1e27dbc4e0c61bca4771fdc65bc92 491696 barnowl_1.5.1-1_i386.deb
Checksums-Sha256: 
 2511654a7c4a7fb8a3b45ec5c8a267a0935937cdc87f3c205802516a1d69919b 1262 
barnowl_1.5.1-1.dsc
 e25e9fcc52c9c25f964b21e5e35fe3b476bd1b2f2d2d50dcc9fc0084cd0b5168 826453 
barnowl_1.5.1.orig.tar.gz
 bf6a196254f29fe75b771f86eb0d7f8e00afd9841c7a0598fb190d44c4399e1e 5738 
barnowl_1.5.1-1.diff.gz
 c47fa473241b71f53cd05b0ad8da6bfd23f00c4ffff90ce8032296eb6fb8b6c6 491696 
barnowl_1.5.1-1_i386.deb
Files: 
 078667bbe95d4a1a59f5dd2639158cb3 1262 net optional barnowl_1.5.1-1.dsc
 a18a94cf4f3647e92d802104d2ed4baf 826453 net optional barnowl_1.5.1.orig.tar.gz
 16db43bb6549233cbbab005e849e10ca 5738 net optional barnowl_1.5.1-1.diff.gz
 401cf3ef3a72ab1f4ac45c0702732d63 491696 net optional barnowl_1.5.1-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAku6YMsACgkQ/I12czyGJg/dAQCdFL6qDli44k94m7ZFtDIaGeJG
pnUAoNJKVcLcntSMVU+ofawJeo1aHTiR
=uGUQ
-----END PGP SIGNATURE-----

--- End Message ---