Bug#573877: marked as done (gmime2.4: CVE-2010-0409: buffer overflow can lead to DoS or arbitrary code execution)

Debian Bug Tracking System Mon, 12 Apr 2010 05:36:21 -0700

Your message dated Mon, 12 Apr 2010 12:32:38 +0000
with message-id <e1o1iog-0004hi...@ries.debian.org>
and subject line Bug#573877: fixed in gmime2.4 2.4.14-1+nmu1
has caused the Debian Bug report #573877,
regarding gmime2.4: CVE-2010-0409: buffer overflow can lead to DoS or arbitrary 
code execution
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
573877: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573877
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: gmime2.4
Version: 2.4.14-1
Severity: grave
Tags: security
Justification: user security hole

Buffer overflow in the GMIME_UUENCODE_LEN macro in gmime/gmime-encodings.h
in GMime before 2.4.15 allows context-dependent attackers to cause a denial
of service (application crash) or possibly execute arbitrary code via input
data for a uuencode operation.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0409

gmime 2.4.15 fixes it.

Stable is not affected as gmime2.4 doesn't exist there, and there's #568291
for gmime2.2 (which exists in stable).

Cheers,
Emilio

--- End Message ---

--- Begin Message ---

Source: gmime2.4
Source-Version: 2.4.14-1+nmu1

We believe that the bug you reported is fixed in the latest version of
gmime2.4, which is due to be installed in the Debian FTP archive:

