Bug#684121: marked as done (libotr2: Buffer overflows in libotr)

[Debian Bug Tracking System]

Your message dated Tue, 07 Aug 2012 10:47:16 +0000
with message-id <e1syhjk-0003pk...@franck.debian.org>
and subject line Bug#684121: fixed in libotr 3.2.1-1
has caused the Debian Bug report #684121,
regarding libotr2: Buffer overflows in libotr
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
684121: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684121
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: libotr2
Version: 3.2.0-4
Severity: grave
Tags: security upstream
Justification: user security hole

libotr contains buffer overflows in a few base64 decoding functions:
http://lists.cypherpunks.ca/pipermail/otr-dev/2012-July/001347.html

Fixes for the bugs are available from git:
http://lists.cypherpunks.ca/pipermail/otr-dev/2012-July/001348.html



-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=sv_SE.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libotr2 depends on:
ii  libc6        2.13-33
ii  libgcrypt11  1.5.0-3

libotr2 recommends no packages.

Versions of packages libotr2 suggests:
ii  libotr2-bin  3.2.0-4

-- no debconf information

--- End Message ---

--- Begin Message ---

Source: libotr
Source-Version: 3.2.1-1

We believe that the bug you reported is fixed in the latest version of
libotr, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 684...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thibaut VARENE <vare...@debian.org> (supplier of updated libotr package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 07 Aug 2012 12:24:15 +0200
Source: libotr
Binary: libotr2 libotr2-bin libotr2-dev
Architecture: source ia64
Version: 3.2.1-1
Distribution: unstable
Urgency: high
Maintainer: Thibaut VARENE <vare...@debian.org>
Changed-By: Thibaut VARENE <vare...@debian.org>
Description: 
 libotr2    - Off-the-Record Messaging library
 libotr2-bin - toolkit for Off-the-Record Messaging library
 libotr2-dev - Off-the-Record Messaging library development files
Closes: 684121
Changes: 
 libotr (3.2.1-1) unstable; urgency=high
 .
   * Fix potential buffer overflow in base64 routines (Closes: #684121)
Checksums-Sha1: 
 c973ac16b44360d0d2406134aa66937868ea9535 1212 libotr_3.2.1-1.dsc
 3dda6fe0eab35581a2b3c55ad47a2c32777b0f20 433016 libotr_3.2.1.orig.tar.gz
 b6635544f186771e84479e0d0b63bee134c5543a 4038 libotr_3.2.1-1.debian.tar.gz
 ac42df841302e9c133818b3fe9ee0496443af3ce 92712 libotr2_3.2.1-1_ia64.deb
 f35cb85433dc2ebd187017af79b6b3713096dbb8 67356 libotr2-bin_3.2.1-1_ia64.deb
 ba7aec17bc15782e5ed6142b9a146eb345c8e12c 84252 libotr2-dev_3.2.1-1_ia64.deb
Checksums-Sha256: 
 d7b16a0c0be579bd859a40fe39932af9a96a65093891701f0de0601faacefe53 1212 
libotr_3.2.1-1.dsc
 f809617eba43d5349e07c72112ed2ae0c41c6cc85fa76ffa7e59eb90aa391169 433016 
libotr_3.2.1.orig.tar.gz
 ea97a648e1a8bffa3b6be47a526f88108d0beb8fae8d2b65637c541285c881f3 4038 
libotr_3.2.1-1.debian.tar.gz
 1e766dd731380bc4d2d3fb1511f744c96784277cceecd191abae17777d5c2931 92712 
libotr2_3.2.1-1_ia64.deb
 babbf17adf869e27a04117f64425cc06fc3bd7b9e711af5fff104e8810519671 67356 
libotr2-bin_3.2.1-1_ia64.deb
 f18a944e05d1c600882aedfd273614c3df52b32ba76095761f64e5bc2f06d6f7 84252 
libotr2-dev_3.2.1-1_ia64.deb
Files: 
 8f49c309ee384278852d6ce422ed0796 1212 libs optional libotr_3.2.1-1.dsc
 24e3c94430086b08842701b9cb67b62c 433016 libs optional libotr_3.2.1.orig.tar.gz
 6cdee1859350f11c85f67fe7b2592fd1 4038 libs optional 
libotr_3.2.1-1.debian.tar.gz
 015f174a3ee56f0a3a1988e5cf51e3fc 92712 libs optional libotr2_3.2.1-1_ia64.deb
 606cd276bd4639516768dfe9d81c40ae 67356 misc optional 
libotr2-bin_3.2.1-1_ia64.deb
 985150fa4b6e3f95950541f65e90ed04 84252 libdevel optional 
libotr2-dev_3.2.1-1_ia64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAlAg7tsACgkQHjLD2rfS8GOZVQCeL9zjZ2BS24k1ljlDmRLDjR12
mOYAn0070b/+CWafalGplbARXF0Z6rW6
=EbY0
-----END PGP SIGNATURE-----

--- End Message ---