Bug#594393: marked as done (CVE-2010-2947)

Wed, 25 Aug 2010 18:03:21 -0700 

Your message dated Thu, 26 Aug 2010 01:02:17 +0000
with message-id <e1ooqrb-0000c2...@franck.debian.org>
and subject line Bug#594393: fixed in libhx 3.5-2
has caused the Debian Bug report #594393,
regarding CVE-2010-2947
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
594393: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594393
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: libhx
Severity: grave
Tags: security

The following was posted to oss-security and has been assigned CVE-2010-2947:

---

http://libhx.git.sourceforge.net/git/gitweb.cgi?p=libhx/libhx;a=commitdiff;h=904a46f90dd3f046bfac0b64a5e813d7cd4fca59
string: fixed buffer overflow in HX_split when too few fields are present
Jan Engelhardt [Mon, 16 Aug 2010 17:08:51 +0000 (19:08 +0200)]

When HX_split is called with a maximum number of desired fields (4th
argument != 0), passing in a string that has less fields than that led
to a buffer overrun (write beyond end of malloc'd area).

--

Please check whether stable is affected.

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

--- End Message ---
--- Begin Message --- 
Source: libhx
Source-Version: 3.5-2

We believe that the bug you reported is fixed in the latest version of
libhx, which is due to be installed in the Debian FTP archive:

libhx-dev_3.5-2_amd64.deb
  to main/libh/libhx/libhx-dev_3.5-2_amd64.deb
libhx-doc_3.5-2_amd64.deb
  to main/libh/libhx/libhx-doc_3.5-2_amd64.deb
libhx25_3.5-2_amd64.deb
  to main/libh/libhx/libhx25_3.5-2_amd64.deb
libhx_3.5-2.debian.tar.gz
  to main/libh/libhx/libhx_3.5-2.debian.tar.gz
libhx_3.5-2.dsc
  to main/libh/libhx/libhx_3.5-2.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 594...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bastian Kleineidam <cal...@debian.org> (supplier of updated libhx package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 10 Aug 2010 21:10:19 +0200
Source: libhx
Binary: libhx25 libhx-dev libhx-doc
Architecture: source amd64
Version: 3.5-2
Distribution: unstable
Urgency: high
Maintainer: Bastian Kleineidam <cal...@debian.org>
Changed-By: Bastian Kleineidam <cal...@debian.org>
Description: 
 libhx-dev  - Development files for libhx
 libhx-doc  - Documentation files for libhx
 libhx25    - A library providing queue, tree, I/O and utility functions
Closes: 594393
Changes: 
 libhx (3.5-2) unstable; urgency=high
 .
   * Fixed debian/watch regex.
   * Add fix for CVE-2010-2947. High urgency due to security fix.
     (Closes: #594393)
Checksums-Sha1: 
 4195de86567d4bb6122cb6a903075999c747db37 1069 libhx_3.5-2.dsc
 79d9bfa1bd90149f317c858d4f430307e10f5cb7 3473 libhx_3.5-2.debian.tar.gz
 92276cd96d0a45988209e40d68bde277055ae06d 36412 libhx25_3.5-2_amd64.deb
 a7a39a7cccfd5bcd58713ad4bfbf352ffbde3768 47138 libhx-dev_3.5-2_amd64.deb
 63031b027548e35b875539770c898ba7046c96b2 483328 libhx-doc_3.5-2_amd64.deb
Checksums-Sha256: 
 1d8ed8adc72a8720435ec76ea0bffd03fe763bdbd645ffedd57193c1e690840c 1069 
libhx_3.5-2.dsc
 6b7a27afebf4776c79c503f956e3913682c3df258e61ce9bfbbe265bbc8e8dd7 3473 
libhx_3.5-2.debian.tar.gz
 f9a4ba2e4ad96444e9681e277d8a77899295ebbf9374f48d2a5ca075cc0dd6bf 36412 
libhx25_3.5-2_amd64.deb
 8b22258160d4e11eb19aefc68f559111f3475d40863c182c609c405fbdd96aea 47138 
libhx-dev_3.5-2_amd64.deb
 26a8b04a5d2eb024069a33a1f019acb682646429306e637bda357fcb87c1495f 483328 
libhx-doc_3.5-2_amd64.deb
Files: 
 4578f1e0fa16d950845fd457ab4eff2a 1069 libs extra libhx_3.5-2.dsc
 22a322a05e082ff3c35452d878b0c951 3473 libs extra libhx_3.5-2.debian.tar.gz
 29d9c2b8ba3d5da5f6b41e56dfa9fb7b 36412 libs extra libhx25_3.5-2_amd64.deb
 2b8b80eda8fc062c2597ca47675cfa22 47138 libdevel extra libhx-dev_3.5-2_amd64.deb
 6a21b4353c354b7b40088a9918b2f0fb 483328 doc extra libhx-doc_3.5-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkx1ga4ACgkQeBwlBDLsbz6Q4QCcCA0x5tiIL1L2BDmtTNCt0oQd
4mwAoMFZaEidKOK80IXCbsquFiEJJU1y
=uw2g
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to