Your message dated Sun, 04 Mar 2012 22:47:09 +0000
with message-id <e1s4kcr-0007ii...@franck.debian.org>
and subject line Bug#654785: fixed in plib 1.8.5-5+squeeze1
has caused the Debian Bug report #654785,
regarding CVE-2011-4620: Buffer overflow
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
654785: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654785
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: plib
Severity: grave
Tags: security
Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4620
for references.
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: plib
Source-Version: 1.8.5-5+squeeze1
We believe that the bug you reported is fixed in the latest version of
plib, which is due to be installed in the Debian FTP archive:
libplib-dev_1.8.5-5+squeeze1_amd64.deb
to main/p/plib/libplib-dev_1.8.5-5+squeeze1_amd64.deb
libplib1_1.8.5-5+squeeze1_amd64.deb
to main/p/plib/libplib1_1.8.5-5+squeeze1_amd64.deb
plib_1.8.5-5+squeeze1.diff.gz
to main/p/plib/plib_1.8.5-5+squeeze1.diff.gz
plib_1.8.5-5+squeeze1.dsc
to main/p/plib/plib_1.8.5-5+squeeze1.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 654...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Aron Xu <a...@debian.org> (supplier of updated plib package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 01 Mar 2012 20:39:21 +0800
Source: plib
Binary: libplib1 libplib-dev
Architecture: source amd64
Version: 1.8.5-5+squeeze1
Distribution: stable-security
Urgency: high
Maintainer: Bradley Smith <bradsm...@debian.org>
Changed-By: Aron Xu <a...@debian.org>
Description:
libplib-dev - Portability Libraries: Development package
libplib1 - Portability Libraries: Run-time package
Closes: 654785
Changes:
plib (1.8.5-5+squeeze1) stable-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Use vsnprintf to fix buffer overflow CVE-2011-4620 (Closes: #654785).
Checksums-Sha1:
f973bdd0d171298153245dd2e6a6abd62b81f827 1550 plib_1.8.5-5+squeeze1.dsc
c2cf7e3e1e58f7b63dae4bb21e4fa82c3e4d4cfc 779133 plib_1.8.5.orig.tar.gz
5fce9466c9208783c91c83017a478fc65526ca65 10028 plib_1.8.5-5+squeeze1.diff.gz
74351f525659e9f5cc582907c04bcb7bcd6850ba 643686
libplib1_1.8.5-5+squeeze1_amd64.deb
abf94656310d647b739d8c3a9a9ee56c3e640eee 933860
libplib-dev_1.8.5-5+squeeze1_amd64.deb
Checksums-Sha256:
2d42d73c94dbef8ef49fef597ef3971d265741b1d04b4c7bdac3925c6f31a307 1550
plib_1.8.5-5+squeeze1.dsc
485b22bf6fdc0da067e34ead5e26f002b76326f6371e2ae006415dea6a380a32 779133
plib_1.8.5.orig.tar.gz
88d5d67f9bb5f1628536dd1264614b1ab737db7af7c711746565ac6ff1e3377b 10028
plib_1.8.5-5+squeeze1.diff.gz
cf7a5dc153d65edf02b2db6460a0a940951bb49e95c553055135d59b74ea58d4 643686
libplib1_1.8.5-5+squeeze1_amd64.deb
6a3f5bda4a35d788415f18807ceab8486697c3430b3d676e01d74b219306c67c 933860
libplib-dev_1.8.5-5+squeeze1_amd64.deb
Files:
ae02ad1184ace2a0fd417df32d586556 1550 devel extra plib_1.8.5-5+squeeze1.dsc
47a6fbf63668c1eed631024038b2ea90 779133 devel extra plib_1.8.5.orig.tar.gz
30d96b19bc1fe7f5d790c30778d9a5af 10028 devel extra
plib_1.8.5-5+squeeze1.diff.gz
37c392a09e57d454a86780fe3241d662 643686 libs extra
libplib1_1.8.5-5+squeeze1_amd64.deb
cdcf7d0fccc79cc44b2b386c7a53431e 933860 libdevel extra
libplib-dev_1.8.5-5+squeeze1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBCgAGBQJPU6Z8AAoJEIAhAkTu07wNdQwIANQFZFO79oXqwtQcLtF0EEb8
XqZLG3lbVDX2pBaVhRm2o350gm40Qd5gT6L0xLu7r2n9kt5h0hEEIqETyyW7wnV2
DE7dSWVZHDo+vXFghBH+5pV3PQiYagF/g4+5Oii46tHyWO3N94Sw1XQ1vjLoHj1H
aEl/dkzReYq6g6sBKwjwacQoNCsLDuOKvHTRpqJfAtR5+DpbDwk4wptw7rtrYgO3
NoOKZ1yb4M+lMz5ScIiGHja8PEdzzZdNeiy4vDI3T5ZDLo7lmSXxN72RUoV+xG0t
f1Hd1kqGS4V96Jg1+iZBhbOn6Xcp/R/W69aeNBpdBMHg/jiI25h7e9QjKaKfHQE=
=ojp/
-----END PGP SIGNATURE-----
--- End Message ---
