Your message dated Sat, 07 Apr 2012 22:35:04 +0000
with message-id <e1sgedo-0004wt...@franck.debian.org>
and subject line Bug#667914: fixed in inspircd 2.0.5-0.1
has caused the Debian Bug report #667914,
regarding CVE-2012-1836: Buffer overflow
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
667914: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=667914
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: inspircd
Severity: grave
Tags: security
Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1836
for details and a link to the upstream fix.
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: inspircd
Source-Version: 2.0.5-0.1
We believe that the bug you reported is fixed in the latest version of
inspircd, which is due to be installed in the Debian FTP archive:
inspircd-dbg_2.0.5-0.1_amd64.deb
to main/i/inspircd/inspircd-dbg_2.0.5-0.1_amd64.deb
inspircd_2.0.5-0.1.debian.tar.gz
to main/i/inspircd/inspircd_2.0.5-0.1.debian.tar.gz
inspircd_2.0.5-0.1.dsc
to main/i/inspircd/inspircd_2.0.5-0.1.dsc
inspircd_2.0.5-0.1_amd64.deb
to main/i/inspircd/inspircd_2.0.5-0.1_amd64.deb
inspircd_2.0.5.orig.tar.bz2
to main/i/inspircd/inspircd_2.0.5.orig.tar.bz2
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 667...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jonathan Wiltshire <j...@debian.org> (supplier of updated inspircd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 07 Apr 2012 22:25:39 +0100
Source: inspircd
Binary: inspircd inspircd-dbg
Architecture: source amd64
Version: 2.0.5-0.1
Distribution: unstable
Urgency: low
Maintainer: Debian IRC Team <pkg-irc-maintain...@lists.alioth.debian.org>
Changed-By: Jonathan Wiltshire <j...@debian.org>
Description:
inspircd - Modular IRCd written in C++
inspircd-dbg - Modular IRCd written in C++ - debugging symbols
Closes: 519910 539569 545233 620960 641299 667914
Changes:
inspircd (2.0.5-0.1) unstable; urgency=low
.
[ Guillaume Delacour ]
* Add myself to uploaders.
* Remove Mario Iseli to uploaders (officially MIA)
* New upstream release (Closes: #545233, #519910, #620960, #641299)
* debian/rules:
+ Use hardening build options (DEB_BUILD_HARDENING)
+ Use debhelper 8 template
+ Delete unrecognized option "disable-rpath" on configure
+ Add support for all DFSG extra modules
(mysql, sqlite, pgsql, ldap, pcre, geoip)
(Closes: #539569)
+ Allow parallel build through DEB_BUILD_OPTIONS
+ Don't remove docs/rfc in upstream tarball as the files are not installed
* debian/compat: Use debhelper version 8
* debian/control:
+ Bump to Standards-Version 3.9.2 (no changes needed)
+ Switch to dpkg-source 3.0 (quilt) format and drop dpatch Build-Depends
+ Build-Depend on extra modules libraries: libldap2-dev, libpcre3-dev,
libmysqlclient-dev, libpq-dev, libsqlite3-dev, libssl-dev, zlib1g-dev,
libgeoip-dev, libtre-dev and split to 80 columns
+ Build-Depends on hardening-wrapper
+ Build-Depends on debhelper >= 8.0.0
+ Depends on lsb-base (debian/inspircd.init)
+ Suggests sqlite3, mysql-server, ldap-server, postgresql, gnutls-bin
+ Remove ${shlibs:Depends} and add (= ${binary:Version}) for debugging
symbols package
+ Change Vcs-{Svn,Browser}, point to inspircd2 repository
* debian/patches:
- 01_fix_config_reload.dpatch: drop old upstream patch
- 02_fix_gnutls_config.dpatch: drop old upstream patch
- 03_use_pkg-config_gnutls.dpatch: drop old upstream patch
- 04_gcc44_fixes.dpatch: drop old upstream patch
+ 01_spelling_error.diff: fix some spelling errors in modules
+ 02_disable_rpath_for_extra_modules.diff: disable rpath for modules
* debian/inspircd.examples:
+ Upstream examples files are now in docs/
+ Provide upstream databases schemas examples
* debian/inspircd.init:
+ Source /lib/lsb/init-functions and add status parameter
+ Add dependency on $remote_fs in Required-St{art,op}
+ Modify IRCDARGS to load /etc/inspircd/inspircd.conf
+ Delete unnecessary spaces
* debian/README.Debian: Delete unnecessary spaces
* debian/inspircd.install: Copy configuration files to the right place
* debian/inspircd.1:
+ Fix path of configuration file
+ Delete unnecessary spaces
* debian/watch: update url to project website (SF not up2date)
* debian/README.source: use quilt to patch
* debian/inspircd.postrm: Don't remove /etc/inspircd as it may contains
locally added files
* debian/inspircd.conf: Update proposed default configuration due to
upstream changes (tags security, performance and log), line break to 80
and load absolute path for /etc/inspircd/inspircd.{motd,rules}
.
