Your message dated Sun, 03 Feb 2013 23:02:10 +0000 with message-id <e1u28ze-0006ll...@franck.debian.org> and subject line Bug#699316: fixed in libupnp 1:1.6.6-5+squeeze1 has caused the Debian Bug report #699316, regarding libupnp6: Security problem in SSDP code widely publicized today to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 699316: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699316 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: libupnp6 Version: 1:1.6.17-1.1 Severity: grave Tags: security Justification: user security hole Dear Maintainer, http://www.zdnet.com/millions-of-pcs-exposed-through-network-bugs-security-researchers-find-7000010478/ Fixed in 1.6.18. -- System Information: Debian Release: 7.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.7.5 (SMP w/4 CPU cores; PREEMPT) Locale: LANG=en_US.UTF8, LC_CTYPE=en_US.UTF8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF8) Shell: /bin/sh linked to /bin/bash Versions of packages libupnp6 depends on: ii libc6 2.17-0experimental0 ii multiarch-support 2.17-0experimental0 libupnp6 recommends no packages. libupnp6 suggests no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Source: libupnp Source-Version: 1:1.6.6-5+squeeze1 We believe that the bug you reported is fixed in the latest version of libupnp, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 699...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yves-Alexis Perez <cor...@debian.org> (supplier of updated libupnp package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 01 Feb 2013 21:55:32 +0100 Source: libupnp Binary: libupnp3 libupnp3-dev libupnp-dev libupnp3-dbg Architecture: source amd64 Version: 1:1.6.6-5+squeeze1 Distribution: stable-security Urgency: high Maintainer: Nick Leverton <n...@leverton.org> Changed-By: Yves-Alexis Perez <cor...@debian.org> Description: libupnp-dev - Portable SDK for UPnP Devices (development files) libupnp3 - Portable SDK for UPnP Devices, version 1.6 (shared libraries) libupnp3-dbg - debugging symbols for libupnp3 libupnp3-dev - Portable SDK for UPnP Devices, version 1.6 (development files) Closes: 699316 Changes: libupnp (1:1.6.6-5+squeeze1) stable-security; urgency=high . * Non-maintainer upload by the Security Team. * debian/patches/0001-Security-fix-for-CERT-issue-VU-922681 added, fix various stack-based buffer overflows in service_unique_name() function. This fix CVE-2012-5958, CVE-2012-5959, CVE-2012-5960, CVE-2012-5961, CVE-2012-5962, CVE-2012-5963, CVE-2012-5964, CVE-2012-5965. closes: #699316 Checksums-Sha1: 6c3737bb3f8a7c10feaaa29e7fb056fd9526af41 1448 libupnp_1.6.6-5+squeeze1.dsc ac7094be846a34f8e1ad316ab2fe4988050fd07a 1354224 libupnp_1.6.6.orig.tar.gz 06304f4af0834e0a8a24b188c3e045284f7ada6a 33552 libupnp_1.6.6-5+squeeze1.diff.gz e29c865e8bd1bac508ff07a5d5aca57591525236 140420 libupnp3_1.6.6-5+squeeze1_amd64.deb 9e10872913b48038c6dd72a087150714530e8a43 854936 libupnp3-dev_1.6.6-5+squeeze1_amd64.deb ae1eebb478331bd96fc39dc6f41ef84cb017352c 18724 libupnp-dev_1.6.6-5+squeeze1_amd64.deb 127a5e7e5ace031f41377ef761e91814a1286630 163138 libupnp3-dbg_1.6.6-5+squeeze1_amd64.deb Checksums-Sha256: 889dee6d3b3977071df6b533278088cffc14b106e4f134fc03a13c8e2fa41e3d 1448 libupnp_1.6.6-5+squeeze1.dsc c6b26357c99658171da1aeb4b9260d0078e3e16de837e39620a26f85d16b48fc 1354224 libupnp_1.6.6.orig.tar.gz 600bb4d7d531de923b13cd061ae1250404decc92f73eb2842ef872f2954ad18a 33552 libupnp_1.6.6-5+squeeze1.diff.gz 10997a6480856dd908f021841bd7544d537182b166cd4c508cbdbc4b49b9a21e 140420 libupnp3_1.6.6-5+squeeze1_amd64.deb b23d159c51d6ecc627bcd9a19bad3ba570299045c1c77d38c8e5225ff5d9ba51 854936 libupnp3-dev_1.6.6-5+squeeze1_amd64.deb 321d38e00cbd6ca227ae6db2bbb79b7cb260925ebac6687194ff58541f4b6b16 18724 libupnp-dev_1.6.6-5+squeeze1_amd64.deb eace16a5fb10cc59128d3d01ae14a76dd9c862a31b741afb264b9164b96b65fe 163138 libupnp3-dbg_1.6.6-5+squeeze1_amd64.deb Files: 832e50490291c43b0f6f7d0f200ac910 1448 net extra libupnp_1.6.6-5+squeeze1.dsc 533d09459db59552fed7f25c752bf7f9 1354224 net extra libupnp_1.6.6.orig.tar.gz 71cd98c26960e95d7b4bcb9b03cab38a 33552 net extra libupnp_1.6.6-5+squeeze1.diff.gz 92d1c41dc8188c553799cc03e18d0cd6 140420 libs extra libupnp3_1.6.6-5+squeeze1_amd64.deb 84ebf5050c6423673fac193d8a840f8b 854936 libdevel extra libupnp3-dev_1.6.6-5+squeeze1_amd64.deb b00a2442224a9477faa013092104ab06 18724 libdevel extra libupnp-dev_1.6.6-5+squeeze1_amd64.deb ad59ad11b9c237a060ce8945d51f0860 163138 debug extra libupnp3-dbg_1.6.6-5+squeeze1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iQEcBAEBCgAGBQJRDCzqAAoJEG3bU/KmdcCldiMH/0d1JMtqigsNNvAkX4Aa2tag E4bOPLKNFC6Yf5pp4lz9VyLa4cOhUA/JLj5CDzObBJrDMxPOpeEWyV/uFJVRSIaq SWKhDojyc3SWZ2GpYerG6q2HtnnDx9C01XNQqK+F1rwNxBU1mlujpR5pJ92/aF+r 2c87bK8z369XUrgb2lmbl5CO0c7wUiECEn+a2V/5SHMPX9+Rh/8B8UOFWcOPxxeW pyH1QIGk8yPPxSrQohZQBWx/MDQq2cZEKJbj9IWvORcRJpSHG89iskiRyfo1skTo QeYi/9AW2q0P3n9uv8Zsqt61Ke5Jwz0z0n76FVg7lhCosvwAVcM2s00+WasqBTw= =gUEo -----END PGP SIGNATURE-----
--- End Message ---
