Your message dated Sun, 12 Aug 2012 20:47:05 +0000 with message-id <e1t0f3x-0007lj...@franck.debian.org> and subject line Bug#684121: fixed in libotr 3.2.0-2+squeeze1 has caused the Debian Bug report #684121, regarding libotr2: Buffer overflows in libotr to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 684121: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684121 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: libotr2 Version: 3.2.0-4 Severity: grave Tags: security upstream Justification: user security hole libotr contains buffer overflows in a few base64 decoding functions: http://lists.cypherpunks.ca/pipermail/otr-dev/2012-July/001347.html Fixes for the bugs are available from git: http://lists.cypherpunks.ca/pipermail/otr-dev/2012-July/001348.html -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/8 CPU cores) Locale: LANG=sv_SE.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages libotr2 depends on: ii libc6 2.13-33 ii libgcrypt11 1.5.0-3 libotr2 recommends no packages. Versions of packages libotr2 suggests: ii libotr2-bin 3.2.0-4 -- no debconf information
--- End Message ---
--- Begin Message ---Source: libotr Source-Version: 3.2.0-2+squeeze1 We believe that the bug you reported is fixed in the latest version of libotr, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 684...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Nico Golde <n...@debian.org> (supplier of updated libotr package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 12 Aug 2012 11:39:08 +0000 Source: libotr Binary: libotr2 libotr2-bin libotr2-dev Architecture: source amd64 Version: 3.2.0-2+squeeze1 Distribution: stable-security Urgency: high Maintainer: Thibaut VARENE <vare...@debian.org> Changed-By: Nico Golde <n...@debian.org> Description: libotr2 - Off-the-Record Messaging library libotr2-bin - toolkit for Off-the-Record Messaging library libotr2-dev - Off-the-Record Messaging library development files Closes: 684121 Changes: libotr (3.2.0-2+squeeze1) stable-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix potential buffer overflows in base64 handling (CVE-2012-3461; Closes: #684121). Checksums-Sha1: 2347391b05924a5f6a5de23652dab9f70ffb9917 1073 libotr_3.2.0-2+squeeze1.dsc e5e10b8ddaf59b0ada6046d156d0431cd2790db9 430299 libotr_3.2.0.orig.tar.gz 0fd785698ab2f07591ebc0c621d01a31cd926438 4602 libotr_3.2.0-2+squeeze1.diff.gz 80d42c3aa064b167569ebef68c28b31471831415 77338 libotr2_3.2.0-2+squeeze1_amd64.deb 1be920771dfe0ca1b8aa335556a9da4c33524cc1 40054 libotr2-bin_3.2.0-2+squeeze1_amd64.deb 8eb5aad020a8b2e0066d9c8313ddb97de16fbfd2 65766 libotr2-dev_3.2.0-2+squeeze1_amd64.deb Checksums-Sha256: 35dc58aa168a9dbf676b3ecba2f31aaf0b0f96aaa3e81c7a3f8e7db7115af7da 1073 libotr_3.2.0-2+squeeze1.dsc d83b9d20e36e2a4a55e5336f15d1d218d627bc0af7af94e3835bdc8b6d8b6693 430299 libotr_3.2.0.orig.tar.gz 9b05035a671474413954da2732ddbe3402c9e62f906acc8ab910e003b82c41f4 4602 libotr_3.2.0-2+squeeze1.diff.gz 3465a1f6401040a34ba0bac53eda8174a2f31849565722ea33bb30952709a9e0 77338 libotr2_3.2.0-2+squeeze1_amd64.deb 89f4165d0d2d57f4f818ea5e70e758a798a1f5718a543dc58179e11a7cf15422 40054 libotr2-bin_3.2.0-2+squeeze1_amd64.deb 55b3016b637b83d73c4a0ef4d72c6465e8daeddcdaea46c65c765dea83b81c8c 65766 libotr2-dev_3.2.0-2+squeeze1_amd64.deb Files: 297eb0a4a2926d31e231a01d1095e068 1073 libs optional libotr_3.2.0-2+squeeze1.dsc faba02e60f64e492838929be2272f839 430299 libs optional libotr_3.2.0.orig.tar.gz 6c7c95c9a543bd115327bdd686109341 4602 libs optional libotr_3.2.0-2+squeeze1.diff.gz 6d5474d77008c81d65a1b4e584deb01f 77338 libs optional libotr2_3.2.0-2+squeeze1_amd64.deb 006f793169ca63cea5f4f147301422bd 40054 misc optional libotr2-bin_3.2.0-2+squeeze1_amd64.deb c86d15507a98bf8dd404dae82ed1e07d 65766 libdevel optional libotr2-dev_3.2.0-2+squeeze1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlAntBYACgkQHYflSXNkfP/p9QCeKJv0MGr5Bzy/iV+d+I7gNf3R 4VMAn2E6orIYckVJ6j5pSL0JkNiO8vHu =xN69 -----END PGP SIGNATURE-----
--- End Message ---