[ Jonathan Wiltshire ]
* Non-maintainer upload.
This is really sponsorship with an added patch, but technically still
an NMU.
* Patch 03_CVE-2012-1836: protect against buffer overflow vulnerability
in src/dns.cpp (merge from upstream)
Closes: #667914 CVE-2012-1836
Checksums-Sha1:
0525ce9529d0ba526ba5d167a063d76727eed9a7 2330 inspircd_2.0.5-0.1.dsc
2f316e33e1e53b70513fd55089206fe13f4287fa 575852 inspircd_2.0.5.orig.tar.bz2
c253fc02acab652cfbd09af1846b5b27de757e51 14845 inspircd_2.0.5-0.1.debian.tar.gz
e56a3015b54d9ee5fc411aee90cfc7431c9314af 2535358 inspircd_2.0.5-0.1_amd64.deb
3a1cc6efbc533787b5d49ed9db503dc29a709553 1303458
inspircd-dbg_2.0.5-0.1_amd64.deb
Checksums-Sha256:
307b10ed773ffe64e2a2fe6a62b355ec2ad9d3d5b7e71d1a1e2fd11be478f660 2330
inspircd_2.0.5-0.1.dsc
425bf79ae1348b398ce6d2348f6cc8baeebe8125f62337e98c136942223f4fc6 575852
inspircd_2.0.5.orig.tar.bz2
8f89ba4150eecdae56110903ae7541940842a5244bf65d7680338fa5b5fc353a 14845
inspircd_2.0.5-0.1.debian.tar.gz
af7c5d3348decd884b5aabd6f8a58515d3f29caef22e62378e2c45388ab59bce 2535358
inspircd_2.0.5-0.1_amd64.deb
0df8caf582bd4ca71c736f7fd1c2cd2a7c63e0d5dd67be19986cc392b8d4c097 1303458
inspircd-dbg_2.0.5-0.1_amd64.deb
Files:
c4e189bf332791ac1d493073e66b9eaa 2330 net optional inspircd_2.0.5-0.1.dsc
60dec04bdc8f8c473f3c7bd774a1f153 575852 net optional
inspircd_2.0.5.orig.tar.bz2
509898aa838a1b2973ba71187b20f7e7 14845 net optional
inspircd_2.0.5-0.1.debian.tar.gz
ff7c489867e1094e3c6b5364516cc76e 2535358 net optional
inspircd_2.0.5-0.1_amd64.deb
ea6e541fac60a6dd5f15570561976dda 1303458 debug extra
inspircd-dbg_2.0.5-0.1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBAgAGBQJPgL0cAAoJEFOUR53TUkxRpMkP/iFcCEUULTaDh/HmbL0yg2E/
eizh71W69lFppoUZaVs2usf+3Dh/ub+1i9oZnd5vISfbmdqTROfpywQ3Khv/KOeE
j0C4Kpbhgoa91bHMijRdlqyd1CLY9CiV6kCxv7oY529dmBorbkFsUZ0DTpnPncCW
MuLo0wZ4vHb++5SifKNy7OJLf6e8MGnOiY6XmmJZ0BEbTgGlsqxltxY92xmu9NTC
i9NjaiHsk1zeZ2UUqeizgC4/aheutaRlwyxTrhdT9oehCJ7KfP8QeDUgqK9wYDmK
JFrOtcPOyBtNlvQbRWTa1vYLvCyngMsHjwPj9gXYv27iY8lf0Ue7i9PokZGZD5sJ
P4FWqeLp30wiSm5VD5l2iGesSPKup1mmggjyjuFCzn2pPkoJqy3qxjQxvJdgsiTL
i2Z28k3wI0c67nqZh04H5XkmsAOd3eJoR0ap+sTF/sU75r19zXPpqFdr0q5J/ZGj
exj6l1uUPjTh/z71l+rXXtVHbTC8mwYFogDdiJL75RC4tPyoQADZL0c26TFw6sCz
zBYs42jIb612bYkrxDNEqaptFxvEX0M6E8ensCqnWpLRzfU+beYcXyuRL4M4wXFF
TAjaKDC3kjyRuZxoHRwDUozHd6H9z30IdiIb/PdEfd8iVjTiC01uvubhUnGiJcDB
N0MPisiyDS8zxJGVpjwd
=nOEu
-----END PGP SIGNATURE-----
--- End Message ---
