Your message dated Mon, 17 Oct 2005 17:02:12 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#334423: fixed in lynx-cur 2.8.6-16
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 17 Oct 2005 19:52:53 +0000
>From [EMAIL PROTECTED] Mon Oct 17 12:52:53 2005
Return-path: <[EMAIL PROTECTED]>
Received: from mail.enyo.de [212.9.189.167]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1ERb2T-00033f-00; Mon, 17 Oct 2005 12:52:53 -0700
Received: from deneb.vpn.enyo.de ([212.9.189.177] helo=deneb.enyo.de)
by albireo.enyo.de with esmtp id 1ERb2S-0007MK-P2
for [EMAIL PROTECTED]; Mon, 17 Oct 2005 21:52:52 +0200
Received: from fw by deneb.enyo.de with local (Exim 4.54)
id 1ERb1N-0004Vq-U2
for [EMAIL PROTECTED]; Mon, 17 Oct 2005 21:51:45 +0200
From: Florian Weimer <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: [CAN-2005-3120] buffer overflow in nntp schema handling
Date: Mon, 17 Oct 2005 21:51:45 +0200
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Package: lynx, lynx-cur
Severity: grave
Tags: security
Various vendors have reported a remotely exploitable buffer overflow
vulnerability in Lynx.
From: Martin Pitt <[EMAIL PROTECTED]>
Subject: [USN-206-1] Lynx vulnerability
To: [EMAIL PROTECTED]
Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
Date: Mon, 17 Oct 2005 11:40:48 +0200
Message-ID: <[EMAIL PROTECTED]>
===========================================================
Ubuntu Security Notice USN-206-1 October 17, 2005
lynx vulnerability
CAN-2005-3120
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)
The following packages are affected:
lynx
The problem can be corrected by upgrading the affected package to
version 2.8.5-1ubuntu1.1 (for Ubuntu 4.10), 2.8.5-2ubuntu0.5.04 (for
Ubuntu 5.04), or 2.8.5-2ubuntu0.5.10 (for Ubuntu 5.10). In general, a
standard system upgrade is sufficient to effect the necessary changes.
Details follow:
Ulf Harnhammar discovered a remote vulnerability in Lynx when
connecting to a news server (NNTP). The function that added missing
escape chararacters to article headers did not check the size of the
target buffer. Specially crafted news entries could trigger a buffer
overflow, which could be exploited to execute arbitrary code with the
privileges of the user running lynx. In order to exploit this, the
user is not even required to actively visit a news site with Lynx
since a malicious HTML page could automatically redirect to an nntp://
URL with malicious news items.
[...]
---------------------------------------
Received: (at 334423-close) by bugs.debian.org; 18 Oct 2005 00:08:02 +0000
>From [EMAIL PROTECTED] Mon Oct 17 17:08:02 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
id 1ERevk-0005cI-00; Mon, 17 Oct 2005 17:02:12 -0700
From: Atsuhito KOHDA <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#334423: fixed in lynx-cur 2.8.6-16
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Mon, 17 Oct 2005 17:02:12 -0700
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 2
Source: lynx-cur
Source-Version: 2.8.6-16
We believe that the bug you reported is fixed in the latest version of
lynx-cur, which is due to be installed in the Debian FTP archive:
lynx-cur-wrapper_2.8.6-16_all.deb
to pool/main/l/lynx-cur/lynx-cur-wrapper_2.8.6-16_all.deb
lynx-cur_2.8.6-16.diff.gz
to pool/main/l/lynx-cur/lynx-cur_2.8.6-16.diff.gz
lynx-cur_2.8.6-16.dsc
to pool/main/l/lynx-cur/lynx-cur_2.8.6-16.dsc
lynx-cur_2.8.6-16_i386.deb
to pool/main/l/lynx-cur/lynx-cur_2.8.6-16_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Atsuhito KOHDA <[EMAIL PROTECTED]> (supplier of updated lynx-cur package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 18 Oct 2005 08:27:39 +0900
Source: lynx-cur
Binary: lynx-cur-wrapper lynx-cur
Architecture: source i386 all
Version: 2.8.6-16
Distribution: unstable
Urgency: low
Maintainer: Atsuhito KOHDA <[EMAIL PROTECTED]>
Changed-By: Atsuhito KOHDA <[EMAIL PROTECTED]>
Description:
lynx-cur - Text-mode WWW Browser with NLS support (development version)
lynx-cur-wrapper - Wrapper for lynx-cur
Closes: 332360 334423
Changes:
lynx-cur (2.8.6-16) unstable; urgency=low
.
* This is of 2.8.6dev.13 (closes: #334423)
- eliminate fixed-size buffers in LYExpandHostForURL() to guard against
buffer overflow resulting from too-long domain prefix/suffix data from
lynx.cfg (report by Ulf Harnhammar, CAN-2005-3120) -TD
* Added Swedish translation for debconf messages. Thanks to Daniel Nylander
<[EMAIL PROTECTED]> (closes: #332360)
Files:
cc15d5371eaa348a7e0a059b1204ef09 655 web extra lynx-cur_2.8.6-16.dsc
c0c93f835d5e5ce7c5c61456e75c7ed9 2915036 web extra lynx-cur_2.8.6-16.diff.gz
912e3ebf7d843acde5391445dcaf4b7b 12576 web extra
lynx-cur-wrapper_2.8.6-16_all.deb
8aad50332ed262b08c2604b273e3a20f 1924174 web extra lynx-cur_2.8.6-16_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDVDYN1IXdL1v6kOwRAn7NAJsE9yAzYrD5pPqzOq9NUuWZQbeNgACeN8T7
fuSh1dWQOoHU3S9TBvHM1S8=
=SAz1
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
