Your message dated Thu, 26 Aug 2010 07:32:10 +0000
with message-id <e1oowwu-0004kw...@franck.debian.org>
and subject line Bug#594300: fixed in lynx-cur 2.8.8dev.5-1
has caused the Debian Bug report #594300,
regarding CVE-2010-2810: Heap-based buffer overflow
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
594300: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594300
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: lynx-cur
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for lynx-cur.
CVE-2010-2810[0]:
| Heap-based buffer overflow in the convert_to_idna function in
| WWW/Library/Implementation/HTParse.c in Lynx 2.8.8dev.1 through
| 2.8.8dev.4 allows remote attackers to cause a denial of service
| (application crash) or possibly execute arbitrary code via a malformed
| URL containing a % (percent) character in the domain name.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2810
http://security-tracker.debian.org/tracker/CVE-2010-2810
Cheers,
Giuseppe.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkx0w80ACgkQNxpp46476aroEgCeL1nbj8J2tIr13q2y4Bc712rU
uncAnjVm0hTC4nESvaq7j1RV50gkVlQZ
=L8OU
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: lynx-cur
Source-Version: 2.8.8dev.5-1
We believe that the bug you reported is fixed in the latest version of
lynx-cur, which is due to be installed in the Debian FTP archive:
lynx-cur-wrapper_2.8.8dev.5-1_all.deb
to main/l/lynx-cur/lynx-cur-wrapper_2.8.8dev.5-1_all.deb
lynx-cur_2.8.8dev.5-1.diff.gz
to main/l/lynx-cur/lynx-cur_2.8.8dev.5-1.diff.gz
lynx-cur_2.8.8dev.5-1.dsc
to main/l/lynx-cur/lynx-cur_2.8.8dev.5-1.dsc
lynx-cur_2.8.8dev.5-1_i386.deb
to main/l/lynx-cur/lynx-cur_2.8.8dev.5-1_i386.deb
lynx-cur_2.8.8dev.5.orig.tar.gz
to main/l/lynx-cur/lynx-cur_2.8.8dev.5.orig.tar.gz
lynx_2.8.8dev.5-1_all.deb
to main/l/lynx-cur/lynx_2.8.8dev.5-1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 594...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Atsuhito KOHDA <ko...@debian.org> (supplier of updated lynx-cur package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 26 Aug 2010 09:50:33 +0900
Source: lynx-cur
Binary: lynx-cur lynx-cur-wrapper lynx
Architecture: source all i386
Version: 2.8.8dev.5-1
Distribution: unstable
Urgency: high
Maintainer: Atsuhito KOHDA <ko...@debian.org>
Changed-By: Atsuhito KOHDA <ko...@debian.org>
Description:
lynx - Text-mode WWW Browser (transitional package)
lynx-cur - Text-mode WWW Browser with NLS support (development version)
lynx-cur-wrapper - Wrapper for lynx-cur
Closes: 489360 490265 575922 592718 594300
Changes:
lynx-cur (2.8.8dev.5-1) unstable; urgency=high
.
* New upstream release. This should fix a security bug so urgency=high.
* Fixed a security bug, CVE-2010-2810 (Closes: #594300)
* A fix for #592078 with patch-3 is not necessary so removed it.
* Some bugs forgotten to be closed.
- unable to reproduce. (Closes: #575922)
- a problem of gnutls. (Closes: #592718)
- if necessary, please reopen. (Closes: #490265)
- only a report of a patch for 2.8.7dev9-1.1 (Closes: #489360)
Checksums-Sha1:
860d7c7e87cb4f9b3dc74e4ccb1ae3f1cb56d646 1181 lynx-cur_2.8.8dev.5-1.dsc
3ac9ca1cb38f8d380828e9fd4efce2b8e972dccf 3451625
lynx-cur_2.8.8dev.5.orig.tar.gz
3265b377743620d4b428d2da67e377b8e3b6cc98 31898 lynx-cur_2.8.8dev.5-1.diff.gz
17633e1ce71deb92a2012428ed455623dec38736 219948
lynx-cur-wrapper_2.8.8dev.5-1_all.deb
359ebd078fdd742df42636bd7a2fb088cd00229f 217418 lynx_2.8.8dev.5-1_all.deb
080d9cb862d77f0e76ec8809081b3931f3b6a91c 2114860 lynx-cur_2.8.8dev.5-1_i386.deb
Checksums-Sha256:
d000fe5cfb0e8405a7729eafc696cc8b17291570ed48670e2ecf23d437905aa4 1181
lynx-cur_2.8.8dev.5-1.dsc
d2fe593505d7f33f46f5a9ae20ee2e55bbbb614fabeaac7e88e2a75c5f859586 3451625
lynx-cur_2.8.8dev.5.orig.tar.gz
2247d9e01a0b25b7fec2523941f66f47a90e98ca4a25c56449d86d057195eda5 31898
lynx-cur_2.8.8dev.5-1.diff.gz
52ada74577c7bb88ffe5f1bf54b26d32f15c90dde04e971cd7490a02ce2828e3 219948
lynx-cur-wrapper_2.8.8dev.5-1_all.deb
c8fb1fbcf083b0b10e45dcb177826e394acc57019d8b31bcd667a13548009050 217418
lynx_2.8.8dev.5-1_all.deb
026f132aec4b38dcf8d44f6855c4ad0e7c3a6b44761cd2aa28dd5d1af2686465 2114860
lynx-cur_2.8.8dev.5-1_i386.deb
Files:
33a6b6f3101ec76972d175cb34c6ca09 1181 web extra lynx-cur_2.8.8dev.5-1.dsc
c565ee195d3a9d331f27dcd1f52f5922 3451625 web extra
lynx-cur_2.8.8dev.5.orig.tar.gz
f2a8969c74f63777fb517986542c1444 31898 web extra lynx-cur_2.8.8dev.5-1.diff.gz
08e9f964af87a40339d5744909c3a14a 219948 web extra
lynx-cur-wrapper_2.8.8dev.5-1_all.deb
5f29cd3762c18dce5c9729f969e8af65 217418 web extra lynx_2.8.8dev.5-1_all.deb
9a0e416b640d65faa8de90244ab0cf13 2114860 web extra
lynx-cur_2.8.8dev.5-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkx18hoACgkQ1IXdL1v6kOwKoACfblkdFfTupm1nIE6gheUMeO7p
vuwAoJS4jm0YX0tbqWYClUse7Rz9BeZi
=WiE5
-----END PGP SIGNATURE-----
--- End Message ---