gmime2.4_2.4.14-1+nmu1.diff.gz
  to main/g/gmime2.4/gmime2.4_2.4.14-1+nmu1.diff.gz
gmime2.4_2.4.14-1+nmu1.dsc
  to main/g/gmime2.4/gmime2.4_2.4.14-1+nmu1.dsc
libgmime-2.4-2_2.4.14-1+nmu1_i386.deb
  to main/g/gmime2.4/libgmime-2.4-2_2.4.14-1+nmu1_i386.deb
libgmime-2.4-dev_2.4.14-1+nmu1_i386.deb
  to main/g/gmime2.4/libgmime-2.4-dev_2.4.14-1+nmu1_i386.deb
libgmime-2.4-doc_2.4.14-1+nmu1_all.deb
  to main/g/gmime2.4/libgmime-2.4-doc_2.4.14-1+nmu1_all.deb
libgmime2.4-cil-dev_2.4.14-1+nmu1_all.deb
  to main/g/gmime2.4/libgmime2.4-cil-dev_2.4.14-1+nmu1_all.deb
libgmime2.4-cil_2.4.14-1+nmu1_all.deb
  to main/g/gmime2.4/libgmime2.4-cil_2.4.14-1+nmu1_all.deb
monodoc-gmime2.4-manual_2.4.14-1+nmu1_all.deb
  to main/g/gmime2.4/monodoc-gmime2.4-manual_2.4.14-1+nmu1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 573...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Gilbert <michael.s.gilb...@gmail.com> (supplier of updated gmime2.4 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 11 Apr 2010 16:36:33 -0400
Source: gmime2.4
Binary: libgmime-2.4-dev libgmime-2.4-doc libgmime-2.4-2 libgmime2.4-cil 
libgmime2.4-cil-dev monodoc-gmime2.4-manual
Architecture: source i386 all
Version: 2.4.14-1+nmu1
Distribution: unstable
Urgency: high
Maintainer: Mirco Bauer <mee...@debian.org>
Changed-By: Michael Gilbert <michael.s.gilb...@gmail.com>
Description: 
 libgmime-2.4-2 - MIME message parser and creator library - runtime
 libgmime-2.4-dev - MIME message parser and creator library - development files
 libgmime-2.4-doc - MIME message parser and creator library - documentation
 libgmime2.4-cil - CLI binding for the GMime library
 libgmime2.4-cil-dev - CLI binding for the GMime library
 monodoc-gmime2.4-manual - compiled XML documentation for GMime
Closes: 573877
Changes: 
 gmime2.4 (2.4.14-1+nmu1) unstable; urgency=high
 .
   * Non-maintainer upload.
   * Fix a buffer overflow, CVE-2010-0409 (closes: #573877).
Checksums-Sha1: 
 c5add508990355267881d01901d3cc50226f3583 1666 gmime2.4_2.4.14-1+nmu1.dsc
 a3e1d1fcf3ff97ce49779735fd4c5c89d6d1ad49 5785 gmime2.4_2.4.14-1+nmu1.diff.gz
 f537244385590db799d14cfc70ac5faab39ce4e0 274200 
libgmime-2.4-dev_2.4.14-1+nmu1_i386.deb
 f40b969f2e474759bceb8e58c7a0bf9b9c1d8e17 217828 
libgmime-2.4-doc_2.4.14-1+nmu1_all.deb
 62cf90f936a63e82bf9492bbf8e79f89394ff1c2 218374 
libgmime-2.4-2_2.4.14-1+nmu1_i386.deb
 47497ffdcac2340cdb2b3f67eff28005ac167ac4 109858 
libgmime2.4-cil_2.4.14-1+nmu1_all.deb
 c9910a0e128377e2c47990696507e6c2997ab57e 74050 
libgmime2.4-cil-dev_2.4.14-1+nmu1_all.deb
 cf0d09266a066429da7cd34724f112adf140f4ee 131168 
monodoc-gmime2.4-manual_2.4.14-1+nmu1_all.deb
Checksums-Sha256: 
 5549610f4cb6f21ae1e82486f86e48b2bf5a2d6966a85d1f8a9737ad5e4bf025 1666 
gmime2.4_2.4.14-1+nmu1.dsc
 58dfd10627abe23a4af2d69d077d02fe2cb013ab8eab1ddca8cb817fed4e73c9 5785 
gmime2.4_2.4.14-1+nmu1.diff.gz
 85077105bdb10659c37c31f88a83ca43b1293e41984179c79513eadfb1cd1d94 274200 
libgmime-2.4-dev_2.4.14-1+nmu1_i386.deb
 6d3f0c8096c52e211dad97d3392200ac118089136bc3d4523eeeae8a821de9eb 217828 
libgmime-2.4-doc_2.4.14-1+nmu1_all.deb
 d76606909ece04defda37a76e89ee6d10655a53b0b5584d11d1e7606cbb6f070 218374 
libgmime-2.4-2_2.4.14-1+nmu1_i386.deb
 f5d1e7d87b22331deb746aee957f5707a0af0ddbc1f8bb51d4f9bccbe7255fca 109858 
libgmime2.4-cil_2.4.14-1+nmu1_all.deb
 f23ed19b79b5af3c3ab4bfc6eef5c789fbb7706edcebb7223f09bca16a1f49f2 74050 
libgmime2.4-cil-dev_2.4.14-1+nmu1_all.deb
 4d609f8a9d97c4b68895368e7bdd0dc66fa03ad987fe25148aec449433b3d50d 131168 
monodoc-gmime2.4-manual_2.4.14-1+nmu1_all.deb
Files: 
 758410b86c3918b4e9ec88f0dd11a63a 1666 libs optional gmime2.4_2.4.14-1+nmu1.dsc
 4617d0f7b2e3dd18a1c9008178731c11 5785 libs optional 
gmime2.4_2.4.14-1+nmu1.diff.gz
 3fdbecd8066c68fe218ae439aac4af21 274200 libdevel optional 
libgmime-2.4-dev_2.4.14-1+nmu1_i386.deb
 abcb00626fc73feae662c3d248fdbd5a 217828 doc optional 
libgmime-2.4-doc_2.4.14-1+nmu1_all.deb
 41aad0e73398740ec88fb4fd8b5e1452 218374 libs optional 
libgmime-2.4-2_2.4.14-1+nmu1_i386.deb
 adebb9c1adc268538e57859d21ed7881 109858 cli-mono optional 
libgmime2.4-cil_2.4.14-1+nmu1_all.deb
 592a10601621efbe0fc2eaf80971b06a 74050 cli-mono optional 
libgmime2.4-cil-dev_2.4.14-1+nmu1_all.deb
 204efe037209c2299bb10f84c5d17940 131168 doc optional 
monodoc-gmime2.4-manual_2.4.14-1+nmu1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkvDEL4ACgkQNxpp46476aqT8gCcDZAjRVKtyz4KcCnpA6chiT1i
+J0An1wVx5XUNR2B9BsIB9bV22nhvFH0
=nvrx
-----END PGP SIGNATURE-----

--- End Message ---

Bug#573877: marked as done (gmime2.4: CVE-2010-0409: buffer overflow can lead to DoS or arbitrary code execution)

Reply via email to