Your message dated Wed, 18 Aug 2010 00:02:07 +0000
with message-id <e1olw6z-0001b5...@franck.debian.org>
and subject line Bug#593299: fixed in barnowl 1.6.2-1
has caused the Debian Bug report #593299,
regarding barnowl: CVE-2010-2725
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
593299: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=593299
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: barnowl
Version: 1.5.1-1
Severity: serious
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for barnowl.
CVE-2010-2725[0]:
| BarnOwl before 1.6.2 does not check the return code of calls to the
| (1) ZPending and (2) ZReceiveNotice functions in libzephyr, which
| allows remote attackers to cause a denial of service (crash) and
| possibly execute arbitrary code via unknown vectors.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2725
http://security-tracker.debian.org/tracker/CVE-2010-2725
--- End Message ---
--- Begin Message ---
Source: barnowl
Source-Version: 1.6.2-1
We believe that the bug you reported is fixed in the latest version of
barnowl, which is due to be installed in the Debian FTP archive:
barnowl_1.6.2-1.debian.tar.gz
to main/b/barnowl/barnowl_1.6.2-1.debian.tar.gz
barnowl_1.6.2-1.dsc
to main/b/barnowl/barnowl_1.6.2-1.dsc
barnowl_1.6.2-1_i386.deb
to main/b/barnowl/barnowl_1.6.2-1_i386.deb
barnowl_1.6.2.orig.tar.gz
to main/b/barnowl/barnowl_1.6.2.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 593...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sam Hartman <hartm...@debian.org> (supplier of updated barnowl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 17 Aug 2010 18:47:15 -0400
Source: barnowl
Binary: barnowl
Architecture: source i386
Version: 1.6.2-1
Distribution: unstable
Urgency: low
Maintainer: Sam Hartman <hartm...@debian.org>
Changed-By: Sam Hartman <hartm...@debian.org>
Description:
barnowl - A curses-based tty Jabber, IRC, AIM and Zephyr client
Closes: 593299
Changes:
barnowl (1.6.2-1) unstable; urgency=low
.
* New Upstream version
* Fixes cve-2010-2725, Closes: #593299
* Build conflict with barnowl because t/mock.pl is broken and old
version of barnowl mess up current versions tests.
Checksums-Sha1:
d6c61ad329eb967ffcb7831dec902bb25dd7597b 1313 barnowl_1.6.2-1.dsc
26331a81c0def4bcfc99518c6d0ef781ae1fc4a3 850059 barnowl_1.6.2.orig.tar.gz
0f3a3b8e16755e2659cc1bd5acfc68435a36b652 6615 barnowl_1.6.2-1.debian.tar.gz
fdc2db73cd197970c79096849f567e392b51fe83 505838 barnowl_1.6.2-1_i386.deb
Checksums-Sha256:
c7beb52c3a8da23f9d2079e6850623dbfcf27876282cef20301bd5700a6411f5 1313
barnowl_1.6.2-1.dsc
a3e7a05275fc44004067bdcfa1dfd99847d9a176c284b7261087a51828a89545 850059
barnowl_1.6.2.orig.tar.gz
44187eb3375ff2c3e62c3e4dadca8f2ef032e1d5dfaf3e831bd30c06ebdb96c0 6615
barnowl_1.6.2-1.debian.tar.gz
5a81ff8999b537acbda1743adde8f2aed06471a3acdc5b8e0d044da827ff7a43 505838
barnowl_1.6.2-1_i386.deb
Files:
fa3c3ce3664d81f4a43117ed68162aa7 1313 net optional barnowl_1.6.2-1.dsc
e21529853f276c9d75be2975767ae45e 850059 net optional barnowl_1.6.2.orig.tar.gz
388d92c0bfe4b8447b22b519b0eac2db 6615 net optional
barnowl_1.6.2-1.debian.tar.gz
7e2ecef58daf88e194be9c873c5eeaa0 505838 net optional barnowl_1.6.2-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkxrGwAACgkQ/I12czyGJg+45gCgrq6brbYy+cPaQIHTRB3d1vi5
dC4AoOrLimSv7XLOg+s6DdUh+14VMe4N
=BWKA
-----END PGP SIGNATURE-----
--- End Message ---
