Bug#635836: marked as done (Multiple security issues found in audit)

[Debian Bug Tracking System]

Your message dated Fri, 29 Jul 2011 13:36:49 +0000
with message-id <e1qmnfb-0006ci...@franck.debian.org>
and subject line Bug#635836: fixed in minissdpd 1.0.20110729-1
has caused the Debian Bug report #635836,
regarding Multiple security issues found in audit
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
635836: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=635836
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: minissdpd
Severity: grave
Tags: security

Kees Cook made an audit of minissdpd for Ubuntu and found several
issues:
https://bugs.launchpad.net/ubuntu/+source/minissdpd/+bug/813313

Cheers,
        Moritz

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

--- End Message ---

--- Begin Message ---

Source: minissdpd
Source-Version: 1.0.20110729-1

We believe that the bug you reported is fixed in the latest version of
minissdpd, which is due to be installed in the Debian FTP archive:

minissdpd_1.0.20110729-1.diff.gz
  to main/m/minissdpd/minissdpd_1.0.20110729-1.diff.gz
minissdpd_1.0.20110729-1.dsc
  to main/m/minissdpd/minissdpd_1.0.20110729-1.dsc
minissdpd_1.0.20110729-1_amd64.deb
  to main/m/minissdpd/minissdpd_1.0.20110729-1_amd64.deb
minissdpd_1.0.20110729.orig.tar.gz
  to main/m/minissdpd/minissdpd_1.0.20110729.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 635...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thomas Goirand <z...@debian.org> (supplier of updated minissdpd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 29 Jul 2011 14:41:55 +0200
Source: minissdpd
Binary: minissdpd
Architecture: source amd64
Version: 1.0.20110729-1
Distribution: unstable
Urgency: high
Maintainer: Thomas Goirand <z...@debian.org>
Changed-By: Thomas Goirand <z...@debian.org>
Description: 
 minissdpd  - keep memory of all UPnP devices that announced themselves
Closes: 635836
Changes: 
 minissdpd (1.0.20110729-1) unstable; urgency=high
 .
   * New upstream release 1.0.20110729, fixing root exploit issue reported on
   launchpad (Closes: #635836) (LP: #813313), thanks to Moritz Muehlenhoff
   <j...@debian.org> for the bug report, and to falks at Ubuntu for the
   investigation of the issue.
   * Added build-arch: and build-indep: targets in debian/rules.
   * Bumped standard-version to 3.9.2.
Checksums-Sha1: 
 aee41d934ed07eb5cd4ea9287a70421871ccc2d9 1161 minissdpd_1.0.20110729-1.dsc
 2b9cd3e04af23c7b2f31d77e1ce5fb2a551d47d3 15898 
minissdpd_1.0.20110729.orig.tar.gz
 91275144d03b7e39cf8a4fc6cc3e40773504e76e 3216 minissdpd_1.0.20110729-1.diff.gz
 4fbf4a06b54cc2184bd8fb7e8686563a0ae2e789 15614 
minissdpd_1.0.20110729-1_amd64.deb
Checksums-Sha256: 
 78af96b504dd850acc82856fccae1045210d4633251ac54d3cb84aec73bd34d4 1161 
minissdpd_1.0.20110729-1.dsc
 288d0261aed670dc20323930ec8252745556ba4611414ef2abcd997713ec6283 15898 
minissdpd_1.0.20110729.orig.tar.gz
 195bbd164741a424d59653d739d4f0abe124ee2030b952465a2e8d5f3e49891f 3216 
minissdpd_1.0.20110729-1.diff.gz
 4dc63fa26fd91fce3790120abd218a1558aa421d405f55bb6a7ed0ff778f82c7 15614 
minissdpd_1.0.20110729-1_amd64.deb
Files: 
 11e8f6eea0bc8ec1ad8067bab3f5d774 1161 net optional minissdpd_1.0.20110729-1.dsc
 0056be3b9bd40f45c14151393fe7f15d 15898 net optional 
minissdpd_1.0.20110729.orig.tar.gz
 b2c1f97a6ec0c055e71b855d53197432 3216 net optional 
minissdpd_1.0.20110729-1.diff.gz
 da06523c65119b8a45102c8b7a67a2b5 15614 net optional 
minissdpd_1.0.20110729-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk4y+Y0ACgkQl4M9yZjvmkmeLgCfemr4jSivYlYUMLTa5oDKlYP/
NNgAnjzgLDx89yurzoJNmgkazBH0WwPI
=xXLW
-----END PGP SIGNATURE-----

--- End Message ---